JVNDB RSS Feed - 2010 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00Movable Type access restriction bypass vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000001.html
Movable Type contains an access restriction bypass vulnerability.
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.
This vulnerability is different from JVN#08369659.JVNDB-2010-000001http://jvn.jp/en/jp/JVN09872874/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2010-01-06T16:26+09:002010-01-06T16:26+09:002010-01-06T16:26+09:00WebCalenderC3 cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000002.html
WebCalenderC3 from C3 Corp. contains a cross-site scripting vulnerability.
WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a cross-site scripting vulnerability.
According to the developer, they were not able to reproduce the vulnerability. However, to mitigate against potential security risks, the developer has released a security enhanced version.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000002http://jvn.jp/en/jp/JVN33977065/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0349http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0349http://secunia.com/advisories/38135http://osvdb.org/61629https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:c-3.co.jp:webcalenderc32010-01-14T21:23+09:002010-01-14T21:23+09:002010-01-14T21:23+09:00WebCalenderC3 vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000003.html
WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability.
WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000003http://jvn.jp/en/jp/JVN22247093/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0348http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0348http://secunia.com/advisories/38135http://osvdb.org/61630https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:c-3.co.jp:webcalenderc32010-01-14T21:24+09:002010-01-14T21:24+09:002010-01-14T21:24+09:00Oracle Application Server vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000004.html
Oracle Application Server from Oracle contains a cross-site scripting vulnerability.
Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability.
Daiki Fukumori reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000004http://jvn.jp/en/jp/JVN50837839/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oracle:application_server2010-01-14T21:24+09:002010-01-14T21:24+09:002010-01-14T21:24+09:00tDiary plugin tb-send.rb vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000005.html
tDiary plugin tb-send.rb contains a cross-site scripting vulnerability.
tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability.
The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability.
Project VEX of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000005http://jvn.jp/en/jp/JVN73331060/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0726http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0726http://secunia.com/advisories/38742http://www.securityfocus.com/bid/38413http://osvdb.org/62562https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tdiary:tdiary2010-02-26T12:45+09:002010-02-26T12:45+09:002010-02-26T12:45+09:00OpenPNE authentication bypass vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000006.html
OpenPNE contains an authentication bypass vulnerability.
OpenPNE is an open source SNS (Social Networking Service) software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range limitation function that may lead to an authentication bypass vulnerability. As a result, the "simple login" function for mobile phones may allow a remote attacker to bypass authentication.
Note that products are affected by this vulnerability only when mobile device support and IP address range limitation are both enabled.
According to the developer, in all versions of OpenPNE 1.6 and later, the IP adress range limitation function is either not implemented or not enabled by default. The developer has released information regarding this issue. For more information, refer to the information provided by the developer.
Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000006http://jvn.jp/en/jp/JVN06874657/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1040http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1040http://www.ipa.go.jp/security/english/vuln/201003_openpne_en.htmlhttp://secunia.com/advisories/38857https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tejimaya:openpne2010-03-12T15:29+09:002010-03-12T15:29+09:002010-03-12T15:29+09:00PrettyFormMail vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000007.html
PrettyFormMail from PrettyBook contains a cross-site scripting vulnerability.
PrettyFormMail from PrettyBook is a software that sends emails with contents that are input into a HTML form. PrettyFormMail contains a cross-site scripting vulnerability.
Masako Ohono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000007http://jvn.jp/en/jp/JVN41842181/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1332http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1332http://xforce.iss.net/xforce/xfdb/57492https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:prettybook:prettyformmail2010-04-02T17:31+09:002010-04-02T17:31+09:002010-04-02T17:31+09:00Compiere vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000008.html
Compiere provided by Almas Inc. contains a cross-site scripting vulnerability.
Compiere provided by Almas Inc. is an Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) software. Compiere contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#38687002.
Naruhisa Tadokoro of Kobe Digital Labo Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000008http://jvn.jp/en/jp/JVN57963254/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1333http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1333http://xforce.iss.net/xforce/xfdb/57494http://xforce.iss.net/xforce/xfdb/57493http://osvdb.org/63419https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:almas:compiere2010-04-02T17:32+09:002010-04-02T17:32+09:002010-04-02T17:32+09:00Compiere vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000009.html
Compiere provided by Almas Inc. contains a cross-site scripting vulnerability.
Compiere provided by Almas Inc. is an Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) software. Compiere contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#57963254.
Naruhisa Tadokoro of Kobe Digital Labo Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000009http://jvn.jp/en/jp/JVN38687002/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1333http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1333http://osvdb.org/63419https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:almas:compiere2010-04-02T17:32+09:002010-04-02T17:32+09:002010-04-02T17:32+09:00HL-SiteManager vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000010.html
HL-SiteManager from Heartlogic contains a SQL injection vulnerability.
HL-SiteManager from Heartlogic is a contents management system (CMS) software. HL-SiteManager contains a SQL injection vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000010http://jvn.jp/en/jp/JVN60969543/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1331http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1331http://xforce.iss.net/xforce/xfdb/57495https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:heartlogic:hl-sitemanager2010-04-02T17:33+09:002010-04-02T17:33+09:002010-04-02T17:33+09:00Internet Explorer information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.html
Internet Explorer contains an information disclosure vulnerability.
Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability.
Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000011http://jvn.jp/en/jp/JVN49467403/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0488http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0488http://www.ipa.go.jp/security/ciadr/vul/20100331-ms10-018.htmlhttp://www.us-cert.gov/cas/alerts/SA10-089A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-089A.htmlhttp://www.securityfocus.com/bid/39028http://securitytracker.com/id?1023773http://www.vupen.com/english/advisories/2010/0744https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2010-04-08T17:47+09:002010-04-08T17:47+09:002010-04-08T17:47+09:00MODx vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000012.html
MODx provided by The MODx CMS Project contains a SQL injection vulnerability.
MODx provided by the MODx CMS Project is a Contents Management System (CMS) software. MODx contains a SQL injection vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000012http://jvn.jp/en/jp/JVN19774883/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1426http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1426http://www.ipa.go.jp/security/english/vuln/201004_modx_en.htmlhttp://secunia.com/advisories/39298http://xforce.iss.net/xforce/xfdb/57636https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:modx:evolution2010-04-08T17:47+09:002010-04-08T17:47+09:002010-04-08T17:47+09:00MODx vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000013.html
MODx provided by The MODx CMS Project contains a cross-site scripting vulnerability.
