JVNDB RSS Feed - 2011 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00Contents-Mall vulnerability in password handling
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000001.html
Contents-Mall contains a vulnerability in the way it handles passwords.
Contents-Mall is a shopping cart software for digital contents. Contents-Mall contains a vulnerability in the way it handles passwords.JVNDB-2011-000001http://jvn.jp/en/jp/JVN53293565/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3925http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3925https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wb-i:contents-mall2011-01-13T11:41+09:002011-01-13T11:41+09:002011-01-13T11:41+09:00SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000002.html
SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting.
SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000002http://jvn.jp/en/jp/JVN86347943/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3926http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3926http://secunia.com/advisories/42857http://www.securityfocus.com/bid/45752https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wb-i:sgx-sp_finalcpe:/a:wb-i:sgx-sp_final_ne2011-01-13T11:46+09:002011-01-13T11:46+09:002011-01-13T11:46+09:00Aipo vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000003.html
Aipo contains SQL injection vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability.JVNDB-2011-000003http://jvn.jp/en/jp/JVN50704770/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3924http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3924http://secunia.com/advisories/42860http://www.securityfocus.com/bid/45755https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aimluck:aipocpe:/a:aimluck:aipo_asp2011-01-13T11:53+09:002011-01-13T11:53+09:002011-01-13T11:53+09:00Lunascape may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000004.html
Lunascape may use unsafe methods for determining how to load DLLs.
Lunascape is a web browser. Lunascape loads certain DLL's when HTML files are opened. Lunascape contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000004http://jvn.jp/en/jp/JVN94695018/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3927http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3927http://www.kb.cert.org/vuls/id/707943http://secunia.com/advisories/43003https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lunascape:lunascape2011-01-21T18:30+09:002011-01-21T18:30+09:002011-01-21T18:30+09:00Ruby Version Manager escape sequence injection vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000005.html
Ruby Version Manager contains an escape sequence injection vulnerability.
Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability.JVNDB-2011-000005http://jvn.jp/en/jp/JVN30414126/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3928http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3928http://secunia.com/advisories/42952http://www.securityfocus.com/bid/45841http://xforce.iss.net/xforce/xfdb/64746http://www.vupen.com/english/advisories/2011/0174http://osvdb.org/70521https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wayneeseguin:ruby_version_manager2011-01-18T17:49+09:002011-01-18T17:49+09:002011-01-18T17:49+09:00Cross-site scripting vulnerability in multiple Rocomotion products
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000006.html
Multiple products provided by Rocomotion contain a cross-site scripting vulnerablility.
Multiple products (P board etc.) provided by Rocomotion contain a cross-site scripting vulnerablility.
Saeki Tominaga of KINOTROPE INC. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000006http://jvn.jp/en/jp/JVN09115481/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3931http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3931http://secunia.com/advisories/42957http://www.securityfocus.com/bid/45838http://xforce.iss.net/xforce/xfdb/64745http://osvdb.org/70495https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ug:pm_bbscpe:/a:ug:pm_forumcpe:/a:ug:pm_up_bbscpe:/a:ug:pplogcpe:/a:ug:pplog2cpe:/a:ug:p_boardcpe:/a:ug:p_board_rcpe:/a:ug:p_board_ricpe:/a:ug:p_diary_rcpe:/a:ug:p_forumcpe:/a:ug:p_linkcpe:/a:ug:p_link_compactcpe:/a:ug:p_up_boardcpe:/a:ug:p_up_board_icpe:/a:ug:p_up_board_random2011-01-18T17:51+09:002011-01-18T17:51+09:002011-01-18T17:51+09:00Cisco Linksys WRT54GC vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000007.html
Cisco Linksys WRT54GC provided by Cisco Systems contains a buffer overflow vulnerability.
Cisco Linksys WRT54GC provided by Cisco Systems is a network router. Cisco Linksys WRT54GC contains a buffer overflow vulnerability.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000007http://jvn.jp/en/jp/JVN26605630/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0352http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0352http://www.ipa.go.jp/security/english/vuln/201101_Cisco_en.htmlhttp://secunia.com/advisories/43017https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:cisco:wrt54gc2011-01-21T18:22+09:002011-01-21T18:22+09:002011-01-21T18:22+09:00MODx Evolution vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000008.html
MODx Evolution contains a SQL injection vulnerability.
MODx provided by the MODx CMS Project is a Content Management System (CMS) software. MODx Evolution contains SQL injection vulnerability.JVNDB-2011-000008http://jvn.jp/en/jp/JVN54092716/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3929http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3929http://www-test.ipa.go.jp/about/press/20110126.htmlhttp://xforce.iss.net/xforce/xfdb/65082http://osvdb.org/70771https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:modx:evolution2011-01-26T15:46+09:002011-01-26T15:46+09:002011-01-26T15:46+09:00MODx Evolution vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000009.html
MODx Evolution contains a directory traversal vulnerability.
MODx provided by the MODx CMS Project is a Content Management System (CMS) software. MODx contains a directory traversal vulnerability.JVNDB-2011-000009http://jvn.jp/en/jp/JVN95385972/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3930http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3930http://www.ipa.go.jp/security/english/vuln/201101_MODx_en.htmlhttp://osvdb.org/70772https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:modx:evolution2011-01-26T15:52+09:002011-01-26T15:52+09:002011-01-26T15:52+09:00Opera may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000010.html
Opera may use unsafe methods for determining how to load executables (.exe).
