JVNDB RSS Feed - 2009 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00MyNETS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000001.html
MyNETS, an open source SNS software, contains a cross-site scripting vulnerability.
MyNETS from Usagi Project is an open source SNS (Social Networking Service) software. MyNETS contains a cross-site scripting vulnerability.JVNDB-2009-000001http://jvn.jp/en/jp/JVN36802959/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0245http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0245http://secunia.com/advisories/33409http://www.securityfocus.com/bid/33145http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000001.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:usagi:mynets2009-01-08T11:34+09:002009-01-08T11:34+09:002009-01-08T11:34+09:00Movable Type Enterprise cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000002.html
Movable Type Enterprise contains a cross-site scripting vulnerability.
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#02216739.
This vulnerability has been fixed in version 4.23 released on December 3, 2008. (UTC+0900)JVNDB-2009-000002http://jvn.jp/en/jp/JVN71945722/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5845http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5845http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000002.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2009-07-29T12:22+09:002009-01-13T18:50+09:002009-07-29T12:22+09:00MODx cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000003.html
MODx, an open source contents management system, contains a cross-site scripting vulnerability.
MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000003http://jvn.jp/en/jp/JVN10170564/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5942http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5942http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000003.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:modx:modxcms2009-01-09T15:54+09:002009-01-09T15:54+09:002009-01-09T15:54+09:00MODx cross-site request forgery vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html
MODx, an open source contents management system, contains a cross-site request forgery vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000004http://jvn.jp/en/jp/JVN66828183/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5941http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5941http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000004.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:modx:modxcms2009-01-09T15:54+09:002009-01-09T15:54+09:002009-01-09T15:54+09:00MODx vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000005.html
MODx, an open source contents management system, contains a SQL injection vulnerability.
MODx, an open source contents management system, contains a SQL injection vulnerability in the MODx Control Panel.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000005http://jvn.jp/en/jp/JVN72630020/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5940http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5940http://secunia.com/advisories/33405http://www.securityfocus.com/bid/33182http://xforce.iss.net/xforce/xfdb/47840http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000005.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:modx:modxcms2009-01-09T15:54+09:002009-01-09T15:54+09:002009-01-09T15:54+09:00Cisco IOS cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000006.html
The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting.
Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability.
A wide range of versions are affected.
If the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default.
For more information, refer to the information provided by Cisco.
NOBUHIRO TSUJI of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000006http://jvn.jp/en/jp/JVN28344798/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3821http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3821http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000006.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:cisco:ios2009-01-15T19:14+09:002009-01-15T19:14+09:002009-01-15T19:14+09:00Oracle WebLogic Server vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000007.html
Oracle WebLogic Server (formerly BEA WebLogic Server) contains a cross-site scripting vulnerability.
Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 (JavaEE5). Oracle WebLogic Server contains a cross-site scripting vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000007http://jvn.jp/en/jp/JVN93431860/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5461http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5461http://www.us-cert.gov/cas/techalerts/TA09-015A.htmlhttp://secunia.com/advisories/33526/http://www.securityfocus.com/bid/33177http://www.vupen.com/english/advisories/2009/0115http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000007.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oracle:weblogic_server2009-01-20T16:45+09:002009-01-20T16:45+09:002009-01-20T16:45+09:00Fulltext search CGI vulnerability allows third party to gain administrative privileges
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000008.html
Fulltext search CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.
Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges.JVNDB-2009-000008http://jvn.jp/en/jp/JVN80771386/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0469http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0469http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000008.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:full-text_search_cgi2009-01-28T15:25+09:002009-01-28T15:25+09:002009-01-28T15:25+09:00FAST ESP cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000009.html
FAST ESP, an enterprise search platform from Microsoft, contains a cross-site scripting vulnerability.
FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability.
Kentaro OHSHIMA of Renesas Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
JVNDB-2009-000009http://jvn.jp/en/jp/JVN45184501/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5092http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5092http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000009.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:fast_esp2009-02-17T11:55+09:002009-02-17T11:55+09:002009-02-17T11:55+09:00Apache Tomcat information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000010.html
Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request.
This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.JVNDB-2009-000010http://jvn.jp/en/jp/JVN66905322/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4308http://secunia.com/advisories/34057/http://www.securityfocus.com/bid/33913http://www.vupen.com/english/advisories/2009/0541http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_server2009-02-26T15:28+09:002009-02-26T15:28+09:002009-02-26T15:28+09:00Becky! Internet Mail buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000011.html
Becky! Internet Mail contains a buffer overflow vulnerability.
Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000011http://jvn.jp/en/jp/JVN29641290/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0569http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0569http://www.ipa.go.jp/security/english/vuln/200902_becky_en.htmlhttp://secunia.com/advisories/33892http://www.securityfocus.com/bid/33756http://xforce.iss.net/xforce/xfdb/48684http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000011.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:rimarts_inc.:becky_internet_mail2009-02-12T17:28+09:002009-02-12T17:28+09:002009-02-12T17:28+09:00Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000012.html
The ActiveX Control for Sony SNC series network cameras contains a heap-based buffer overflow vulnerability.
The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables.JVNDB-2009-000012http://jvn.jp/en/jp/JVN16767117/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3488http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3488http://www.ipa.go.jp/security/english/vuln/200902_sonysnc_en.htmlhttp://www.securityfocus.com/bid/24684http://xforce.iss.net/xforce/xfdb/35133http://osvdb.org/39479http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sony:sony_network_camera_snc-cs10cpe:/h:sony:sony_network_camera_snc-cs11cpe:/h:sony:sony_network_camera_snc-cs50ncpe:/h:sony:sony_network_camera_snc-cs50pcpe:/h:sony:sony_network_camera_snc-df40ncpe:/h:sony:sony_network_camera_snc-df40pcpe:/h:sony:sony_network_camera_snc-df50ncpe:/h:sony:sony_network_camera_snc-df50pcpe:/h:sony:sony_network_camera_snc-df70ncpe:/h:sony:sony_network_camera_snc-df70pcpe:/h:sony:sony_network_camera_snc-df80ncpe:/h:sony:sony_network_camera_snc-df80pcpe:/h:sony:sony_network_camera_snc-df85ncpe:/h:sony:sony_network_camera_snc-df85pcpe:/h:sony:sony_network_camera_snc-p1cpe:/h:sony:sony_network_camera_snc-p5cpe:/h:sony:sony_network_camera_snc-rx530ncpe:/h:sony:sony_network_camera_snc-rx530pcpe:/h:sony:sony_network_camera_snc-rx550ncpe:/h:sony:sony_network_camera_snc-rx550pcpe:/h:sony:sony_network_camera_snc-rx570ncpe:/h:sony:sony_network_camera_snc-rx570pcpe:/h:sony:sony_network_camera_snc-rz25ncpe:/h:sony:sony_network_camera_snc-rz25pcpe:/h:sony:sony_network_camera_snc-rz50ncpe:/h:sony:sony_network_camera_snc-rz50p2009-03-09T16:27+09:002009-03-09T16:27+09:002009-03-09T16:27+09:00PEAK XOOPS piCal cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000013.html
piCal from PEAK XOOPS contains a cross-site scripting vulnerability.
piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability.