MODx provided by the MODx CMS Project is a Contents Management System (CMS) software. MODx contains a cross-site scripting vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000013http://jvn.jp/en/jp/JVN46669729/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1427http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1427http://secunia.com/advisories/39298http://xforce.iss.net/xforce/xfdb/57635https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:modx:evolution2010-04-08T17:47+09:002010-04-08T17:47+09:002010-04-08T17:47+09:00Cisco Router and Security Device Manager vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000014.html
Cisco Router and Security Device Manager (SDM) contains a cross-site scripting vulnerability.
Cisco Router and Security Device Manager (SDM) is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager (SDM) contains a cross-site scripting vulnerability.JVNDB-2010-000014http://jvn.jp/en/jp/JVN14313132/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0594http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0594https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cisco:router_and_security_device_manager2010-04-08T17:47+09:002010-04-08T17:47+09:002010-04-08T17:47+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000015.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
For more information, refer to the developer's website.JVNDB-2010-000015http://jvn.jp/en/jp/JVN98467259/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1424http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1424http://www.ipa.go.jp/security/english/vuln/201004_ichitaro_en.htmlhttp://www.ipa.go.jp/security/topics/alert20100419.htmlhttp://secunia.com/advisories/39256/http://www.securityfocus.com/bid/39369http://www.securitytracker.com/id?1023844http://www.vupen.com/english/advisories/2010/0854http://osvdb.org/63651https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitaro2010-04-12T17:17+09:002010-04-12T17:17+09:002010-04-12T17:17+09:00Multiple Cybozu products vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000016.html
Multiple Cybozu products contain an authentication bypass vulnerability.
Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product.JVNDB-2010-000016http://jvn.jp/en/jp/JVN87730223/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2029http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2029http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.htmlhttp://secunia.com/advisories/39508http://xforce.iss.net/xforce/xfdb/57976http://www.osvdb.org/63933https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:dotsalescpe:/a:cybozu:office2010-04-21T17:27+09:002010-04-21T17:27+09:002010-04-21T17:27+09:00Movable Type vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000017.html
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.
This vulnerability is different than the previous vulnerabilities disclosed on JVN.JVNDB-2010-000017http://jvn.jp/en/jp/JVN92854093/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1985http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1985http://secunia.com/advisories/39741http://www.vupen.com/english/advisories/2010/1136https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2010-05-12T15:25+09:002010-05-12T15:25+09:002010-05-12T15:25+09:00Interstage Application Server vulnerable in request processing
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000018.html
The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly.
The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device.JVNDB-2010-000018http://jvn.jp/en/jp/JVN90248889/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1942http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1942http://secunia.com/advisories/39803http://www.securityfocus.com/bid/40189http://www.vupen.com/english/advisories/2010/1165http://osvdb.org/64703https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_business_application_managercpe:/a:fujitsu:interstage_list_manager2010-05-17T16:42+09:002010-05-17T16:42+09:002010-05-17T16:42+09:00WebSAM DeploymentManager vulnerable to denial of service
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000019.html
WebSAM DeploymentManager contains a denial of service (DoS) vulnerability.
WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service (DoS) vulnerability.
Servers or workstations that installed "Client Service for DPM" from the following products are vulnerable.
* WebSAM DeploymentManager Ver5.13 and earlier
The above mentioned WebSAM DeploymentManager is provided as part of the following products and are also affected by this vulnerability.
* SigmaSystemCenter 2.1 Update2 and earlier
* BladeSystemCenter all versions
* ExpressSystemCenter all versions
* VirtualPCCenter 2.2 and earlierJVNDB-2010-000019http://jvn.jp/en/jp/JVN90872372/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1941http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1941http://www.ipa.go.jp/security/english/vuln/201005_websam_en.htmlhttp://secunia.com/advisories/39802http://www.securityfocus.com/bid/40196http://osvdb.org/64700https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nec:bladesystemcentercpe:/a:nec:expresssystemcentercpe:/a:nec:sigmasystemcentercpe:/a:nec:virtualpccentercpe:/a:nec:websam_deploymentmanager2010-05-17T16:42+09:002010-05-17T16:42+09:002010-05-17T16:42+09:00CapsSuite Small Edition PatchMeister vulnerable to denial of service
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000020.html
CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability.
CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability.
Servers or workstations that installed "Client Service for PTM" from the following products are vulnerable.
* CapsSuite Small Edition PatchMeister Ver2.0 Update2 and earlierJVNDB-2010-000020http://jvn.jp/en/jp/JVN82749282/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1943http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1943http://www.ipa.go.jp/security/english/vuln/201005_capssuite_en.htmlhttp://secunia.com/advisories/39800http://www.securityfocus.com/bid/40190http://www.vupen.com/english/advisories/2010/1166http://osvdb.org/64701https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nec:capssuite_small_edition_patchmeister2010-05-17T16:43+09:002010-05-17T16:43+09:002010-05-17T16:43+09:00e-Pares vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000021.html
e-Pares contains a cross-site scripting vulnerability.
e-Pares is a system that manages facility (conference rooms, etc.) information. e-Pares contains a cross-site scripting vulnerability.
This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web application diagnosis service by Local Authorities Systems Development Center (LASDEC) for the 2008 fiscal year.JVNDB-2010-000021http://jvn.jp/en/jp/JVN58439007/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2150http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2150http://secunia.com/advisories/40029http://www.securityfocus.com/bid/40515https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:e-pares2010-06-03T11:29+09:002010-06-03T11:29+09:002010-06-03T11:29+09:00e-Pares vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000022.html
e-Pares contains a cross-site request forgery vulnerability.
e-Pares is a system that manages facility (conference rooms, etc.) information. e-Pares contains a cross-site request forgery vulnerability.
This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web application diagnosis service by Local Authorities Systems Development Center (LASDEC) for the 2008 fiscal year.JVNDB-2010-000022http://jvn.jp/en/jp/JVN82465391/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2151http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2151http://secunia.com/advisories/40029http://www.securityfocus.com/bid/40517https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:e-pares2010-06-03T11:29+09:002010-06-03T11:29+09:002010-06-03T11:29+09:00e-Pares vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000023.html
e-Pares contains a session fixation vulnerability.
e-Pares is a system that manages facility (conference rooms, etc.) information. e-Pares contains a session fixation vulnerability.