Opera loads certain executables (.exe) when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000010http://jvn.jp/en/jp/JVN33880169http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0450http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0450http://osvdb.org/70726https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_browser2011-02-02T14:53+09:002011-02-02T14:53+09:002011-02-02T14:53+09:00EC-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html
EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different than the previous vulnerabilities disclosed on JVN.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000011http://jvn.jp/en/jp/JVN84393059/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0451http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0451http://secunia.com/advisories/43153http://www.securityfocus.com/bid/46100http://xforce.iss.net/xforce/xfdb/65079https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2011-02-02T14:54+09:002011-02-02T14:54+09:002011-02-02T14:54+09:00Lunascape may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html
Lunascape may use unsafe methods for determining how to load executables (.exe).
Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000012http://jvn.jp/en/jp/JVN38362957http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0452http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0452http://secunia.com/advisories/43441http://xforce.iss.net/xforce/xfdb/65592https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lunascape:lunascape2011-02-23T15:41+09:002011-02-23T15:41+09:002011-02-23T15:41+09:00F-Secure Internet Gatekeeper for Linux authentication issue
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000013.html
F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation contains an issue where authentication is not present.
F-Secure Internet Gatekeeper for Linux provided by F-Secure Corporation is an anti-virus product. F-Secure Internet Gatekeeper for Linux contains an issue where authentication is not present.
Hiroshi Mizoguchi of easynet Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000013http://jvn.jp/en/jp/JVN71542734/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0453http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0453http://secunia.com/advisories/43326http://www.vupen.com/english/advisories/2011/0393http://osvdb.org/70898https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:f-secure:f-secure_anti-virus_linux_gateway2011-02-17T10:27+09:002011-02-17T10:27+09:002011-02-17T10:27+09:00 SEIL Series routers vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000014.html
SEIL Series routers contain a buffer overflow vulnerability.
The PPP Access Concentrator (PPPAC) contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets.JVNDB-2011-000014http://jvn.jp/en/jp/JVN88991166http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0454http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0454http://www.ipa.go.jp/security/english/vuln/201102_SEIL_en.htmlhttp://secunia.com/advisories/43494http://www.securityfocus.com/bid/46598http://xforce.iss.net/xforce/xfdb/65672https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:iij:seil%252fb1_firmwarecpe:/o:iij:seil%252fneu_2fe_plus_firmwarecpe:/o:iij:seil%252fturbo_firmwarecpe:/o:iij:seil%252fx1_firmwarecpe:/o:iij:seil%252fx2_firmwarecpe:/o:iij:seil%252fx86_firmware2011-02-28T17:17+09:002011-02-28T17:17+09:002011-02-28T17:17+09:00Multiple Things CGI products vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000015.html
Multiple CGI products provided by Things contain a cross-site scripting vulnerability.
BBS and BBS Thread provided by Things are bulletin board software. BBS and BBS Thread contain a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000015http://jvn.jp/en/jp/JVN20982938/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0455http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0455http://secunia.com/advisories/43524http://www.securityfocus.com/bid/46638http://xforce.iss.net/xforce/xfdb/65852https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:thingslabo:bbs_threadcpe:/a:thingslabo:things_bbs2011-03-02T17:27+09:002011-03-02T17:27+09:002011-03-02T17:27+09:00IBM DB2 vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000016.html
IBM DB2 contains a denial-of-service (DoS) vulnerability.
IBM DB2 contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).JVNDB-2011-000016http://jvn.jp/en/jp/JVN16308183/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476http://secunia.com/advisories/43295http://www.securitytracker.com/id?1025062https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:systems_insight_managercpe:/a:ibm:db22018-02-07T17:10+09:002011-03-04T19:29+09:002018-02-07T17:10+09:00IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html
IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.
IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
According to the developer:
" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."JVNDB-2011-000017http://jvn.jp/en/jp/JVN26301278/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476http://secunia.com/advisories/43295http://www.securitytracker.com/id?1025062https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:systems_insight_managercpe:/a:ibm:websphere_application_server2018-02-07T17:10+09:002011-03-04T19:29+09:002018-02-07T17:10+09:00IBM Lotus vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000018.html
IBM Lotus product line contains a denial-of-service (DoS) vulnerability.
IBM Lotus product line contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).JVNDB-2011-000018http://jvn.jp/en/jp/JVN97334690/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476http://secunia.com/advisories/43295http://www.securitytracker.com/id?1025062https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:systems_insight_managercpe:/a:ibm:ibm_formscpe:/a:ibm:ibm_mashup_centercpe:/a:ibm:lotus_activeinsightcpe:/a:ibm:lotus_connectionscpe:/a:ibm:lotus_expeditorcpe:/a:ibm:lotus_mashupscpe:/a:ibm:lotus_quickrcpe:/a:ibm:lotus_sametime_advancedcpe:/a:ibm:lotus_sametime_standardcpe:/a:ibm:lotus_sametime_unified_telephonycpe:/a:ibm:lotus_web_content_managementcpe:/a:ibm:lotus_workforce_managementcpe:/a:ibm:websphere_dashboard_frameworkcpe:/a:ibm:websphere_portlet_factorycpe:/a:ibm:workplace_web_content_management2018-02-07T17:10+09:002011-03-04T19:28+09:002018-02-07T17:10+09:00OTRS vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000019.html
OTRS contains an OS command injection vulnerability.
OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000019http://jvn.jp/en/jp/JVN73162541/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0456http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0456https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:otrs:otrs2011-03-07T18:19+09:002011-03-07T18:19+09:002011-03-07T18:19+09:00IBM Tivoli vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000020.html
IBM Tivoli contains a denial-of-service (DoS) vulnerability.