Masako Oono of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000013http://jvn.jp/en/jp/JVN91591874/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0805http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0805http://secunia.com/advisories/33986http://www.securityfocus.com/bid/33896http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000013.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:peak_xoops:pical2009-03-03T16:37+09:002009-03-03T16:37+09:002009-03-03T16:37+09:00MP Form Mail CGI vulnerability allows third party to gain administrative privileges
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000014.html
MP Form Mail CGI from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.
MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges. JVNDB-2009-000014http://jvn.jp/en/jp/JVN84899898/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0962http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0962http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000014.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_ecommercecpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_professional2009-03-13T16:25+09:002009-03-13T16:25+09:002009-03-13T16:25+09:00Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000015.html
Access Analyzer CGI Standard Version (Ver. 3.x) from futomi's CGI Cafe contains a cross-site scripting vulnerability.
Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version (Ver. 3.x) contains a cross-site scripting vulnerability.
This vulnerability was fixed in version 4.0.0 released on November 23, 2007. The most recent version (4.0.2) was released on December 12, 2008.JVNDB-2009-000015http://jvn.jp/en/jp/JVN23558374/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0971http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0971http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000015.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard2009-03-16T17:07+09:002009-03-16T17:07+09:002009-03-16T17:07+09:00Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000016.html
Access Analyzer CGI Professional Version from futomi's CGI Cafe contains a vulnerability that allows an attacker to gain administrative privileges.
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Professional Version contains a vulnerability that allows an attacker to gain administrative privileges.
Taketo Ikeuchi and Seiki Sugahara reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000016http://jvn.jp/en/jp/JVN63511247/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1206http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1206http://secunia.com/advisories/34516http://xforce.iss.net/xforce/xfdb/49525http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000016.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professional2009-03-31T16:08+09:002009-03-31T16:08+09:002009-03-31T16:08+09:00XOOPS Cube Legacy cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000017.html
XOOPS Cube Legacy from XOOPS Cube Project contains a cross-site scripting vulnerability.
XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability.
According to the developers, a XOOPS Cube Legacy distribution "Hodajuku distribution" and "additional modules" are not affected by this vulnerability. For more information, refer to the developers' website.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.JVNDB-2009-000017http://jvn.jp/en/jp/JVN74747784/index.htmlhttp://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000017.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:xoops:xoops_cube_legacy2009-04-07T17:06+09:002009-04-07T17:06+09:002009-04-07T17:06+09:00Ichitaro series buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000018.html
The "Ichitaro" series word processing software contains a buffer overflow vulnerability.
This vulnerability is different from JVN#29211062, JVN#32981509 and JVN#50495547.
The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of the user.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000018http://jvn.jp/en/jp/JVN33846134/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4737http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4737http://www.ipa.go.jp/security/english/vuln/200904_ichitaro_en.htmlhttp://secunia.com/advisories/34611/http://www.securityfocus.com/bid/34403http://xforce.iss.net/xforce/xfdb/49739http://www.vupen.com/english/advisories/2009/0957http://osvdb.org/53349https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitaro2010-03-23T17:42+09:002010-03-23T17:42+09:002010-03-23T17:42+09:00Cross-site scripting vulnerability in apricot.php from LovPop.net
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000019.html
apricot.php from LovPop.net contains a cross-site scripting vulnerability.
apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability.
Note that future releases and maintenance of apricot.php ended on March 19, 2009. Users who wish to analyze access logs are recommended to use a different product that provides equivalent functionality.JVNDB-2009-000019http://jvn.jp/en/jp/JVN82744714/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1448http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1448http://xforce.iss.net/xforce/xfdb/49948http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000019.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lovpop:apricot2009-04-17T14:40+09:002009-04-17T14:40+09:002009-04-17T14:40+09:00Movable Type cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.
This vulnerability is a different vulnerability than past reports on JVN.
This vulnerability has been fixed and an updated version (Movable Type 4.25) was released on March 18, 2009.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
The following are also affected by this vulnerability when "global templates" are not initialized.
* Movable Type 4.25 (updated from Movable Type 4.24 (includes Professional and Community Packs))
* Movable Type 4.25 (updated from Movable Type 4.24 Enterprise)
For more information, refer to the vendor's website.JVNDB-2009-000020http://jvn.jp/en/jp/JVN97248625/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2480http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2480http://secunia.com/advisories/35534http://www.securityfocus.com/bid/35471http://xforce.iss.net/xforce/xfdb/51329http://www.vupen.com/english/advisories/2009/1668https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2009-07-29T12:22+09:002009-04-28T16:18+09:002009-07-29T12:22+09:00MiniBBS22 from CGI RESCUE allows unauthorized email transmission
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000021.html
MiniBBS22 from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
MiniBBS22 is a message board script provided by CGI RESCUE. MiniBBS22 contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
This vulnerability has been fixed and an updated version was released on December 13, 2008.JVNDB-2009-000021http://jvn.jp/en/jp/JVN36982346/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1589http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1589http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000021.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgi_rescue:mini_bbs222009-04-28T16:35+09:002009-04-28T16:35+09:002009-04-28T16:35+09:00Cross-site scripting vulnerability in MiniBBS from CGI RESCUE
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000022.html
MiniBBS from CGI RESCUE contains a cross-site scripting vulnerability.
MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability.
This vulnerability has been fixed and an updated version was released on December 13, 2008.JVNDB-2009-000022http://jvn.jp/en/jp/JVN11396739/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1588http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1588http://secunia.com/advisories/34887http://www.securityfocus.com/bid/34718http://xforce.iss.net/xforce/xfdb/50219http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000022.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgi_rescue:mini_bbs2009-04-28T16:35+09:002009-04-28T16:35+09:002009-04-28T16:35+09:00FORM2MAIL from CGI RESCUE allows unauthorized email transmission
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html
FORM2MAIL from CGI RESCUE contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
FORM2MAIL from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. FORM2MAIL contains a vulnerability which allows unauthorized email transmission regardless of the configuration.
This vulnerability has been fixed and an updated version was released on December 13, 2008.JVNDB-2009-000023http://jvn.jp/en/jp/JVN76370393/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1590http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1590http://secunia.com/advisories/34869http://osvdb.org/54097http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000023.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgi_rescue:form2mail2009-04-28T16:35+09:002009-04-28T16:35+09:002009-04-28T16:35+09:00Web Mailer from CGI RESCUE vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html
Web Mailer from CGI RESCUE contains a HTTP header injection vulnerability.
Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability.
This vulnerability has been fixed and an updated version was released on February 9, 2009.JVNDB-2009-000024http://jvn.jp/en/jp/JVN28020230/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1591http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1591http://secunia.com/advisories/34862http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000024.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgi_rescue:ebmailer2009-04-28T16:36+09:002009-04-28T16:36+09:002009-04-28T16:36+09:00Cross-site scripting vulnerability in SKIP from SKIP User Group
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000025.html
SKIP from SKIP User Group contains a cross-site scripting vulnerability.