This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web application diagnosis service by Local Authorities Systems Development Center (LASDEC) for the 2008 fiscal year.JVNDB-2010-000023http://jvn.jp/en/jp/JVN36925871/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2149http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2149http://secunia.com/advisories/40029http://www.securityfocus.com/bid/40513https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:e-pares2010-06-03T11:29+09:002010-06-03T11:29+09:002010-06-03T11:29+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000024.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability is different from JVN#98467259.
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.JVNDB-2010-000024http://jvn.jp/en/jp/JVN17293765/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2152http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2152http://www.ipa.go.jp/security/topics/alert20100602.htmlhttp://www.ipa.go.jp/security/english/vuln/201006_ichitaro_en.htmlhttp://secunia.com/advisories/40008http://www.securityfocus.com/bid/40472http://xforce.iss.net/xforce/xfdb/59037http://www.vupen.com/english/advisories/2010/1283http://osvdb.org/65050https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:justschool2010-06-01T17:37+09:002010-06-01T17:37+09:002010-06-01T17:37+09:00Multiple vulnerabilities in ActiveGeckoBrowser
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000025.html
ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities.
ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine.JVNDB-2010-000025http://jvn.jp/en/jp/JVN67120749/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2420http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2420http://xforce.iss.net/xforce/xfdb/59493https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:activegeckobrowser2010-06-17T19:50+09:002010-06-17T19:50+09:002010-06-17T19:50+09:00Explzh buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000026.html
Explzh contains a buffer overflow vulnerability.
Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header.
Note that versions of Explzh that contain "Arcext.dll" version 2.16.1 and earlier are vulnerable.
Kenju Takano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000026http://jvn.jp/en/jp/JVN34729123/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2434http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2434http://secunia.com/advisories/40324http://www.securityfocus.com/bid/41025http://xforce.iss.net/xforce/xfdb/59624http://osvdb.org/65666https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ponsoftware:explzh2010-06-22T16:37+09:002010-06-22T16:37+09:002010-06-22T16:37+09:00Winny BBS information processing vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000027.html
Winny contains a vulnerability in the processing of BBS information.
Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service (DDoS) attacks.
Yuji Ukai of eEye Digital Security reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000027http://jvn.jp/en/jp/JVN54336184/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2361http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2361http://xforce.iss.net/xforce/xfdb/61278https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:winny:winny2010-08-20T17:17+09:002010-08-20T17:17+09:002010-08-20T17:17+09:00Winny node information processing vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000028.html
Winny contains a vulnerability in the processing of node information.
Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service (DDoS) attacks.
Fuyumasa Takatsu of University of Tsukuba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000028http://jvn.jp/en/jp/JVN25393522/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2362http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2362http://xforce.iss.net/xforce/xfdb/61277https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:winny:winny2010-08-20T17:17+09:002010-08-20T17:17+09:002010-08-20T17:17+09:00Winny vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000029.html
Winny contains a buffer overflow vulnerability.
Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability.
This vulnerability is different from JVN#91740962 and JVN#74294680.
Makoto Iwamura of NTT Information Sharing Platform Laboratories reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Moti Joseph and Kobi Pariente reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000029http://jvn.jp/en/jp/JVN21471805/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2360http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2360http://xforce.iss.net/xforce/xfdb/61276https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:winny:winny2010-08-20T17:18+09:002010-08-20T17:18+09:002010-08-20T17:18+09:00Winny vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000030.html
Winny contains a buffer overflow vulnerability.
Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability.
This vulnerability is different from JVN#21471805 and JVN#74294680.
Moti Joseph and Kobi Pariente reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000030http://jvn.jp/en/jp/JVN91740962/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2360http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2360http://xforce.iss.net/xforce/xfdb/61275https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:winny:winny2010-08-20T17:18+09:002010-08-20T17:18+09:002010-08-20T17:18+09:00Microsoft Windows denial of service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000031.html
Microsoft Windows contains a denial of service (DoS) vulnerability.
Microsoft Windows contains a denial of service (DoS) vulnerability caused by IPv6 packets with malformed extension headers.
Darren Willis of Fourteenforty Research Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000031http://jvn.jp/en/jp/JVN86832361/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1892http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1892http://www.us-cert.gov/cas/alerts/SA10-222A.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttp://www.securityfocus.com/bid/42251http://www.vupen.com/english/advisories/2010/2055https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:microsoft:windows_7cpe:/o:microsoft:windows_server_2008cpe:/o:microsoft:windows_vista2010-08-13T18:44+09:002010-08-13T18:44+09:002010-08-13T18:44+09:00SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000032.html
SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding (RPF) does not properly function in strict mode.
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding (RPF) does not properly function in strict mode.
Only IPv6 Unicast RPF in strict mode is vulnerable. According to the developer, IPv6 Unicast RPF in loose mode and IPv4 Unicast RPF are not affected by this vulnerability.JVNDB-2010-000032http://jvn.jp/en/jp/JVN12683004/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2363http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2363https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx22010-08-25T13:54+09:002010-08-25T13:54+09:002010-08-25T13:54+09:00moobbs vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000033.html
moobbs contains a cross-site scripting vulnerability.
moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000033http://jvn.jp/en/jp/JVN24423311/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2364http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2364http://secunia.com/advisories/41179https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:common1:moobbs2010-08-31T14:16+09:002010-08-31T14:16+09:002010-08-31T14:16+09:00moobbs2 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000034.html
moobbs2 contains a cross-site scripting vulnerability.
moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000034http://jvn.jp/en/jp/JVN75101998/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2365http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2365http://secunia.com/advisories/41179https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:common1:moobbs22010-08-31T14:16+09:002010-08-31T14:16+09:002010-08-31T14:16+09:00Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000035.html
Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.
According to the developer, users of the Professional version that are using the "Method to load js files for tags within the head tag" as stated in the manual are not affected by this vulnerability.
Katsumi Kobayashi of NRI Secure Technologies, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000035http://jvn.jp/en/jp/JVN35605523/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2366http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2366http://www.securityfocus.com/bid/43142https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:access_analyzer_cgi_professionalcpe:/a:futomis_cgi_cafe:access_analyzer_cgi_standard2010-09-10T17:25+09:002010-09-10T17:25+09:002010-09-10T17:25+09:00AD-EDIT2 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000036.html
AD-EDIT2 contains a cross-site scripting vulnerability.
AD-EDIT2 is a Contents Management System (CMS) software. AD-EDIT2 contains a cross-site scripting vulnerability.