IBM Tivoli contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
A wide range of products are affected. For more information, refer to the vendor's website.JVNDB-2011-000020http://jvn.jp/en/jp/JVN81294135/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476http://www.securitytracker.com/id?1025062http://secunia.com/advisories/43295https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:systems_insight_managercpe:/a:sun:jdkcpe:/a:sun:jrecpe:/a:sun:sdk2018-02-07T17:10+09:002011-03-10T16:38+09:002018-02-07T17:10+09:00e107 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000021.html
e107 contains a cross-site scripting vulnerability.
e107 provided by e107.org is a Content Management System (CMS) software. e107 contains a cross-site scripting vulnerability.
Daiki Fukumori reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000021http://jvn.jp/en/jp/JVN01635457/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0457http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0457https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:e107:e1072011-03-28T08:06+09:002011-03-28T08:06+09:002011-03-28T08:06+09:00Picasa may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000022.html
Picasa may use unsafe methods for determining how to load executables (.exe)
Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000022http://jvn.jp/en/jp/JVN99977321/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0458http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0458http://secunia.com/advisories/43853http://www.securityfocus.com/bid/47031http://www.vupen.com/english/advisories/2011/0766https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:google:picasa2011-03-28T08:11+09:002011-03-28T08:11+09:002011-03-28T08:11+09:00Password Vault Web Access vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000023.html
Password Vault Web Access (PVWA) provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability.
Password Vault Web Access (PVWA) is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability.JVNDB-2011-000023http://jvn.jp/en/jp/JVN11424086/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0459http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0459https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cyber-ark:password_vault_web_access2011-04-08T14:09+09:002011-04-08T14:09+09:002011-04-08T14:09+09:00Multiple Yamaha routers vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000024.html
Multiple routers provided by Yamaha contain a denial-of-service vulnerability.
Multiple routers provided by Yamaha contain a denial-of-service (DoS) vulnerability due to an issue in processing IP packets.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000024http://jvn.jp/en/jp/JVN55714408http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1323http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1323http://www.ipa.go.jp/security/english/vuln/201104_Yamaha_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:nec:ip38xcpe:/h:yamaha:rtcpe:/h:yamaha:rtacpe:/h:yamaha:rtvcpe:/h:yamaha:rtwcpe:/h:yamaha:rtxcpe:/h:yamaha:srt2011-05-31T10:39+09:002011-05-11T08:32+09:002011-05-31T10:39+09:00Multiple Buffalo routers vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000025.html
Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability.
Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000025http://jvn.jp/en/jp/JVN50505257http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1324http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1324https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:buffalo_inc:bbr-4hg2011-05-11T08:37+09:002011-05-11T08:37+09:002011-05-11T08:37+09:00Applications that use the Windows Help function may be vulnerable to privilege escalation
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000026.html
Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system.
Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system.
This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to "communicate" with the user.
ISIHARA Takanori reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000026http://jvn.jp/en/jp/JVN63898867http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1540http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2017http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1540http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2017https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:symantec:antiviruscpe:/a:symantec:norton_antiviruscpe:/a:symantec:symantec_client_security2011-05-13T19:36+09:002011-05-13T19:36+09:002011-05-13T19:36+09:00La Fonera+ vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000027.html
La Fonera+ provided by FON contains a denial-of-service (DoS) vulnerability.
La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service (DoS) vulnerability.JVNDB-2011-000027https://jvn.jp/en/jp/JVN96839637http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1326http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1326http://secunia.com/advisories/44508http://www.securityfocus.com/bid/47801http://xforce.iss.net/xforce/xfdb/67405https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:fon:la_fonera%2B2011-05-13T19:17+09:002011-05-13T19:17+09:002011-05-13T19:17+09:00Virus Buster 2009 key input encryption function vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000028.html
Virus Buster 2009 contains a vulnerability within the key input encryption function.
The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted.
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JVNDB-2011-000028http://jvn.jp/en/jp/JVN99175647/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1327http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1327https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:virus_baster2011-05-17T17:17+09:002011-05-17T17:17+09:002011-05-17T17:17+09:00EC-CUBE vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000029.html
EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site request forgery vulnerability.
EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000029http://jvn.jp/en/jp/JVN37878530http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1325http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1325http://secunia.com/advisories/44487http://osvdb.org/72239https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2011-05-11T08:44+09:002011-05-11T08:44+09:002011-05-11T08:44+09:00iVIEW Suite vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000030.html
iVIEW Suite from RADVISION contains a SQL injection vulnerability.
iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability.
Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000030http://jvn.jp/en/jp/JVN77697803http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1328http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1328http://www.ipa.go.jp/security/english/vuln/201105_radvision_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:radvision:iview_suite2011-05-19T16:49+09:002011-05-19T16:49+09:002011-05-19T16:49+09:00Movable Type vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000031.html
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen.
This vulnerability is different than the previous vulnerabilities disclosed on JVN.
Takeshi Terada of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000031http://jvn.jp/en/jp/JVN45658190http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5845http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5845https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2011-05-25T17:37+09:002011-05-25T17:37+09:002011-05-25T17:37+09:00WalRack upload file handilng vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000032.html
WalRack (Walrus File Rack CGI) contains a vulnerability in handling upload files.
WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files.JVNDB-2011-000032http://jvn.jp/en/jp/JVN46984044/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1329http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1329http://www.securityfocus.com/bid/48001http://xforce.iss.net/xforce/xfdb/67641https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:walrus_digit:walrack2011-05-26T13:37+09:002011-05-26T13:37+09:002011-05-26T13:37+09:00Java Web Start may insecurely load policy files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000033.html
Java Web Start provided Oracle may use unsafe methods for determining how to load policy files.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load policy files.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
JVNDB-2011-000033http://jvn.jp/en/jp/JVN29212182/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0788http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:systems_insight_managercpe:/a:sun:jdkcpe:/a:sun:jre2013-03-29T14:50+09:002011-06-10T16:22+09:002013-03-29T14:50+09:00Java Web Start may insecurely load settings files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000034.html
Java Web Start provided Oracle may use unsafe methods for determining how to load settings files.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load settings files.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000034http://jvn.jp/en/jp/JVN09206238/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0786http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:systems_insight_managercpe:/a:sun:jdkcpe:/a:sun:jre2013-03-26T14:46+09:002011-06-10T16:23+09:002013-03-26T14:46+09:00Java Web Start may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000035.html
Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
JVNDB-2011-000035http://jvn.jp/en/jp/JVN18680611/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0866http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:systems_insight_managercpe:/a:sun:jdkcpe:/a:sun:jrecpe:/a:sun:sdk2013-03-26T15:14+09:002011-06-10T16:23+09:002013-03-26T15:14+09:00Microsoft Windows VBScript implementation file name disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000036.html
The Microsoft Windows VBScript implementation contains a file name disclosure vulnerability.
When VBScript is used to load an image file in Internet Explorer, there is a vulnerability where an unauthenticated attacker may confirm the existence of a particular file.JVNDB-2011-000036https://jvn.jp/en/jp/JVN5D1D3E36/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:microsoft:windows_2000cpe:/o:microsoft:windows_xp2011-06-16T12:11+09:002011-06-16T12:11+09:002011-06-16T12:11+09:00Clipboard contents alteration vulnerability in Internet Explorer
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000037.html
Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered.
Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website.
stardust hoshikuzu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000037https://jvn.jp/en/jp/JVN63451350/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2011-06-16T12:18+09:002011-06-16T12:18+09:002011-06-16T12:18+09:00Internet Explorer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000038.html
Internet Explorer contains a cross-site scripting vulnerability.
Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names.
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000038https://jvn.jp/en/jp/JVN26408023/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2011-06-16T12:21+09:002011-06-16T12:21+09:002011-06-16T12:21+09:00ASP.NET vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000039.html
ASP.NET contains a cross-site scripting vulnerability.
ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability.
Masato Anzai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000039https://jvn.jp/en/jp/JVN72586781/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:.net_framework2011-06-16T12:23+09:002011-06-16T12:23+09:002011-06-16T12:23+09:00Microsoft Outlook read receipt function vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000040.html
Microsoft Outlook contains a vulnerability in the read receipt function.
Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received.
Ayako Kozakai of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000040https://jvn.jp/en/jp/JVN40382909/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:outlook2011-06-16T12:25+09:002011-06-16T12:25+09:002011-06-16T12:25+09:00Microsoft MSXML vulnerability in HTTP request processing
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000041.html
MSXML provided by Microsoft contains a vulnerability in the processing of HTTP requests.
MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server.
Yutaka Oiwa of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000041https://jvn.jp/en/jp/JVN73643130/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:xml_core_services2011-06-16T12:28+09:002011-06-16T12:28+09:002011-06-16T12:28+09:00WeblyGo vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000042.html
WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. (KBS) contains a cross-site scripting vulnerability.
WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. (KBS). WeblyGo contains a cross-site scripting vulnerability.
Yoshihiro Ishikawa of LAC reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JVNDB-2011-000042https://jvn.jp/en/jp/JVN43386477/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1330http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1330http://secunia.com/advisories/44994http://www.securityfocus.com/bid/48338https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kbs:weblygo2011-06-20T15:37+09:002011-06-20T15:37+09:002011-06-20T15:37+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000043.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.JVNDB-2011-000043https://jvn.jp/en/jp/JVN87239473/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1331http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1331http://www.ipa.go.jp/security/english/vuln/201106_ichitaro_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_governmentcpe:/a:justsystems:ichitaro_portablecpe:/a:justsystems:ichitaro_procpe:/a:justsystems:ichitaro_viewer2011-06-16T19:04+09:002011-06-16T19:04+09:002011-06-16T19:04+09:00Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000044.html
Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000044https://jvn.jp/en/jp/JVN59779256/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1332http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1332https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2011-06-24T19:15+09:002011-06-24T19:15+09:002011-06-24T19:15+09:00Multiple Cybozu products vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000045https://jvn.jp/en/jp/JVN80877328/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1333http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1333https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garooncpe:/a:cybozu:office2011-06-24T19:18+09:002011-06-24T19:18+09:002011-06-24T19:18+09:00Multiple Cybozu products vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000046https://jvn.jp/en/jp/JVN54074460http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1334http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1334https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:collaborexcpe:/a:cybozu:deziecpe:/a:cybozu:garooncpe:/a:cybozu:mailwisecpe:/a:cybozu:office2011-06-24T19:21+09:002011-06-24T19:21+09:002011-06-24T19:21+09:00Cybozu Office vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000047.html
Cybozu Office contains a cross-site scripting vulnerability.
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions.
NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000047https://jvn.jp/en/jp/JVN55508059http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1335http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1335http://secunia.com/advisories/44992http://secunia.com/advisories/45050http://www.securityfocus.com/bid/48446https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2011-06-24T19:23+09:002011-06-24T19:23+09:002011-06-24T19:23+09:00ALZip vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000048.html
ALZip provided by ESTsoft Japan Corp. contains a buffer overflow vulnerability.
ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files.
Takahiko Funakubo of Fourteenforty Research Institute, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000048https://jvn.jp/en/jp/JVN01547302/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1336http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1336http://www.ipa.go.jp/security/english/vuln/201106_alzip_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:estsoft:alzip2011-06-29T18:20+09:002011-06-29T18:20+09:002011-06-29T18:20+09:00Opera vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000049.html
Opera contains a denial-of-service vulnerability.
Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability.
Masahiro Yamada reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000049https://jvn.jp/en/jp/JVN47757122/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1337http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1337http://secunia.com/advisories/45060http://www.securityfocus.com/bid/48501http://xforce.iss.net/xforce/xfdb/68323http:/osvdb.org/73486https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_browser2011-07-05T16:54+09:002011-07-05T16:54+09:002011-07-05T16:54+09:00XnView may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000050.html
XnView may use unsafe methods for determining how to load executables (.exe)
XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000050https://jvn.jp/en/jp/JVN17844633/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1338http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1338http://secunia.com/advisories/45127http://www.securityfocus.com/bid/48562http://xforce.iss.net/xforce/xfdb/68369http://osvdb.org/73619https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:xnview:xnview2011-07-05T16:56+09:002011-07-05T16:56+09:002011-07-05T16:56+09:00ASP.NET vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000051.html
ASP.NET may create web applications for mobile devices that contain a cross-site scripting vulnerability.
ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the application may contain a cross-site scripting vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000051https://jvn.jp/en/jp/JVN87908726/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:.net_framework2011-07-15T16:32+09:002011-07-15T16:32+09:002011-07-15T16:32+09:00Internet Explorer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000052.html
Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack.
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting.
Takeshi TERADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000052https://jvn.jp/en/jp/JVN51325625/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2011-07-08T18:29+09:002011-07-08T18:29+09:002011-07-08T18:29+09:00Android vulnerability where an incorrect SSL certificate is displayed
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000053.html
Android OS contains a vulnerability where an incorrect SSL certificate is displayed.
Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site.
Shuhei Ohtani of Business information govern CO., LTD reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000053https://jvn.jp/en/jp/JVN43105011/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4832http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4832https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:google:android2014-05-19T17:19+09:002011-07-29T14:26+09:002014-05-19T17:19+09:00Google Search Appliance vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000054.html
Google Search Appliance provided by Google contains a cross-site scripting vulnerability.
Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000054https://jvn.jp/en/jp/JVN86220950/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1339http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1339https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:google:search_appliance2011-07-15T16:27+09:002011-07-15T16:27+09:002011-07-15T16:27+09:00Mozilla Firefox vulnerability in processing content-length header
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000055.html
Mozilla Firefox contains a vulnerability in the processing of content-length header.
Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JVNDB-2011-000055https://jvn.jp/en/jp/JVN36721438/index.htmlhttps://www.cve.org/CVERecord?id=CVE-2011-2668https://nvd.nist.gov/vuln/detail/CVE-2011-2668https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mozilla:firefox2011-07-28T16:24+09:002011-07-28T16:24+09:002011-07-28T16:24+09:00Plone vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000056.html
Plone contains a cross-site scripting vulnerability.
Plone is an open source content management system (CMS). Plone contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000056https://jvn.jp/en/jp/JVN41222793/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1340http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1340https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:plone:plone2011-07-27T16:17+09:002011-07-27T16:17+09:002011-07-27T16:17+09:00Mozilla Firefox vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000057.html
Mozilla Firefox contains a denial-of-service (DoS) vulnerability.
Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service (DoS) vulnerability.JVNDB-2011-000057https://jvn.jp/en/jp/JVN70984231/index.htmlhttps://www.cve.org/CVERecord?id=CVE-2011-2669https://nvd.nist.gov/vuln/detail/CVE-2011-2669https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mozilla:firefox2011-07-28T16:27+09:002011-07-28T16:27+09:002011-07-28T16:27+09:00Mozilla Firefox vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000058.html
Mozilla Firefox contains a cross-site scripting vulnerability.
Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000058https://jvn.jp/en/jp/JVN96950482/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mozilla:firefox2011-07-28T16:29+09:002011-07-28T16:29+09:002011-07-28T16:29+09:00Mozilla Firefox vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000059.html
Mozilla Firefox contains a cross-site scripting vulnerability.
Mozilla Firefox contains a vulnerability in the rendering of Cascading Style Sheets (CSS), which may result in cross-site scripting.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000059https://jvn.jp/en/jp/JVN74649877/index.htmlhttps://www.cve.org/CVERecord?id=CVE-2011-2670https://nvd.nist.gov/vuln/detail/CVE-2011-2670https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mozilla:firefox2011-07-28T16:31+09:002011-07-28T16:31+09:002011-07-28T16:31+09:00Windows URL Protocol Handler may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000060.html
Windows URL Protocol Handler may use unsafe methods for determining how to load executable (.exe) files.
Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files.
Makoto Shiotsuki of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000060https://jvn.jp/en/jp/JVN80404511/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1961http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1961http://www.ipa.go.jp/security/english/vuln/201108_windows_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorercpe:/o:microsoft:windows_7cpe:/o:microsoft:windows_server_2003cpe:/o:microsoft:windows_server_2008cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2011-08-10T17:17+09:002011-08-10T17:17+09:002011-08-10T17:17+09:00Internet Explorer window display vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000061.html
Internet Explorer contains a vulnerability where the window display may be forged.