SKIP from SKIP User Group is an open source SNS (Social Networking Service) software. SKIP contains a cross-site scripting vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000025http://jvn.jp/en/jp/JVN43233160/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1908http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1908http://secunia.com/advisories/35041http://www.securityfocus.com/bid/34898http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000025.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:openskip:skip2009-05-12T17:50+09:002009-05-12T17:50+09:002009-05-12T17:50+09:00SQL injection vulnerability in SKIP from SKIP User Group
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000026.html
SKIP from SKIP User Group contains a SQL injection vulnerability.
SKIP from SKIP User Group is an open source SNS (Social Networking Service) software. SKIP contains a SQL injection vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
JVNDB-2009-000026http://jvn.jp/en/jp/JVN03114223/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1909http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1909http://secunia.com/advisories/35041http://www.securityfocus.com/bid/34898http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000026.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:openskip:skip2009-05-12T17:50+09:002009-05-12T17:50+09:002009-05-12T17:50+09:00Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html
Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability.
Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability.
According to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor's website.
Please note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor's website.
Project VEX of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000027http://jvn.jp/en/jp/JVN73653977/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1553http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1553http://www.securityfocus.com/bid/34824http://www.vupen.com/english/advisories/2009/1255http://osvdb.org/54257https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sun:glassfish_enterprise_servercpe:/a:sun:java_system_application_server2009-05-13T15:37+09:002009-05-13T15:37+09:002009-05-13T15:37+09:00Trees from CGI RESCUE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html
Trees from CGI RESCUE contains a cross-site scripting vulnerability
Trees, a web log system from CGI RESCUE, contains a cross-site scripting vulnerability.JVNDB-2009-000028http://jvn.jp/en/jp/JVN28521500/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1790http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1790http://secunia.com/advisories/35123http://www.securityfocus.com/bid/34999http://xforce.iss.net/xforce/xfdb/50579http://osvdb.org/54545http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000028.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgi_rescue:trees2009-05-19T13:41+09:002009-05-19T13:41+09:002009-05-19T13:41+09:00HP System Management Homepage vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000029.html
HP System Management Homepage (SMH) from Hewlett-Packard contains a cross-site scripting vulnerability.
HP System Management Homepage (SMH) from Hewlett-Packard is a web-based interface that can manage HP servers.
SMH contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#19240523.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000029http://jvn.jp/en/jp/JVN02331156/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1418http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1418http://securitytracker.com/id?1022242http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000029.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:system_management_homepage2009-05-20T16:01+09:002009-05-20T16:01+09:002009-05-20T16:01+09:00a-News from Appleple vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000030.html
a-News from Appleple contains a cross-site scripting vulnerability.
a-News, a web log system from Appleple, contains a cross-site scripting vulnerability.
Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using a web log system to use a-blog.
According to the developer, a-Nikki, a-Column, a-Update and a-Link may also be vulnerable and is recommending users to switch to a-blog.JVNDB-2009-000030http://jvn.jp/en/jp/JVN42927215/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2292http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2292http://secunia.com/advisories/35171http://www.securityfocus.com/bid/35070http://xforce.iss.net/xforce/xfdb/50679http://www.osvdb.org/54636https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:appleple:appleple_a-news2009-05-22T14:31+09:002009-05-22T14:31+09:002009-05-22T14:31+09:00Cross-site scripting vulnerability in leger (free edition)
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000031.html
leger (free edition) from 'AD2000' contains a cross-site scripting vulnerability.
leger (free edition) from 'AD2000' is a software to manage conference room reservations. leger (free edition) contains a cross-site scripting vulnerability.
The vendor has reported that Ver. 1.6.4 released on May 22, 2009 did not address the vulnerability. The vulernability has been addressed in Ver. 1.6.5 released on May 26, 2009. For more information, refer to the vendor's website.
Tsuyoshi Ishibashi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000031http://jvn.jp/en/jp/JVN57036470/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2240http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2240http://secunia.com/advisories/35148http://www.securityfocus.com/bid/35068https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ad2000:meeting_room_reservations2009-05-27T18:28+09:002009-05-27T18:28+09:002009-05-27T18:28+09:00Directory traversal vulnerability in multiple Cisco Systems products
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000032.html
Multiple products provided by Cisco Systems contain a directory traversal vulnerablility.
Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services.
Jun Okada of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000032http://jvn.jp/en/jp/JVN62527913/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1161http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1161http://www.ipa.go.jp/security/english/vuln/200905_cisco_en.htmlhttp://www.securityfocus.com/bid/35040http://securitytracker.com/id?1022263http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cisco:ciscoworks_common_services2009-05-29T16:19+09:002009-05-29T16:19+09:002009-05-29T16:19+09:00REP-BBS from MT312 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000033.html
REP-BBS from MT312 contains a cross-site scripting vulnerability.
REP-BBS from MT312, is a web log system that supports posting and viewing web logs from a mobile phone. REP-BBS contains a cross-site scripting vulnerability.
Note that versions of REP-BBS (repbbs.lzh) that contain "model.php" and "config.php" with a timestamp prior to May 21, 2009 are vulnerable.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000033http://jvn.jp/en/jp/JVN01115659/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1880http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1880http://secunia.com/advisories/35251http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000033.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mt312:rep-bbs2009-05-29T16:19+09:002009-05-29T16:19+09:002009-05-29T16:19+09:00IMG-BBS from MT312 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000034.html
IMG-BBS from MT312 contains a cross-site scripting vulnerability.
IMG-BBS from MT312, is a web log system that supports posting picture files via email from a mobile phone. IMG-BBS contains a cross-site scripting vulnerability.
Note that versions of IMG-BBS (imgbbs.lzh) that contain "model.php" with a timestamp prior to May 21, 2009 are vulnerable.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000034http://jvn.jp/en/jp/JVN70836284/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1881http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1881http://secunia.com/advisories/35275http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000034.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mt312:img-bbs2009-05-29T16:19+09:002009-05-29T16:19+09:002009-05-29T16:19+09:00Predictable session ID vulnerability in Serene Bach
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html
Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID's.
Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's.JVNDB-2009-000035http://jvn.jp/en/jp/JVN20689557/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2165http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2165http://secunia.com/advisories/35335http://www.securityfocus.com/bid/35254https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:serendipitynz:serene_bach2009-06-18T17:53+09:002009-06-18T17:53+09:002009-06-18T17:53+09:00Apache Tomcat information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html
Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.JVNDB-2009-000036http://jvn.jp/en/jp/JVN63832775/index.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515http://www.securityfocus.com/bid/35263http://www.vupen.com/english/advisories/2009/1520https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_servercpe:/a:hp:tomcat-based_servlet_enginecpe:/a:nec:infoframe_documentskippercpe:/a:nec:mconecpe:/a:nec:websam_securemastercpe:/a:vmware:esxcpe:/a:vmware:servercpe:/a:vmware:vcentercpe:/a:vmware:virtualcentercpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:enterprise_linux_euscpe:/o:redhat:rhel_desktop_workstationcpe:/o:sun:opensolariscpe:/o:sun:solaris2012-09-28T13:35+09:002009-06-18T17:53+09:002012-09-28T13:35+09:00Apache Tomcat denial of service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000037.html
Apache Tomcat from The Apache Software Foundation contains a denial of service (DoS) vulnerability.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
If Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request.