Seiei Higa of IT College Okinawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000036http://jvn.jp/en/jp/JVN69191943/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2367http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2367https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:norenz:ad-edit22010-10-05T19:31+09:002010-10-05T19:31+09:002010-10-05T19:31+09:00Lhaplus may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000037.html
Lhaplus may use unsafe methods for determining how to load DLLs.
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Hitachi Incident Response Team and Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000037http://jvn.jp/en/jp/JVN82752978/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2368http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2368http://www.ipa.go.jp/security/english/vuln/201010_Lhaplus_en.htmlhttp://www.kb.cert.org/vuls/id/707943http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lhaplus:lhaplus2010-10-18T19:36+09:002010-10-18T19:36+09:002010-10-18T19:36+09:00Lhasa may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000038.html
Lhasa may use unsafe methods for determining how to load executables (.exe).
Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables (.exe) when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000038http://jvn.jp/en/jp/JVN88850043/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2369http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2369http://www.ipa.go.jp/security/english/vuln/201010_Lhasa_en.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:susie_ro:lhasa2010-10-18T19:36+09:002010-10-18T19:36+09:002010-10-18T19:36+09:00Lhaplus may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000039.html
Lhaplus may use unsafe methods for determining how to load executables (.exe).
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables (.exe) when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000039http://jvn.jp/en/jp/JVN18774708/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3158http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3158http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttp://secunia.com/advisories/41742https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lhaplus:lhaplus2010-10-20T17:40+09:002010-10-20T17:40+09:002010-10-20T17:40+09:00XacRett may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000040.html
XacRett may use unsafe methods for determining how to load executables (.exe).
XacRett is a file extraction software that supports many file formats. XacRett loads certain executables (.exe) when extracting files. XacRett contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000040http://jvn.jp/en/jp/JVN04665167/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3157http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3157http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttp://secunia.com/advisories/41850http://www.securityfocus.com/bid/44125https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kmonos:xacrett2010-10-20T17:40+09:002010-10-20T17:40+09:002010-10-20T17:40+09:00K2Editor may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000041.html
K2Editor may use unsafe methods for determining how to load executables (.exe).
K2Editor is a text editor. K2Editor loads certain executables (.exe) when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000041http://jvn.jp/en/jp/JVN36921800/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3156http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3156http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:k2top:k2editor2010-10-20T17:41+09:002010-10-20T17:41+09:002010-10-20T17:41+09:00Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000042.html
Oracle iPlanet Web Server (formerly Sun Java System Web Server) contains a cross-site request forgery vulnerability.
Oracle iPlanet Web Server (formerly Sun Java System Web Server) is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability.
Yoshihiro Ishikawa of LAC reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000042http://jvn.jp/en/jp/JVN50133036/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3544http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3544http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlhttp://www.securityfocus.com/bid/43977https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oracle:iplanet_web_server2010-10-18T19:37+09:002010-10-18T19:37+09:002010-10-18T19:37+09:00Explzh may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html
Explzh may use unsafe methods for determining how to load executables (.exe).
Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables (.exe) when extracting files. Explzh contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000043http://jvn.jp/en/jp/JVN85599999/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3159http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3159http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ponsoftware:explzh2010-10-20T17:41+09:002010-10-20T17:41+09:002010-10-20T17:41+09:00Archive Decoder may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000044.html
Archive Decoder may use unsafe methods for determining how to load executables (.exe).
Archive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000044http://jvn.jp/en/jp/JVN68536660/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3160http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3160http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ponsoftware:archive_decoder2010-10-20T17:41+09:002010-10-20T17:41+09:002010-10-20T17:41+09:00TeraPad may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000045.html
TeraPad may use unsafe methods for determining how to load DLLs.
TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000045http://jvn.jp/en/jp/JVN48097065/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3161http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3161http://www.ipa.go.jp/security/english/vuln/201010_TeraPad_en.htmlhttp://www.kb.cert.org/vuls/id/707943http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:susumu_terao:terapad2010-10-26T16:51+09:002010-10-26T16:51+09:002010-10-26T16:51+09:00Apsaly may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000046.html
Apsaly may use unsafe methods for determining how to load executables (.exe).
Apsaly is a text editor that can interact with other applications. Apsaly loads certain executables when opening the folder that contains the file that is being edited, or when a particular sequence of actions are performed. Apsaly contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000046http://jvn.jp/en/jp/JVN71138390/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3162http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3162http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:masahiko_watanabe:apsaly2010-10-26T16:52+09:002010-10-26T16:52+09:002010-10-26T16:52+09:00Sleipnir and Grani may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html
Sleipnir and Grani may use unsafe methods for determining how to load DLLs.
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000047http://jvn.jp/en/jp/JVN50610528/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3163http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3163http://www.ipa.go.jp/security/english/vuln/201010_Sleipnir_en.htmlhttp://www.kb.cert.org/vuls/id/707943http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlcpe:/a:fenrir-inc:granicpe:/a:fenrir-inc:sleipnir2010-10-25T17:42+09:002010-10-25T17:42+09:002010-10-25T17:42+09:00Sleipnir and Grani may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html
Sleipnir and Grani may use unsafe methods for determining how to load executables (.exe).
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000048http://jvn.jp/en/jp/JVN89272705/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3164http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3164http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:granicpe:/a:fenrir-inc:sleipnir2010-10-25T17:43+09:002010-10-25T17:43+09:002010-10-25T17:43+09:00Multiple Yokka provided products may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000049.html
Multiple products provided by Yokka may use unsafe methods for determining how to load executables (.exe).
Multiple products provided by Yokka such as text editors, contain an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000049http://jvn.jp/en/jp/JVN07497935/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3165http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3165http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:yokkasoft:deuxeditorcpe:/a:yokkasoft:noeditorcpe:/a:yokkasoft:ouieditorcpe:/a:yokkasoft:sqleditor8cpe:/a:yokkasoft:sqleditorclassiccpe:/a:yokkasoft:sqleditortecpe:/a:yokkasoft:sqleditorxpcpe:/a:yokkasoft:uneditor2010-10-25T17:43+09:002010-10-25T17:43+09:002010-10-25T17:43+09:00Active! mail 6 vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000050.html
Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability.
Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability.
Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000050http://jvn.jp/en/jp/JVN72541530/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3913http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3913https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:transware:active_mail2010-10-29T20:36+09:002010-10-29T20:36+09:002010-10-29T20:36+09:00GVim may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000051.html
GVim may use unsafe methods for determining how to load DLLs.
GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000051http://jvn.jp/en/jp/JVN27868039/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3914http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3914http://www.kb.cert.org/vuls/id/707943http://www.us-cert.gov/cas/techalerts/TA10-238A.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:vim:gvim2010-11-01T18:51+09:002010-11-01T18:51+09:002010-11-01T18:51+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000052.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from JVN#01948274, and other issues that were previously published on JVN.JVNDB-2010-000052http://jvn.jp/en/jp/JVN19173793/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3915http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3915http://www.ipa.go.jp/security/english/vuln/201011_ichitaro_en.htmlhttp://secunia.com/advisories/42099http://www.securityfocus.com/bid/44637http://www.vupen.com/english/advisories/2010/2885https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_government2010-11-05T16:15+09:002010-11-04T19:10+09:002010-11-05T16:15+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000053.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from JVN#19173793, and other issues that were previously published on JVN.JVNDB-2010-000053http://jvn.jp/en/jp/JVN01948274/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3916http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3916http://www.ipa.go.jp/security/english/vuln/201011_ichitaro_en.htmlhttp://secunia.com/advisories/42099http://www.securityfocus.com/bid/44637http://www.vupen.com/english/advisories/2010/2885https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_government2010-11-05T16:15+09:002010-11-04T19:11+09:002010-11-05T16:15+09:00Flash Player access restriction bypass vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000054.html
Flash Player contains an access restriction bypass vulnerability.
When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file.
Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.JVNDB-2010-000054http://jvn.jp/en/jp/JVN48425028/index.htmlhttp://jvn.jp/cert/JVNVU331391http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3636http://secunia.com/advisories/42183http://www.securityfocus.com/bid/44691http://www.vupen.com/english/advisories/2010/2903http://www.vupen.com/english/advisories/2010/2906http://www.vupen.com/english/advisories/2010/2918https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:flash_playercpe:/a:redhat:enterprise_linuxcpe:/a:redhat:rhel_desktop_supplementarycpe:/a:redhat:rhel_server_supplementarycpe:/a:redhat:rhel_supplementarycpe:/a:redhat:rhel_workstation_supplementarycpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_servercpe:/o:oracle:solaris2011-02-01T16:22+09:002010-11-09T19:59+09:002011-02-01T16:22+09:00Google Chrome information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000056.html
Google Chrome contains an information disclosure vulnerability.
Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files.
Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000056http://jvn.jp/en/jp/JVN36765384/index.htmlhttps://www.cve.org/CVERecord?id=CVE-2010-3917https://nvd.nist.gov/vuln/detail/CVE-2010-3917https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:google:chrome2010-11-26T17:32+09:002010-11-26T17:32+09:002010-11-26T17:32+09:00Clipboard contents alteration vulnerability in Sleipnir
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000057.html
Sleipnir contains a vulnerability in which the contents of the clipboard may be altered.
Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website.
According to the developer, users who are using the version 2.9.6 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.JVNDB-2010-000057http://jvn.jp/en/jp/JVN64764004/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3918http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3918http://secunia.com/advisories/42427http://osvdb.org/69604https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir2010-12-01T20:27+09:002010-12-01T20:27+09:002010-12-01T20:27+09:00Clipboard contents alteration vulnerability in Grani
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000058.html
Grani contains a vulnerability in which the contents of the clipboard may be altered.
Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website.
According to the developer, users who are using the version 4.5 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability. JVNDB-2010-000058http://jvn.jp/en/jp/JVN76662040/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3919http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3919http://secunia.com/advisories/42428https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:grani2010-12-01T20:27+09:002010-12-01T20:27+09:002010-12-01T20:27+09:00Vulnerability in Epson printer driver installer where access permissions are changed
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000059.html
A vulnerability in printer driver installers provided by Epson cause access permissions to a certain folder on the system to be changed.
When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files (C:\Program Files) are changed. As a result, users that do not have permission to access that folder can gain access to that folder.
According to the developer, printer drivers that were included with the product or downloaded from the developer website from the initial release of May 2010 through November 25, 2010 are affected by this vulnerability.
Also, users of Windows Vista and later operating systems are not affected. JVNDB-2010-000059http://jvn.jp/en/jp/JVN62736872/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3920http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3920http://secunia.com/advisories/42540http://osvdb.org/69678https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:epson:lp-s7100cpe:/a:epson:lp-s90002010-12-08T18:25+09:002010-12-08T18:25+09:002010-12-08T18:25+09:00Movable Type vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.
This vulnerability is different than the previous vulnerabilities disclosed on JVN.JVNDB-2010-000060http://jvn.jp/en/jp/JVN36673836/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3921http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3921http://secunia.com/advisories/42539http://www.vupen.com/english/advisories/2010/3145https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2010-12-08T18:26+09:002010-12-08T18:26+09:002010-12-08T18:26+09:00Movable Type vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html
Movable Type contains SQL injection vulnerability.
Movable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability.JVNDB-2010-000061http://jvn.jp/en/jp/JVN78536512/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3922http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3922http://www.ipa.go.jp/security/english/vuln/201012_Movabletype_en.htmlhttp://secunia.com/advisories/42539http://www.vupen.com/english/advisories/2010/3145https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2010-12-08T18:28+09:002010-12-08T18:28+09:002010-12-08T18:28+09:00Internet Explorer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000062.html
Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined.
Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000062http://jvn.jp/en/jp/JVN62275332/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3342http://secunia.com/advisories/42091http://www.securityfocus.com/bid/45256http://www.vupen.com/english/advisories/2010/3214https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorercpe:/o:microsoft:windows_7cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2010-12-15T18:18+09:002010-12-15T18:18+09:002010-12-15T18:18+09:00Internet Explorer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000063.html
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Takeshi Terada and Yutaka Kokubu from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000063http://jvn.jp/en/jp/JVN30273074/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3342http://secunia.com/advisories/42091http://www.securityfocus.com/bid/45256http://www.vupen.com/english/advisories/2010/3214https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorercpe:/o:microsoft:windows_7cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2010-12-15T18:19+09:002010-12-15T18:19+09:002010-12-15T18:19+09:00Internet Explorer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000064.html
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or Shift_JIS encoded characters, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
NetAgent Co.,Ltd. and hoshikuzu|star_dust reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000064http://jvn.jp/en/jp/JVN21120853/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3342http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3342http://secunia.com/advisories/42091http://www.securityfocus.com/bid/45256http://www.vupen.com/english/advisories/2010/3214https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorercpe:/o:microsoft:windows_7cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2010-12-15T18:19+09:002010-12-15T18:19+09:002010-12-15T18:19+09:00Internet Explorer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000065.html
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site scripting.