Internet Explorer contains an issue with rendering window displays, which may lead to a window display being forged.
hoshikuzu|star_dust reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000061https://jvn.jp/en/jp/JVN96E584EB/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2011-08-12T14:06+09:002011-08-12T14:06+09:002011-08-12T14:06+09:00Aipo vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000062.html
Aipo contains a cross-site request forgery vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000062https://jvn.jp/en/jp/JVN72854072/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1341http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1341https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aimluck:aipocpe:/a:aimluck:aipo_asp2011-08-16T16:41+09:002011-08-16T16:41+09:002011-08-16T16:41+09:00Aipo vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000063.html
Aipo contains a SQL injection vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability.
Tsuyoshi Yamaguchi of Digiplate, inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000063https://jvn.jp/en/jp/JVN31506102/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1342http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1342https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aimluck:aipocpe:/a:aimluck:aipo_asp2011-08-16T16:44+09:002011-08-16T16:44+09:002011-08-16T16:44+09:00Microsoft Windows XP vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000064.html
Microsoft Windows XP contains a denial-of-service (DoS) vulnerability.
Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service (DoS).
HIRT (Hitachi Incident Response Team) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000064https://jvn.jp/en/jp/JVN06924191/4953/index.htmlhttps://jvn.jp/en/jp/JVN06924191/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:microsoft:windows_xp2011-08-19T16:32+09:002011-08-19T16:32+09:002011-08-19T16:32+09:00BaserCMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000065.html
BaserCMS contains a cross-site scripting vulnerability.
BaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a cross-site scripting vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000065http://jvn.jp/en/jp/JVN09789751/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2673http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2673https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2011-09-30T18:39+09:002011-09-30T18:39+09:002011-09-30T18:39+09:00BaserCMS vulnerable to access restriction
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000066.html
BaserCMS contains a vulnerability in access restriction.
BaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000066http://jvn.jp/en/jp/JVN16617002/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2674http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2674https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2011-09-30T18:45+09:002011-09-30T18:45+09:002011-09-30T18:45+09:00WebsiteBaker vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000067.html
WebsiteBaker contains a cross-site scripting vulnerability.
WebsiteBaker is a content management system (CMS). WebsiteBaker contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000067https://jvn.jp/en/jp/JVN02134508/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3385http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3385https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:websitebaker:websitebaker2011-08-26T15:50+09:002011-08-26T15:50+09:002011-08-26T15:50+09:00Multiple vulnerabilities in Phorum
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000068.html
Phorum contains multiple vulnerabilities.
Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000068https://jvn.jp/en/jp/JVN71435255/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3381http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3382http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3381http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3382https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:phorum:phorum2011-09-02T19:11+09:002011-09-02T19:11+09:002011-09-02T19:11+09:00Sage vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000069.html
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#99203127.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000069https://jvn.jp/en/jp/JVN30221194/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3384http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3384https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sage:sage2011-09-02T19:14+09:002011-09-02T19:14+09:002011-09-02T19:14+09:00Sage vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000070.html
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#30221194.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.JVNDB-2011-000070https://jvn.jp/en/jp/JVN99203127/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4102http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4102http://secunia.com/advisories/37466http://www.securityfocus.com/bid/37120http://xforce.iss.net/xforce/xfdb/54396https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sage:sage2011-09-02T19:19+09:002011-09-02T19:19+09:002011-09-02T19:19+09:00Juniper Networks IDP ACM vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000071.html
Juniper Networks IDP ACM (Appliance Configuration Manager) contains a cross-site scripting vulnerability.
Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability.
Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000071https://jvn.jp/en/jp/JVN44642341/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5086http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5086https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:juniper:idp2011-09-02T19:22+09:002011-09-02T19:22+09:002011-09-02T19:22+09:00GTK+ may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000072.html
GTK+ may use unsafe methods for determining how to load DLLs.
GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000072https://jvn.jp/en/jp/JVN58019849/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4831http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4831https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gtk:gtk%2B2011-09-02T19:26+09:002011-09-02T19:26+09:002011-09-02T19:26+09:00Megalith vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000073.html
Megalith contains an authentication bypass vulnerability.
Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability.JVNDB-2011-000073http://jvn.jp/en/jp/JVN45458289/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2671http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2671https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:9.dotpp.net:megalith2011-09-12T09:19+09:002011-09-12T09:19+09:002011-09-12T09:19+09:00SemanticScuttle vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000074.html
SemanticScuttle contains a cross-site scripting vulnerability.
SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000074https://jvn.jp/en/jp/JVN28973089/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2672http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2672https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:semanticscuttle:semanticscuttle2011-09-16T18:08+09:002011-09-16T18:08+09:002011-09-16T18:08+09:00Nikki vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000075.html
Nikki from HP no Mawashimono contains a directory traversal vulnerability.
Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000075http://jvn.jp/en/jp/JVN80081509/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4001http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4001https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mawashimono:nikki2011-11-21T18:22+09:002011-11-21T18:22+09:002011-11-21T18:22+09:00Nikki vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000076.html
Nikki from HP no Mawashimono contains an OS command injection vulnerability.
Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000076https://jvn.jp/en/jp/JVN48839888/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4002http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4002https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mawashimono:nikki2011-11-21T18:23+09:002011-11-21T18:23+09:002011-11-21T18:23+09:00Enkai-kun vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000077.html
Enkai-kun provided by utage.org contains a cross-site scripting vulnerability.