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
For more information, refer to the developer's website.
Yoshihito Fukuyama of NTT OSS Center reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.JVNDB-2009-000037http://jvn.jp/en/jp/JVN87272440/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0033http://secunia.com/advisories/35326http://secunia.com/advisories/35344http://www.securityfocus.com/bid/35193http://xforce.iss.net/xforce/xfdb/50928http://securitytracker.com/alerts/2009/Jun/1022331.htmlhttp://www.vupen.com/english/advisories/2009/1496https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:tomcatcpe:/a:hp:tomcat-based_servlet_enginecpe:/a:nec:infoframe_documentskippercpe:/a:vmware:esxcpe:/a:vmware:servercpe:/a:vmware:vcentercpe:/a:vmware:virtualcentercpe:/o:apple:mac_os_x_servercpe:/o:hp:hp-uxcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:enterprise_linux_euscpe:/o:redhat:rhel_desktop_workstationcpe:/o:sun:opensolariscpe:/o:sun:solaris2012-09-28T13:40+09:002009-06-18T17:54+09:002012-09-28T13:40+09:00Cross-site scripting vulnerability in activeCollab
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000038.html
activeCollab from A51 D.O.O. contains a cross-site scripting vulnerability.
activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability.
Daiki Fukumori reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000038http://jvn.jp/en/jp/JVN55752635/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2041http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2041https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:activecollab:activecollab2009-06-18T17:54+09:002009-06-18T17:54+09:002009-06-18T17:54+09:00Buffer overflow vulnerability in Microsoft Works converters
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000039.html
Microsoft Works converters contain a buffer overflow vulnerability.
Microsoft Works converters contain a buffer overflow vulnerability when processing Works (.wps) files.
The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for June 2009.
For more information, refer to Microsoft's website.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000039http://jvn.jp/en/jp/JVN70858401/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1533http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1533http://www.ipa.go.jp/security/english/vuln/200906_msworks_en.htmlhttp://www.us-cert.gov/cas/alerts/SA09-160A.htmlhttp://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://secunia.com/advisories/35371/http://www.securityfocus.com/bid/35184http://www.vupen.com/english/advisories/2009/1543https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:officecpe:/a:microsoft:works2009-06-18T17:54+09:002009-06-18T17:54+09:002009-06-18T17:54+09:00iPhone OS denial of service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000040.html
iPhone OS from Apple contains a denial of service (DoS) vulnerability.
Masaki Yoshida reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000040http://jvn.jp/en/jp/JVN87239696/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1683http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1683http://www.ipa.go.jp/security/english/vuln/200906_iphone_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:apple:iphone_oscpe:/o:apple:iphone_os_for_ipod_touch2009-06-18T17:54+09:002009-06-18T17:54+09:002009-06-18T17:54+09:00Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000041.html
PukiWikiMod from XOOPS Maniac contains a cross-site scripting vulnerability.
PukiWikiMod from XOOPS Maniac is a contents management software for XOOPS. PukiWikiMod contains a cross-site scripting vulnerability. JVNDB-2009-000041http://jvn.jp/en/jp/JVN12244807/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2162http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2162http://secunia.com/advisories/35504https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ishii:pukiwikimod2009-06-19T16:35+09:002009-06-19T16:35+09:002009-06-19T16:35+09:00Movable Type cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.
This vulnerability is a different vulnerability than past reports on JVN.
A successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer's website.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000042http://jvn.jp/en/jp/JVN86472161/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2492http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2492https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2009-07-01T17:53+09:002009-07-01T17:53+09:002009-07-01T17:53+09:00Movable Type access restriction bypass vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html
Movable Type contains an access restriction bypass vulnerability.
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.
A successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer's website.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000043http://jvn.jp/en/jp/JVN08369659/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2481http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2481http://secunia.com/advisories/35534http://www.securityfocus.com/bid/35471http://xforce.iss.net/xforce/xfdb/51330http://www.vupen.com/english/advisories/2009/1668https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2009-07-01T17:53+09:002009-07-01T17:53+09:002009-07-01T17:53+09:00Tree BBS from Let's PHP! vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000044.html
Tree BBS from Let's PHP! contains a cross-site scripting vulnerability.
Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000044http://jvn.jp/en/jp/JVN93827000/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2226http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2226http://secunia.com/advisories/35466https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:let%27s_php%21:tree_bbs2009-07-01T17:53+09:002009-07-01T17:53+09:002009-07-01T17:53+09:00PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000045.html
PHP-I-BOARD from Let's PHP! contains a cross-site scripting vulnerability.
PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a cross-site scripting vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000045http://jvn.jp/en/jp/JVN20219071/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2221http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2221http://secunia.com/advisories/35532https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:let%27s_php%21:php-i-board2009-07-01T17:54+09:002009-07-01T17:54+09:002009-07-01T17:54+09:00PHP-I-BOARD from Let's PHP! vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000046.html
PHP-I-BOARD from Let's PHP! contains a directory traversal vulnerability.
PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a directory traversal vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000046http://jvn.jp/en/jp/JVN32788272/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2222http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2222http://secunia.com/advisories/35532https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:let%27s_php%21:php-i-board2009-07-01T17:54+09:002009-07-01T17:54+09:002009-07-01T17:54+09:00shiromuku(fs6)DIARY cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000048.html
shiromuku(fs6)DIARY from Perl CGI's By Mrs. Shiromuku contains a cross-site scripting vulnerability.
shiromuku(fs6)DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromuku(fs6)DIARY contains a cross-site scripting vulnerability.JVNDB-2009-000048http://jvn.jp/en/jp/JVN31110006/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2565http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2565http://secunia.com/advisories/35806http://xforce.iss.net/xforce/xfdb/51696https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:shiromuku:shiromuku%28fs6%29diary2009-07-15T18:15+09:002009-07-15T18:15+09:002009-07-15T18:15+09:00Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000049.html
RevoCounter CGI (Animation Counter) from futomi's CGI Cafe contains a cross-site scripting vulnerability.
RevoCounter CGI (Animation Counter) from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI (Animation Counter) contains a cross-site scripting vulnerability.JVNDB-2009-000049http://jvn.jp/en/jp/JVN29852698/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:revocounter_cgi2009-07-24T17:19+09:002009-07-24T17:19+09:002009-07-24T17:19+09:00MySQL Connector/J vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000050.html
MySQL Connector/J from Sun Microsystems contains a SQL injection vulnerability.
MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability.
Masakazu Ikeda of WebAppSec reported this vulnerability to IPA.JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000050http://jvn.jp/en/jp/JVN59748723/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sun:mysql_connector%2Fj2009-07-29T15:30+09:002009-07-29T15:30+09:002009-07-29T15:30+09:00Webservice-DIC yoyaku_v41 vulnerable to command injection
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000051.html
yoyaku_v41 from Webservice-DIC contains a command injection vulnerability.
yoyaku_v41 from Webservice-DIC is a software to manage conference room reservations. yoyaku_v41 contains a command injection vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000051http://jvn.jp/en/jp/JVN80436657/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:d-ic:yoyaku_v412009-07-31T15:34+09:002009-07-31T15:34+09:002009-07-31T15:34+09:00Cross-site scripting vulnerability in FreeNAS
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000052.html
FreeNAS contains a cross-site scripting vulnerability.