For more information, refer to the information provided by Microsoft.
Masatoshi Sato of AZIA CO., LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000065http://jvn.jp/en/jp/JVN33301529/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3348http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3348http://secunia.com/advisories/42091http://www.securityfocus.com/bid/45263http://www.vupen.com/english/advisories/2010/3214https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2010-12-15T18:20+09:002010-12-15T18:20+09:002010-12-15T18:20+09:00AttacheCase may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000066.html
AttacheCase may use unsafe methods for determining how to load executables (.exe).
AttacheCase is a file encryption/decryption software. AttacheCase loads certain executables (.exe) when decrypting files, if certain settings are applied. AttacheCase contains an issue with the file search path, which may insecurely load executables.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2010-000066http://jvn.jp/en/jp/JVN02175694/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3923http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3923https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hibara:attachecase2010-12-17T18:30+09:002010-12-17T18:30+09:002010-12-17T18:30+09:00uCosminexus Portal Framework Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001088.html
uCosminexus Portal Framework has a cross-site scripting vulnerability.JVNDB-2010-001088https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_collaboration_portalcpe:/a:hitachi:cosminexus_portal_frameworkcpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_clientcpe:/a:hitachi:groupmax_collaboration_web_client_mail_schedulecpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:ucosminexus_collaboration_portalcpe:/a:hitachi:ucosminexus_content_managercpe:/a:hitachi:ucosminexus_electronic_form_workflowcpe:/a:hitachi:ucosminexus_navigationcpe:/a:hitachi:ucosminexus_portal_framework2010-03-03T12:00+09:002010-03-03T12:00+09:002010-03-03T12:00+09:00JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001147.html
Computer systems running the JP1/Cm2/Network Node Manager (NNM) Remote Console for Windows are vulnerable due to insecure file permissions set on the systems.JVNDB-2010-001147https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2010-03-15T12:21+09:002010-03-15T12:21+09:002010-03-15T12:21+09:00Accela BizSearch Access Control Bypass Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001204.html
The local file seraching function in IntelligentSearch and Accela
BizSearch is prone to an access control bypass vulnerability.JVNDB-2010-001204https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:accelatech:accelatech_eaccela_bizsearchcpe:/a:accelatech:bizsearchcpe:/a:fujitsu:intelligentsearch2010-04-09T16:36+09:002010-04-09T16:36+09:002010-04-09T16:36+09:00Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001395.html
An arbitrary code execution vulnerability exists in several EUR Form and EUR products.JVNDB-2010-001395https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:eur_form_clientcpe:/a:hitachi:eur_form_servicecpe:/a:hitachi:eur_professionalcpe:/a:hitachi:ucosminexus_eur_developercpe:/a:hitachi:ucosminexus_eur_form_controlcpe:/a:hitachi:ucosminexus_eur_form_service2010-05-18T11:33+09:002010-05-18T11:33+09:002010-05-18T11:33+09:00XMAP3 Arbitrary Code Execution Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001427.html
An arbitrary code execution vulnerability exists in the system installed with XMAP3/Web, or it may experience unexpected shutdown of Internet Explorer.
The same issues exist in the Web browser testing tool, a web system development feature that comes with XMAP3/NET and XMAP3/Enterprise Edition.JVNDB-2010-001427https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:xmap3_enterprise_editioncpe:/a:hitachi:xmap3_netcpe:/a:hitachi:xmap3_web2010-05-18T11:34+09:002010-05-18T11:34+09:002010-05-18T11:34+09:00Arbitrary Code Execution Vulnerability in CA ARCserve Backup and BrightStor ARCserve Backup
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001494.html
The version of JRE shipped with CA ARCserve Backup and BrightStor ARCserve Backup is vulnerable to arbitrary code execution.JVNDB-2010-001494https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ca:arcserve_backupcpe:/a:hitachi:arcserve_backupcpe:/a:hitachi:brightstor_arcserve_backup2010-06-08T14:03+09:002010-06-08T14:03+09:002010-06-08T14:03+09:00Stack-Based Buffer Overflow Vulnerability in Collaboration Common Utility
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001495.html
Collaboration Common Utility, a component of multiple Hitachi products, is vulnerable to stack-based buffer overflow when the Drag and Drop Component for Collaboration feature is also installed.JVNDB-2010-001495https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_clientcpe:/a:hitachi:ucosminexus_collaboration_portal2010-06-08T14:03+09:002010-06-08T14:03+09:002010-06-08T14:03+09:00TP1/Message Control Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001518.html
The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service (DoS) condition.JVNDB-2010-001518https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:tp1_message_controlcpe:/a:hitachi:ucosminexus_tp1_message_control2010-06-22T11:23+09:002010-06-22T11:23+09:002010-06-22T11:23+09:00Improper Authentication Vulnerability in Handling of Revoked Certificate in Hitachi Web Server SSL Client Authentication
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001519.html
SSL client authentication in Hitachi Web Server has a vulnerability which allows an attacker to access a Hitachi Web Server using the client certificates registered in the Certification Revocation List (CRL).
This vulnerability does not apply if SSL or SSL client authentication is not in use. The vulnerability does affect the Cosminexus products bundled with Hitachi Web Server.JVNDB-2010-001519https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:hitachi_web_server2010-06-22T11:23+09:002010-06-22T11:23+09:002010-06-22T11:23+09:00Groupmax World Wide Web Desktop Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001520.html
Groupmax World Wide Web Desktop is vulnerable to cross-site scripting.JVNDB-2010-001520https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:document_manager_server_setcpe:/a:hitachi:groupmax_groupware_clientcpe:/a:hitachi:groupmax_groupware_web_clientcpe:/a:hitachi:groupmax_server_setcpe:/a:hitachi:groupmax_workflow_clientcpe:/a:hitachi:groupmax_workflow_web_clientcpe:/a:hitachi:groupmax_world_wide_web_desktopcpe:/a:hitachi:groupware_server_setcpe:/a:hitachi:mail_server_setcpe:/a:hitachi:scheduler_server_setcpe:/a:hitachi:workflow_server_set2010-06-22T11:23+09:002010-06-22T11:23+09:002010-06-22T11:23+09:00Cross-Site Scripting Vulnerability in Interstage Portalworks and Interstage Interaction Manager Portal Function
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001534.html
The portal function of Interstage Portalworks and Interstage Interaction Manager is vulnerable to cross-site scripting.JVNDB-2010-001534https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_form_coordinator_workflowcpe:/a:fujitsu:interstage_interaction_managercpe:/a:fujitsu:interstage_portalworks2010-06-22T11:24+09:002010-06-22T11:24+09:002010-06-22T11:24+09:00Safari address bar spoofing vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001538.html
Safari contains a vulnerability where the URL displayed in the address may be spoofed.
Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed.JVNDB-2010-001538http://jvn.jp/en/jp/JVN46026251/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1384http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1384http://secunia.com/advisories/40105http://securitytracker.com/id?1024067http://www.vupen.com/english/advisories/2010/1373https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:safaricpe:/h:apple:ipadcpe:/h:apple:iphonecpe:/h:apple:ipod_touchcpe:/o:apple:iphone_oscpe:/o:apple:iphone_os_for_ipod_touchcpe:/o:apple:mac_os_xcpe:/o:apple:mac_os_x_server2010-12-10T17:48+09:002010-11-26T17:16+09:002010-12-10T17:48+09:00Forced Shutdown or Restart with JP1/ServerConductor/Deployment Manager
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001545.html
JP1/ServerConductor/Deployment Manager's Client Service for DPM has a vulnerability which could cause a shutdown or restart of the client computer when receiving ill-formed data.JVNDB-2010-001545https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_serverconductor_deployment_managercpe:/a:hitachi:serverconductor_deployment_manager2010-06-29T15:35+09:002010-06-29T15:35+09:002010-06-29T15:35+09:00Internet Navigware Server Information Disclosure Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001719.html
Internet Navigware Server is vulnerable to information disclosure or data tampering.JVNDB-2010-001719https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:internet_navigware_e-Learning_Packcpe:/a:fujitsu:internet_navigware_Enterprise_LMS_Servercpe:/a:fujitsu:internet_navigware_server2010-07-28T18:14+09:002010-07-28T18:14+09:002010-07-28T18:14+09:00Denial of Service (DoS) Vulnerability in HiRDB
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001761.html
HiRDB contains a vulnerability that could cause a denial of service (DoS) condition. The vulnerability is due to the HiRDB process and unit abending when the HiRDB process receives unexpected data.
After the HiRDB unit abends, the service can be restarted by rebooting HiRDB.JVNDB-2010-001761https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:hirdb_entry_modelcpe:/a:hitachi:hirdb_parallel_servercpe:/a:hitachi:hirdb_personal_servercpe:/a:hitachi:hirdb_single_servercpe:/a:hitachi:hirdb_single_server_workgroup_editioncpe:/a:hitachi:hirdb_workgroup_server2010-08-10T12:13+09:002010-08-10T12:13+09:002010-08-10T12:13+09:00Arbitrary Code Execution Vulnerability in JP1/Cm2/Network Node Manager
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001762.html
JP1/Cm2/Network Node Manager contains a vulnerability that could allow a remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.JVNDB-2010-001762https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cm2_network_node_managercpe:/a:hitachi:jp1_cm2_network_node_manager2010-08-10T12:14+09:002010-08-10T12:14+09:002010-08-10T12:14+09:00Denial of Service (DoS) Vulnerability in Cosminexus
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001874.html
Cosminexus series products contain a vulnerability that could cause a denial of service (DoS) condition when receiving unexpected data.
After it abends, the service can be restarted by rebooting the system.JVNDB-2010-001874https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_developercpe:/a:hitachi:documentbrokercpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_navigationcpe:/a:hitachi:ucosminexus_reporting_basecpe:/a:hitachi:ucosminexus_servicecpe:/a:hitachi:ucosminexus_si_navigation_system2010-09-01T14:11+09:002010-09-01T14:11+09:002010-09-01T14:11+09:00Denial of Service (DoS) Vulnerability in JP1/ServerConductor/Control Manager
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001875.html
A built-in database in JP1/ServerConductor/Control Manager contains a vulnerability that could cause a denial of service (DoS) condition due to the abnormal ending of the database process when receiving unexpected data.
After the process abends, the service can be restarted by rebooting the system.JVNDB-2010-001875https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_serverconductor_control_manager2010-09-01T14:11+09:002010-09-01T14:11+09:002010-09-01T14:11+09:00Denial of Service (DoS) Vulnerability in JP1/AJS Built-in Database
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001876.html
A Built-in database used by JP1/Automatic Job Management System 3 (JP1/AJS3) - Manager and JP1/Automatic Job Management System 2 (JP1/AJS2) - Manager contains a vulnerability that could cause a denial of service (DoS) condition when receiving unexpected data. As a result, Job operations of JP1/AJS3 (JP1/AJS2) will be suspended, where client operations from JP1/AJS3 (JP1/AJS2) - View will become unavailable or commands will not work on the Managers.
After the built-in database abends, the service can be restarted by rebooting JP1/AJS3 (JP1/AJS2) and the built-in database.JVNDB-2010-001876https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_2cpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_3cpe:/a:hitachi:jp1_automatic_job_management_system_2cpe:/a:hitachi:jp1_automatic_job_management_system_32010-09-01T14:11+09:002010-09-01T14:11+09:002010-09-01T14:11+09:00Denial of Service (DoS) Vulnerability in JP1/PAM
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001877.html
A Built-in database in JP1/Performance Analysis - Manager and JP1/Performance Management - Analysis Manager (JP1/PAM) contains a vulnerability that could cause a denial of service (DoS) condition due to the abnormal ending of the database process when receiving unexpected data.
After the process abends, the service can be restarted by rebooting JP1/PAM.JVNDB-2010-001877https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_performance_analysiscpe:/a:hitachi:jp1_performance_management2010-09-01T14:12+09:002010-09-01T14:12+09:002010-09-01T14:12+09:00Denial of Service (DoS) Vulnerability in JP1/Integrated Manager and JP1/Integrated Management
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001878.html
A Built-in database in JP1/Integrated Manager and JP1/Integrated Management (JP1/IM) contains a vulnerability that could cause a denial of service (DoS) condition due to the abnormal ending of the database process when receiving unexpected data.
After the process abends, the service can be restarted by rebooting JP1/IM.JVNDB-2010-001878https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:jp1_integrated_manager2010-09-01T14:12+09:002010-09-01T14:12+09:002010-09-01T14:12+09:00Denial of Service (DoS) Vulnerability in JP1/NETM
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001879.html
A Built-in database in JP1/NETM contains a vulnerability that could cause a denial of service (DoS) condition due to the abnormal ending of the database process when receiving unexpected data.
After the process abends, the service can be restarted by rebooting JP1/IM.JVNDB-2010-001879https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_asset_information_managercpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:jp1_asset_information_managercpe:/a:hitachi:jp1_netm-dm_managercpe:/a:hitachi:jp1_netm_asset_information_managercpe:/a:hitachi:jp1_netm_auditcpe:/a:hitachi:jp1_software_distribution_manager2010-12-17T14:46+09:002010-09-01T14:12+09:002010-12-17T14:46+09:00Denial of Service (DoS) Vulnerability in JP1/Desktop Navigation Built-in Database
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001958.html
When JP1/Desktop Navigation used in a cluster environment receives unexpected data, the built-in database process and unit abend, which may cause the management server service to fall into a denial of service (DoS) condition.JVNDB-2010-001958https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_desktop_navigation2010-09-15T13:46+09:002010-09-15T13:46+09:002010-09-15T13:46+09:00Denial of Service (DoS) Vulnerability in Hitachi Storage Command Suite Built-in Database
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001959.html
A built-in database in Hitachi Storage Command Suite (HSCS) abends upon receiving maliciously-crafted data intended to exploit its denial of service (DoS) vulnerability. As a result, HSCS may become not operational or shutdown, for example, making operations from the screen and access to the database unavailable.JVNDB-2010-001959https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:device_managercpe:/a:hitachi:global_link_managercpe:/a:hitachi:jp1-hicommand_device_managercpe:/a:hitachi:jp1-hicommand_global_link_availability_managercpe:/a:hitachi:jp1-hicommand_provisioning_managercpe:/a:hitachi:jp1-hicommand_replication_monitorcpe:/a:hitachi:jp1-hicommand_tiered_storage_managercpe:/a:hitachi:jp1-hicommand_tuning_managercpe:/a:hitachi:provisioning_managercpe:/a:hitachi:replication_managercpe:/a:hitachi:tiered_storage_managercpe:/a:hitachi:tuning_manager2010-09-15T13:45+09:002010-09-15T13:45+09:002010-09-15T13:45+09:00JP1/NETM/Remote Control Agent Authentication Bypass Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002011.html
A vulnerability in the file transfer feature in the JP1/NETM/Remote Control Agent may allow authentication bypass.JVNDB-2010-002011https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_remote_control_agentcpe:/a:hitachi:job_management_partner_1_software_distribution_clientcpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:job_management_partner_1_software_distribution_submanagercpe:/a:hitachi:jp1_netm-dm_managercpe:/a:hitachi:jp1_netm_dm_clientcpe:/a:hitachi:jp1_netm_dm_submanagercpe:/a:hitachi:jp1_netm_remote_control_agentcpe:/a:hitachi:jp1_remote_control_agentcpe:/a:hitachi:jp1_remote_control_setcpe:/a:hitachi:jp1_serverconductor_agent2010-09-21T14:10+09:002010-09-21T14:10+09:002010-09-21T14:10+09:00Phishing Vulnerability in Accela BizSearch Document View Window
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002077.html
The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to:
* display a fraudulent web page over a legitimate web page
* steal cookies stored in browser
* place arbitrary cookies into browserJVNDB-2010-002077https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:accelatech:accelatech_eaccela_bizsearchcpe:/a:accelatech:bizsearchcpe:/a:fujitsu:intelligentsearch2010-10-13T16:58+09:002010-10-13T16:58+09:002010-10-13T16:58+09:00Multiple Vulnerabilities in Groupmax Scheduler Server
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002078.html
A denial of service (DoS) or arbitrary file manipulation vulnerability has been reported in multiple Hitachi products.JVNDB-2010-002078https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_groupware_servercpe:/a:hitachi:groupmax_server_setcpe:/a:hitachi:groupware_server_setcpe:/a:hitachi:scheduler_server_set2010-10-13T16:58+09:002010-10-13T16:58+09:002010-10-13T16:58+09:00Interstage Application Server Information Disclosure Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002467.html
Interstage Application Server has an information disclosure vulnerability when used in a J2EE environment.JVNDB-2010-002467https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_server2010-12-14T15:18+09:002010-12-14T15:18+09:002010-12-14T15:18+09:00EUR Form Client Arbitrary File Execution Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002468.html
EUR Form Client has an arbitrary file execution vulnerability.JVNDB-2010-002468https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:electronic_form_workflowcpe:/a:hitachi:eur_form_clientcpe:/a:hitachi:eur_form_servicecpe:/a:hitachi:ucosminexus_eur_form_service2010-12-14T15:21+09:002010-12-14T15:21+09:002010-12-14T15:21+09:00Buffer Overflow Vulnerability in Hitachi Groupmax Related Products
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002528.html
Hitachi Groupmax-related products have a buffer overflow vulnerability.JVNDB-2010-002528https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_client_setcpe:/a:hitachi:groupmax_groupware_clientcpe:/a:hitachi:groupmax_groupware_web_clientcpe:/a:hitachi:groupmax_server_setcpe:/a:hitachi:groupmax_world_wide_web_desktopcpe:/a:hitachi:groupware_client_setcpe:/a:hitachi:groupware_server_setcpe:/a:hitachi:mail_client_setcpe:/a:hitachi:mail_server_set2010-12-24T16:22+09:002010-12-24T16:22+09:002010-12-24T16:22+09:00Access Control Security Bypass Vulnerability in Interstage Application Server
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002529.html
Interstage Application Server has an access control security bypass vulnerability which could allow an attacker to access and execute a request from the IP address that should be denied.JVNDB-2010-002529https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_web_server2010-12-24T16:25+09:002010-12-24T16:25+09:002010-12-24T16:25+09:00Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002807.html
The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.JVNDB-2010-002807https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:accelatech:accelatech_eaccela_bizsearchcpe:/a:accelatech:bizsearch2011-06-29T17:57+09:002011-06-29T17:57+09:002011-06-29T17:57+09:00Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002808.html
The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.JVNDB-2010-002808https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:accelatech:accelatech_eaccela_bizsearchcpe:/a:accelatech:bizsearch2011-06-29T17:55+09:002011-06-29T17:55+09:002011-06-29T17:55+09:00Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002809.html
The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.JVNDB-2010-002809https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:accelatech:accelatech_eaccela_bizsearchcpe:/a:accelatech:bizsearch2011-06-29T17:55+09:002011-06-29T17:55+09:002011-06-29T17:55+09:00