FreeNAS is a NAS (Network Attached Storage) server software. FreeNAS contains a cross-site scripting vulnerability.
Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000052http://jvn.jp/en/jp/JVN89791790/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2739http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2739http://www.securityfocus.com/bid/36146https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:freenas:freenas2009-08-05T15:58+09:002009-08-05T15:58+09:002009-08-05T15:58+09:00Cross-site request forgery vulnerability in FreeNAS
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html
FreeNAS contains a cross-site request forgery vulnerability.
FreeNAS is a NAS (Network Attached Storage) server software. FreeNAS contains a cross-site request forgery vulnerability.
Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000053http://jvn.jp/en/jp/JVN15267895/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2738http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2738http://www.ipa.go.jp/security/english/vuln/200908_freenas_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:freenas:freenas2009-08-05T15:59+09:002009-08-05T15:59+09:002009-08-05T15:59+09:00ColdFusion vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000054.html
ColdFusion provided by Adobe contains a cross-site scripting vulnerability.
ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#28356427 and JVN#48566866.
Project VEX of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2009-000054http://jvn.jp/en/jp/JVN21388501/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1875http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1875https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:coldfusion2009-08-19T16:33+09:002009-08-19T16:33+09:002009-08-19T16:33+09:00Site Calendar 'mycaljp' vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000055.html
Site Calendar 'mycaljp' contains a cross-site scripting vulnerability.
Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability.
The affected plugin is also contained in the following packages:
* Japanese extended package of Geeklog versions 1.5.0 through 1.5.2
Only packages released on or before June 29, 2009 are affected.
For more information, refer to the developers' website.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000055http://jvn.jp/en/jp/JVN20478978/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3021http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3021http://secunia.com/advisories/36413http://secunia.com/advisories/36404https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:geeklog:geeklogcpe:/a:geeklog:mycaljp_plugin2009-08-26T15:25+09:002009-08-26T15:25+09:002009-08-26T15:25+09:00SugarCRM vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html
SugarCRM contains a SQL injection vulnerability.
SugarCRM is a customer relationship management (CRM) software. SugarCRM contains a SQL injection vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000056http://jvn.jp/en/jp/JVN31035930/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2978http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2978http://www.ipa.go.jp/security/english/vuln/200908_sugarcrm_en.htmlhttp://secunia.com/advisories/36423http://www.securityfocus.com/bid/36118http://xforce.iss.net/xforce/xfdb/52679https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sugarcrm:sugarcrm2009-08-24T16:25+09:002009-08-24T16:25+09:002009-08-24T16:25+09:00ATOK screen lock bypass vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000057.html
ATOK from JustSystems Corporation contains a screen lock bypass vulnerability.
ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass vulnerability.
Taku Kudo of Google Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000057http://jvn.jp/en/jp/JVN57040664/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4738http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4738http://www.ipa.go.jp/security/english/vuln/200909_atok_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:atokcpe:/a:justsystems:atok_smile2010-03-23T17:42+09:002010-03-23T17:42+09:002010-03-23T17:42+09:00bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000058.html
bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability.
bingo!CMS core and bingo!CMS are content management systems (CMS). bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000058http://jvn.jp/en/jp/JVN68640473/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3022http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3022http://secunia.com/advisories/36458http://xforce.iss.net/xforce/xfdb/52838http://osvdb.org/57425https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:itd-inc:bingo%21cmscpe:/a:itd-inc:bingo%21cms_core2009-08-27T15:29+09:002009-08-27T15:29+09:002009-08-27T15:29+09:00Buffer overflow vulnerability in Microsoft Windows
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000059.html
Microsoft Windows contains a buffer overflow vulnerability.
Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files.
The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for September 2009.
Hiroshi Noguchi of Alice Carroll fan club reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000059http://jvn.jp/en/jp/JVN62211338/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2498http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2499http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2498http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2499http://www.ipa.go.jp/security/english/vuln/200909_windows_en.htmlhttp://www.us-cert.gov/cas/alerts/SA09-251A.htmlhttp://www.us-cert.gov/cas/techalerts/TA09-251A.htmlhttp://secunia.com/advisories/36596http://www.securityfocus.com/bid/36225http://www.securityfocus.com/bid/36228http://www.vupen.com/english/advisories/2009/2566https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:microsoft:windows_2000cpe:/o:microsoft:windows_server_2003cpe:/o:microsoft:windows_server_2008cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2009-09-09T17:30+09:002009-09-09T17:30+09:002009-09-09T17:30+09:00Webservice-DIC yoyaku_v41 vulnerable to command injection
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000060.html
yoyaku_v41 from Webservice-DIC contains a command injection vulnerability.
yoyaku_v41 from Webservice-DIC is a software to manage conference room reservations. yoyaku_v41 contains a command injection vulnerability.
This vulnerability is different from JVN#80436657.
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000060http://jvn.jp/en/jp/JVN05857667/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:d-ic:yoyaku_v412009-09-11T16:36+09:002009-09-11T16:36+09:002009-09-11T16:36+09:00Third-party cookie issue in Opera
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000061.html
Opera contains an issue in which third-party cookies are not handled properly.
Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera.
Hideki Sakamoto of Tsukuba Secure Network Research Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000061http://jvn.jp/en/jp/JVN39157969/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_browser2009-09-17T15:52+09:002009-09-17T15:52+09:002009-09-17T15:52+09:00XF-Section vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000062.html
XF-Section from Happy Linux contains a cross-site scripting vulnerability.
XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000062http://jvn.jp/en/jp/JVN00425482/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3240http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3240https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ohwada:xf-section2009-09-17T15:52+09:002009-09-17T15:52+09:002009-09-17T15:52+09:00Cross-site scripting vulnerability in multiple phpspot products
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000063.html
Multiple products provided by phpspot contain a cross-site scripting vulnerablility.
Multiple products (BBS Software etc.) provided by phpspot contain a cross-site scripting vulnerablility.
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with thedeveloper under Information Security Early Warning Partnership.JVNDB-2009-000063http://jvn.jp/en/jp/JVN53591199/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3283http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3283http://secunia.com/advisories/36783https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:phpspot:php%26css_bbscpe:/a:phpspot:php_bbscpe:/a:phpspot:php_bbs_cecpe:/a:phpspot:php_image_capture_bbscpe:/a:phpspot:php_rss_buildercpe:/a:phpspot:webshot2009-09-18T18:11+09:002009-09-18T18:11+09:002009-09-18T18:11+09:00Directory traversal vulnerability in multiple phpspot products
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000064.html
Multiple products provided by phpspot contain a directory traversal vulnerablility.
Multiple products (BBS Software etc.) provided by phpspot contain a directory traversal vulnerablility.
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000064http://jvn.jp/en/jp/JVN65914253/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3284http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3284http://secunia.com/advisories/36783https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:phpspot:php%26css_bbscpe:/a:phpspot:php_bbscpe:/a:phpspot:php_bbs_cecpe:/a:phpspot:php_image_capture_bbscpe:/a:phpspot:php_rss_buildercpe:/a:phpspot:webshot2009-09-18T18:11+09:002009-09-18T18:11+09:002009-09-18T18:11+09:00SugarCRM vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000065.html
SugarCRM contains a cross-site scripting vulnerability.
SugarCRM is a customer relationship management (CRM) software. SugarCRM contains a cross-site scripting vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000065http://jvn.jp/en/jp/JVN84396512/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sugarcrm:sugarcrm2009-10-02T16:02+09:002009-10-02T16:02+09:002009-10-02T16:02+09:00Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000066.html
Canon IT Solutions Inc. ACCESSGUARDIAN contains a cross-site scripting vulnerability.
Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability.
Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000066http://jvn.jp/en/jp/JVN33822756/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4608http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4608http://secunia.com/advisories/37045http://xforce.iss.net/xforce/xfdb/53822http://www.vupen.com/english/advisories/2009/2973http://osvdb.org/59058https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:canon-its:accessguardian2009-10-20T15:56+09:002009-10-20T15:56+09:002009-10-20T15:56+09:00Multiple Cybozu products vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.
This vulnerability is different from JVN#50342989, and JVN#90712589.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000067http://jvn.jp/en/jp/JVN23108985/index.htmlhttp://secunia.com/advisories/37011/http://www.securityfocus.com/bid/36704http://www.vupen.com/english/advisories/2009/2918https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:deziecpe:/a:cybozu:mailwisecpe:/a:cybozu:office2009-10-15T15:21+09:002009-10-15T15:21+09:002009-10-15T15:21+09:00Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000068.html
Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.
Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.
For more information, refer to the vendor's website.
Akira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.
The reporters would also like to thank the following for the analysis of the vulnerability:
Shinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.JVNDB-2009-000068http://jvn.jp/en/jp/JVN75368899/index.htmlhttp://www.ietf.org/rfc/rfc4942.txthttp://www.ietf.org/rfc/rfc3971.txthttp://www.ietf.org/rfc/rfc3972.txthttp://www.ietf.org/rfc/rfc4861.txthttp://www.ietf.org/rfc/rfc4862.txthttp://www.ietf.org/rfc/rfc3756.txthttp://www.ietf.org/rfc/rfc4890.txthttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:furukawa_electric:fitelnet-fcpe:/h:nec:ip38xcpe:/h:yamaha:rt105cpe:/h:yamaha:rt107ecpe:/h:yamaha:rt140cpe:/h:yamaha:rt250icpe:/h:yamaha:rt300icpe:/h:yamaha:rt56vcpe:/h:yamaha:rt60wcpe:/h:yamaha:rta54icpe:/h:yamaha:rta55icpe:/h:yamaha:rtv700cpe:/h:yamaha:rtw65bcpe:/h:yamaha:rtw65icpe:/h:yamaha:rtx1000cpe:/h:yamaha:rtx1100cpe:/h:yamaha:rtx1500cpe:/h:yamaha:rtx2000cpe:/h:yamaha:rtx3000cpe:/h:yamaha:srt100cpe:/o:yamaha:rt57i_firmwarecpe:/o:yamaha:rt58i_firmware2010-01-25T12:02+09:002009-10-26T15:58+09:002010-01-25T12:02+09:00SEIL/X Series and SEIL/B1 buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000069.html
SEIL/X Series and SEIL/B1 contain a buffer overflow vulnerability.
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability.JVNDB-2009-000069http://jvn.jp/en/jp/JVN06362164/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4292http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4292http://secunia.com/advisories/37154http://xforce.iss.net/xforce/xfdb/54050http://www.vupen.com/english/advisories/2009/3111http://osvdb.org/59361https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx22009-11-02T16:42+09:002009-11-02T16:42+09:002009-11-02T16:42+09:00SEIL/X Series and SEIL/B1 denial of service vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000070.html
SEIL/X Series and SEIL/B1 contain a denial of service (DoS) vulnerability.
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the NAT function, which may lead to a denial of service (DoS) vulnerability.JVNDB-2009-000070http://jvn.jp/en/jp/JVN13011682/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4293http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4293http://secunia.com/advisories/37154http://xforce.iss.net/xforce/xfdb/54050http://www.vupen.com/english/advisories/2009/3111http://osvdb.org/59361https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx22009-11-02T16:42+09:002009-11-02T16:42+09:002009-11-02T16:42+09:00Roundcube Webmail vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000071.html
Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability.
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability.
This issue is different from JVN#33820033 and JVN#75694913.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000071http://jvn.jp/en/jp/JVN72974205/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4076http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4076http://secunia.com/advisories/37235http://www.osvdb.org/59661https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:roundcube:roundcube_webmail2009-11-04T15:27+09:002009-11-04T15:27+09:002009-11-04T15:27+09:00Roundcube Webmail vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000072.html
Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability.
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability.
This issue is different from JVN#33820033 and JVN#72974205.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000072http://jvn.jp/en/jp/JVN75694913/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4077http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4077http://secunia.com/advisories/37235http://www.osvdb.org/59661https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:roundcube:roundcube_webmail2009-11-04T15:27+09:002009-11-04T15:27+09:002009-11-04T15:27+09:00Redmine vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000073.html
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000073http://jvn.jp/en/jp/JVN01245481/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4078http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4078http://secunia.com/advisories/37420http://www.securityfocus.com/bid/37066http://xforce.iss.net/xforce/xfdb/54333http://www.vupen.com/english/advisories/2009/3291https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redmine:redmine2009-11-19T15:45+09:002009-11-19T15:45+09:002009-11-19T15:45+09:00Redmine vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000074.html
Redmine contains a cross-site request forgery vulnerability.
Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000074http://jvn.jp/en/jp/JVN87341298/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4079http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4079http://secunia.com/advisories/37420http://www.securityfocus.com/bid/37066http://xforce.iss.net/xforce/xfdb/54334http://www.vupen.com/english/advisories/2009/3291https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redmine:redmine2009-11-19T15:45+09:002009-11-19T15:45+09:002009-11-19T15:45+09:00Active! mail 2003 cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000075.html
Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability.
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability.
Kenichi Maehashi of CIS RAT at Hosei University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000075http://jvn.jp/en/jp/JVN49083120/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4352http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4352http://secunia.com/advisories/37602 http://xforce.iss.net/xforce/xfdb/54750https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:transware:active_mail2009-12-15T19:52+09:002009-12-15T19:52+09:002009-12-15T19:52+09:00Active! mail 2003 session ID disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000076.html
Active! mail 2003 from TransWARE Co. contains a vulnerability in which session IDs may be disclosed.
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed.
Kenichi Maehashi of CIS RAT at Hosei University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000076http://jvn.jp/en/jp/JVN85821104/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4353http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4353http://secunia.com/advisories/37602 http://xforce.iss.net/xforce/xfdb/54751https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:transware:active_mail2009-12-15T19:52+09:002009-12-15T19:52+09:002009-12-15T19:52+09:00Active! mail 2003 cookie disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000077.html
Active! mail 2003 from TransWARE Co. contains a vulnerability in which cookies may be disclosed.
Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed.
Kenichi Maehashi of CIS RAT at Hosei University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000077http://jvn.jp/en/jp/JVN36207497/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4354http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4354http://xforce.iss.net/xforce/xfdb/54752https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:transware:active_mail2009-12-15T19:52+09:002009-12-15T19:52+09:002009-12-15T19:52+09:00EC-CUBE information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000078.html
EC-CUBE from LOCKON CO.,LTD. contains an information disclosure vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability.JVNDB-2009-000078http://jvn.jp/en/jp/JVN79762947/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4236http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4236http://www.ipa.go.jp/security/english/vuln/200912_ec-cube_en.htmlhttp://secunia.com/advisories/37603http://xforce.iss.net/xforce/xfdb/54573http://www.vupen.com/english/advisories/2009/3421http://osvdb.org/60685https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2009-12-07T14:51+09:002009-12-07T14:51+09:002009-12-07T14:51+09:00SEIL/B1 authentication issue
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000079.html
SEIL/B1 contains an issue in the implementation of the PPP Access Concentrator (PPPAC) function, which may allow replay attacks to be performed during the authentication process.
The PPP Access Concentrator (PPPAC) function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt.JVNDB-2009-000079http://jvn.jp/en/jp/JVN49602378/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4409http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4409http://secunia.com/advisories/37628http://www.securityfocus.com/bid/37293http://www.osvdb.org/61118https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb12009-12-09T19:38+09:002009-12-09T19:38+09:002009-12-09T19:38+09:00P forum vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000084.html
P forum from Rocomotion contains a directory traversal vulnerability.
P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-000084http://jvn.jp/en/jp/JVN00152874/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4383http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4383http://secunia.com/advisories/37691https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ug:p_forum2009-12-17T14:18+09:002009-12-17T14:18+09:002009-12-17T14:18+09:00Vulnerability allowing Viewing/Updating of Other Users' Information in Groupmax World Wide Web Desktop Version 6
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001025.html
In Groupmax World Wide Web Desktop Version 6, a vulnerability exists in which the information of other users can be viewed and/or updated under a load balancing environment.JVNDB-2009-001025http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001025.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:document_manager_server_setcpe:/a:hitachi:groupmax_groupware_clientcpe:/a:hitachi:groupmax_groupware_web_clientcpe:/a:hitachi:groupmax_server_setcpe:/a:hitachi:groupmax_workflow_clientcpe:/a:hitachi:groupmax_workflow_web_clientcpe:/a:hitachi:groupmax_world_wide_web_desktopcpe:/a:hitachi:groupware_server_setcpe:/a:hitachi:mail_server_setcpe:/a:hitachi:scheduler_server_setcpe:/a:hitachi:workflow_server_set2009-02-26T11:55+09:002009-02-26T11:55+09:002009-02-26T11:55+09:00JP1/Cm2/Network Node Manager Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001032.html
A vulnerability in JP1/Cm2/Network Node Manager (NNM) could cause a denial of service (DoS) condition when using the Shared Trace Service.JVNDB-2009-001032http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001032.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2009-03-02T17:38+09:002009-03-02T17:38+09:002009-03-02T17:38+09:00Multiple Vulnerabilities in uCosminexus Portal Framework
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001033.html
uCosminexus Portal Framework contains multiple vulnerabilities.JVNDB-2009-001033http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001033.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_collaboration_portalcpe:/a:hitachi:cosminexus_portal_frameworkcpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_clientcpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:ucosminexus_collaboration_portalcpe:/a:hitachi:ucosminexus_content_managercpe:/a:hitachi:ucosminexus_portal_framework2009-03-02T17:38+09:002009-03-02T17:38+09:002009-03-02T17:38+09:00Fujitsu Enhanced Support Facility HRM-S Hardware/Software Information Disclosure Vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001087.html
A vulnerability exists in the HRM-S of Fujitsu Enhanced Support
Facility that allows the issue of hardware and software information
requests by remote unauthenticated users.JVNDB-2009-001087http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0867http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0867http://secunia.com/advisories/33974http://xforce.iss.net/xforce/xfdb/48817http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001087.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:enhanced_support_facility2009-03-24T17:35+09:002009-03-24T17:35+09:002009-03-24T17:35+09:00Fujitsu Jasmine HTTP Response Splitting Vulnerability When Executing WebLink Template
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001135.html
A vulnerability exists in Fujitsu Jasmine where HTTP response splitting may be conducted when the WebLink template is executed.JVNDB-2009-001135http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0868http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0868http://secunia.com/advisories/33971http://www.securityfocus.com/bid/33832http://xforce.iss.net/xforce/xfdb/48818http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001135.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:jasmine2009-04-17T14:13+09:002009-04-17T14:13+09:002009-04-17T14:13+09:00Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001544.html
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.JVNDB-2009-001544https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_clientcpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:cosminexus_opentp1cpe:/a:hitachi:cosminexus_servercpe:/a:hitachi:cosminexus_studiocpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:groupmax_collaborationcpe:/a:hitachi:hitachi_developers_kit_for_javacpe:/a:hitachi:processing_kit_for_xmlcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_clientcpe:/a:hitachi:ucosminexus_collaborationcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_opentp1cpe:/a:hitachi:ucosminexus_operatorcpe:/a:hitachi:ucosminexus_service2009-07-07T11:12+09:002009-07-07T11:12+09:002009-07-07T11:12+09:00Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Zip File Scanning Utility
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001545.html
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java
have a vulnerability that allows unauthorized access through a zip file
scanning API.JVNDB-2009-001545https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:hitachi_developers_kit_for_javacpe:/a:hitachi:processing_kit_for_xmlcpe:/a:hitachi:ucosminexus_application_server2009-07-07T11:12+09:002009-07-07T11:12+09:002009-07-07T11:12+09:00Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html
Hitachi Web Server contains a vulnerability that could lead to a denial
of service (DoS) condition when using it as a reverse proxy due to
excessive memory usage.JVNDB-2009-001740http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2364https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2014-05-21T18:24+09:002009-07-14T10:17+09:002014-05-21T18:24+09:00Hitachi Web Server Vulnerability in SSL Client Authentication
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001741.html
Hitachi Web Server contains a vulnerability in handling SSL client
certificates, which could allow an attacker to manipulate environment
variables and/or spoof the client to access Web servers.JVNDB-2009-001741http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0555http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0555https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2014-05-21T18:16+09:002009-07-14T10:17+09:002014-05-21T18:16+09:00Hitachi Business Logic Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001893.html
Hitachi Business Logic is vulnerable to cross-site scripting.JVNDB-2009-001893http://www.vupen.com/english/advisories/2009/2011https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:business_logiccpe:/a:hitachi:electronic_form_workflow2009-08-25T10:50+09:002009-08-25T10:50+09:002009-08-25T10:50+09:00Issue of Access Control Failure in Groupmax Scheduler Server
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001930.html
Groupmax Scheduler Server contains a vulnerability in which access
privilege settings can be rendered invalid.JVNDB-2009-001930http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3172http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3172http://secunia.com/advisories/36527http://www.securityfocus.com/bid/36184http://www.vupen.com/english/advisories/2009/2480http://www.osvdb.org/57565https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_groupware_servercpe:/a:hitachi:groupmax_server_setcpe:/a:hitachi:groupware_server_setcpe:/a:hitachi:scheduler_server_set2009-08-31T15:52+09:002009-08-31T15:52+09:002009-08-31T15:52+09:00Issue of Access Control Failure in Hitachi Device Manager Server
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001931.html
Hitachi Device Manager servers contain a vulnerability in which access
control settings would be rendered invalid in the following cases:
- IPv6 format is used for communications between a Hitachi Device
Manager server and its clients.
- Access controls for Hitachi Device Manager clients are set by the
range of IP addresses written in the CIDR format.JVNDB-2009-001931https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:device_managercpe:/a:hitachi:jp1-hicommand_device_manager2009-08-31T15:52+09:002009-08-31T15:52+09:002009-08-31T15:52+09:00Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001967.html
Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities that could allow an attacker to execute arbitrary commands.JVNDB-2009-001967https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_file_transmission_server_ftp2009-09-14T10:31+09:002009-09-14T10:31+09:002009-09-14T10:31+09:00GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001968.html
A vulnerability exists in multiple JP1 products that could allow an attacker to cause denial of service (DoS) condition due to error in processing GIF files.JVNDB-2009-001968http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4777http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4777http://secunia.com/advisories/36646http://www.securityfocus.com/bid/36311http://xforce.iss.net/xforce/xfdb/53115http://www.vupen.com/english/advisories/2009/2576http://osvdb.org/57832https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_2cpe:/a:hitachi:job_management_partner_1_integrated_managementcpe:/a:hitachi:job_management_partner_1_integrated_managercpe:/a:hitachi:job_management_partner_1_performance_management_snmp_system_observercpe:/a:hitachi:job_management_partner_1_snmp_system_observercpe:/a:hitachi:jp1_automatic_job_management_system_2cpe:/a:hitachi:jp1_cm2_snmp_system_observercpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:jp1_integrated_managercpe:/a:hitachi:jp1_performance_management_snmp_system_observercpe:/a:hitachi:jp1_server_system_observer2009-09-14T10:31+09:002009-09-14T10:31+09:002009-09-14T10:31+09:00Oracle iPlanet Web Server information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002069.html
Oracle iPlanet Web Server (formerly Sun Java System Web Server) contains an information disclosure vulnerability.
Oracle iPlanet Web Server (formerly Sun Java System Web Server) is a web server. Oracle iPlanet Web Server contains an information disclosure vulnerability.JVNDB-2009-002069http://jvn.jp/en/jp/JVN47124169/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2445http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2445http://secunia.com/advisories/35701http://www.securityfocus.com/bid/35577http://securitytracker.com/id?1022511http://www.osvdb.org/55655https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oracle:iplanet_web_server2011-07-25T18:06+09:002011-07-25T18:06+09:002011-07-25T18:06+09:00SquirrelMail vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002207.html
SquirrelMail contains a cross-site request forgery vulnerability.
SquirrelMail from SquirrelMail Project is an open source webmail (web-based email).
SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery.
Daiki Fukumori reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-002207http://jvn.jp/en/jp/JVN30881447/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2964http://secunia.com/advisories/34627http://www.securityfocus.com/bid/36196http://xforce.iss.net/xforce/xfdb/52406http://www.vupen.com/english/advisories/2009/2262http://www.osvdb.org/57001https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:squirrelmail:squirrelmailcpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:enterprise_linux_euscpe:/o:redhat:rhel_desktop_workstation2011-01-07T14:40+09:002011-01-07T14:40+09:002011-01-07T14:40+09:00StartTLS not enabled in Hitachi Storage Command Suite products
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002345.html
When a Hitachi Storage Command Suite product uses an LDAP directory server as the server to be used for external authentication, StartTLS won't be enabled even if it is specified as the connection protocol.JVNDB-2009-002345https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:device_managercpe:/a:hitachi:global_link_managercpe:/a:hitachi:replication_managercpe:/a:hitachi:tiered_storage_managercpe:/a:hitachi:tuning_manager2009-12-24T14:32+09:002009-12-24T14:32+09:002009-12-24T14:32+09:00Fujitsu Interstage and Systemwalker SSL Vulnerabilities
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002358.html
Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below:
- A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate.
- A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables.
- A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.JVNDB-2009-002358https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:infodirectorycpe:/a:fujitsu:infoprovider_procpe:/a:fujitsu:infoproxycpe:/a:fujitsu:infoproxy_for_middlewarecpe:/a:fujitsu:interstagecpe:/a:fujitsu:interstage_apcoordinatorcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_managercpe:/a:fujitsu:interstage_form_coordinator_syomei_optioncpe:/a:fujitsu:interstage_security_directorcpe:/a:fujitsu:interstage_traffic_directorcpe:/a:fujitsu:linkexpresscpe:/a:fujitsu:safeauthorcpe:/a:fujitsu:safegatecpe:/a:fujitsu:safegate_clientcpe:/a:fujitsu:safegate_syutyu_kanricpe:/a:fujitsu:symfoware_universal_data_interchangercpe:/a:fujitsu:systemwalker_centricmgr-acpe:/a:fujitsu:systemwalker_centric_managercpe:/a:fujitsu:systemwalker_desktop_inspectioncpe:/a:fujitsu:systemwalker_desktop_patrolcpe:/a:fujitsu:systemwalker_formcoordinator_syomei_optioncpe:/a:fujitsu:systemwalker_infodirectorycpe:/a:fujitsu:systemwalker_it_budgetmgrcpe:/a:fujitsu:systemwalker_it_budget_managercpe:/a:fujitsu:systemwalker_software_deliverycpe:/a:fujitsu:trademastercpe:/a:fujitsu:trmaster2009-12-28T11:19+09:002009-12-28T11:19+09:002009-12-28T11:19+09:00Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002475.html
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.JVNDB-2009-002475https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_application_servercpe:/a:hitachi:cosminexus_clientcpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:cosminexus_opentp1cpe:/a:hitachi:cosminexus_servercpe:/a:hitachi:cosminexus_studiocpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:groupmax_collaborationcpe:/a:hitachi:hitachi_developers_kit_for_javacpe:/a:hitachi:processing_kit_for_xmlcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_clientcpe:/a:hitachi:ucosminexus_collaborationcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_navigationcpe:/a:hitachi:ucosminexus_opentp1cpe:/a:hitachi:ucosminexus_operatorcpe:/a:hitachi:ucosminexus_service2010-02-09T14:03+09:002010-02-09T14:03+09:002010-02-09T14:03+09:00Cacti vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-003901.html
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing parameters in graph_view.php.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2009-003901http://jvn.jp/en/jp/JVN09758120/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4032http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4032https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cacti:cacti2015-07-09T14:41+09:002015-07-09T14:41+09:002015-07-09T14:41+09:00