Ayumi Yamaguchi of Niconicom Co.,LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000077http://jvn.jp/en/jp/JVN03869266/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2675http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2675https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:utage.org:enkai2011-10-11T09:00+09:002011-10-11T09:00+09:002011-10-11T09:00+09:00A-Form vulnerable in restricting access
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000078.html
A-Form contains a vulnerability in restricting access permissions.
A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions.JVNDB-2011-000078http://jvn.jp/en/jp/JVN34980730/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2676http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2676https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ark-web:a-form2011-10-11T09:08+09:002011-10-11T09:08+09:002011-10-11T09:08+09:00Cybozu Office vulnerable in restricting access
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000079.html
Cybozu Office contains a vulnerability in restricting access permissions.
Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000079http://jvn.jp/en/jp/JVN84838479/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2677http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2677https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2011-11-28T16:48+09:002011-10-11T09:11+09:002011-11-28T16:48+09:00WEB FORUM vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000080.html
WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability.
WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting.
ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000080https://jvn.jp/en/jp/JVN36684331/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3383http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3383https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:web_forum2011-10-25T13:44+09:002011-10-11T19:24+09:002011-10-25T13:44+09:00WEB FORUM vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000081.html
WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability.
WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting.
ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000081https://jvn.jp/en/jp/JVN89764731/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3983http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3983https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:web_forum2011-10-25T13:45+09:002011-10-11T19:27+09:002011-10-25T13:45+09:00WEB FORUM vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000082.html
WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability.
WEB FORUM provided by KENT-WEB is a bulletin-board software. WEB FORUM contains a vulnerability in handling web form entries, which may result in cross-site scripting.
ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.JVNDB-2011-000082https://jvn.jp/en/jp/JVN80971236/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3984http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3984https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:web_forum2011-10-25T13:46+09:002011-10-11T19:28+09:002011-10-25T13:46+09:00Plume vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000083.html
Plume contains a cross-site scripting vulnerability.
Plume is a Content Management System (CMS). Plume contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000083https://jvn.jp/en/jp/JVN08307791/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3985http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3985https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:plume-cms:plume_cms2011-10-13T18:38+09:002011-10-13T18:38+09:002011-10-13T18:38+09:00Pligg vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000084.html
Pligg contains a cross-site scripting vulnerability.
Pligg is a Content Management System (CMS). Pligg contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000084https://jvn.jp/en/jp/JVN04013920/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3986http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3986https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:pligg:pligg_cms2011-10-13T18:56+09:002011-10-13T18:56+09:002011-10-13T18:56+09:00DAEMON Tools vulnerable to denial-of-service
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000085.html
DAEMON Tools contains a denial-of-service (DoS) vulnerability.
DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service (DoS) vulnerability.
Satoshi Tanda of Fourteenforty Research Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000085https://jvn.jp/en/jp/JVN07414354/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3987http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3987https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:daemon-tools:daemon_tools2011-10-13T18:58+09:002011-10-13T18:58+09:002011-10-13T18:58+09:00DBD::mysqlPP vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000086.html
DBD::mysqlPP contains a SQL injection vulnerability.
DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability.
Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000086https://jvn.jp/en/jp/JVN51216285/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3989http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3989https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hiroyuki_oyama:dbd%3A%3Amysqlpp2011-10-14T17:50+09:002011-10-14T17:50+09:002011-10-14T17:50+09:00EC-CUBE vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000087.html
EC-CUBE contains a SQL injection vulnerability.
EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue in assembling SQL statements, leading to a SQL injection vulnerability.
This vulnerability is different from JVN#81111541 and JVN#19072922.
Tsukada Nobuhisa of Seasoft reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000087https://jvn.jp/en/jp/JVN44496332/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3988http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3988http://www.ipa.go.jp/security/english/vuln/201110_eccube_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2011-10-14T17:53+09:002011-10-14T17:53+09:002011-10-14T17:53+09:00Safari for iOS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000088.html
Safari for iOS provided by Apple contains a cross-site scripting vulnerability.
Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000088https://jvn.jp/en/jp/JVN41657660/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3426http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3426https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:safari2012-08-07T12:11+09:002011-10-17T18:56+09:002012-08-07T12:11+09:00Touhou Hisouten vulnerable to denial-of-service
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000089.html
Touhou Hisouten from Twilight Frontier contains a denial-of-service (DoS) vulnerability.
Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service (DoS).
Yuma Kurogome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000089http://jvn.jp/en/jp/JVN50227837/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3995http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3995https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tasofro:touhou-hisouten2011-10-28T17:49+09:002011-10-28T17:49+09:002011-10-28T17:49+09:00FFFTP may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000091.html
FFFTP may use unsafe methods for determining how to load executables (.exe)
FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000091http://jvn.jp/en/jp/JVN62336482/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3991http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3991https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ffftp:ffftp2011-10-28T17:39+09:002011-10-28T17:39+09:002011-10-28T17:39+09:00Multiple D-Link products vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000092.html
Multiple D-Link products contain a buffer overflow vulnerability.
Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue.
Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000092http://jvn.jp/en/jp/JVN72640744/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3992http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3992http://www.ipa.go.jp/security/english/vuln/201110_dlink_en.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:dlink:des-3800cpe:/h:dlink:dwl-2100APcpe:/h:dlink:dwl-3200AP2011-10-28T17:42+09:002011-10-28T17:42+09:002011-10-28T17:42+09:00Multiple SKYARC System Co., Ltd. products fail to restrict access permissions
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000093.html
Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.
MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.JVNDB-2011-000093http://jvn.jp/en/jp/JVN41032068/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3993https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:skyarc:authoreffectivecpe:/a:skyarc:autotaggingcpe:/a:skyarc:duplicateentrycpe:/a:skyarc:entryimexportercpe:/a:skyarc:mailpackcpe:/a:skyarc:mtcmscpe:/a:skyarc:mtcms_enterprisecpe:/a:skyarc:mtcms_smartcpe:/a:skyarc:multifileuploader2011-11-08T17:38+09:002011-10-31T17:54+09:002011-11-08T17:38+09:00Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request foregery
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000094.html
Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.
MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.JVNDB-2011-000094http://jvn.jp/en/jp/JVN56667137/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3994https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:skyarc:authoreffectivecpe:/a:skyarc:autotaggingcpe:/a:skyarc:duplicateentrycpe:/a:skyarc:entryimexportercpe:/a:skyarc:mailpackcpe:/a:skyarc:mtcmscpe:/a:skyarc:mtcms_enterprisecpe:/a:skyarc:mtcms_smartcpe:/a:skyarc:multifileuploader2011-11-08T17:38+09:002011-10-31T18:03+09:002011-11-08T17:38+09:00CSWorks LiveData Service vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000095.html
LiveData Service, a server component of CSWorks contains a denial-of-service (DoS) vulnerability.
LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS).
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000095http://jvn.jp/en/jp/JVN98649286/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3996http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3996https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:controlsystemworks:csworks2011-11-02T14:42+09:002011-11-01T16:05+09:002011-11-02T14:42+09:00Opengear console servers vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000096.html
Opengear console servers contains an authentication bypass vulnerability.
Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability.
Tadayoshi Nakahira reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000096http://jvn.jp/en/jp/JVN71349007/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3997http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3997https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opengear:opengear_console_server_firmware2011-11-04T17:34+09:002011-11-04T17:34+09:002011-11-04T17:34+09:00WebObjects vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000097.html
WebObjects provided by Apple, contains a cross-site scripting vulnerability.
WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000097http://jvn.jp/en/jp/JVN37223351/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3998http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3998https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:webobjects2011-11-04T17:36+09:002011-11-04T17:36+09:002011-11-04T17:36+09:00Iwate Portal Bar vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000098.html
Iwate Portal Bar is vulnerable to arbitrary script execution.
Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000098http://jvn.jp/en/jp/JVN33861625/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3999http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3999https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ibc.co.jp:iwate_portal_bar2011-11-08T18:25+09:002011-11-08T18:25+09:002011-11-08T18:25+09:00ChaSen vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000099.html
ChaSen provided by Nara Institute of Science and Technology contains a buffer overflow vulnerability.
ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a buffer overflow.
ChaSen legacy project has inherited development of ChaSen since 11/8/2011.
Kenji Aiko of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000099http://jvn.jp/en/jp/JVN16901583/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4000http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4000https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nara_institute_of_science_and_technology:chasen2011-12-20T18:13+09:002011-11-08T18:31+09:002011-12-20T18:13+09:00PowerChute Business Edition vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html
PowerChute Business Edition contains a cross-site scripting vulnerability.
PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability.
Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000100https://jvn.jp/en/jp/JVN61695284/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4263http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4263https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apc:powerchute2011-12-06T16:49+09:002011-12-06T16:49+09:002011-12-06T16:49+09:00Etomite vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000101.html
Etomite contains a cross-site scripting vulnerability.
Etomite is a content management system (CMS). Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000101http://jvn.jp/en/jp/JVN04329324/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4264http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4264https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:etomite:etomite2011-12-06T17:45+09:002011-12-06T17:45+09:002011-12-06T17:45+09:00Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000102.html
Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities.
Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities.
Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000102https://jvn.jp/en/jp/JVN05255562/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0270http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0270https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:systemcastwizard_litecpe:/a:hitachi:jp1_serverconductor_deployment_managercpe:/a:hitachi:serverconductor_deployment_managercpe:/a:nec:websam_deploymentmanager2011-12-20T18:14+09:002011-12-15T16:26+09:002011-12-20T18:14+09:00phpWebSite vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000103.html
phpWebSite contains a cross-site scripting vulnerability.
phpWebSite is a content management system (CMS). phpWebSite contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000103http://jvn.jp/en/jp/JVN70502960/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4265http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4265https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:phpwebsite:phpwebsite2011-12-08T17:15+09:002011-12-08T17:15+09:002011-12-08T17:15+09:00FFFTP may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000104.html
FFFTP may use unsafe methods for determining how to load executables (.exe)
FFFTP contains an issue when loading files, which may insecurely load executables or other files.
This vulnerability is different from JVN#62336482.
Fumihiko Sano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000104http://jvn.jp/en/jp/JVN94002296/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4266http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4266https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ffftp:ffftp2011-12-09T17:08+09:002011-12-09T17:08+09:002011-12-09T17:08+09:00Safari for iOS vulnerable to denial-of-service
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000105.html
Safari for iOS contains a denial-of-service (DoS) vulnerability.
Shuichiro Suzuki of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000105http://jvn.jp/en/jp/JVN15549168/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:apple:iphone_os2011-12-15T16:30+09:002011-12-15T16:30+09:002011-12-15T16:30+09:00Apache Struts vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000106.html
Apache Struts may create web applications that contain a cross-site scripting vulnerability.
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting vulnerability.
Toshiharu Sugiyama from UBSecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000106http://jvn.jp/en/jp/JVN25435092/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1772http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1772https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2011-12-22T18:08+09:002011-12-22T18:08+09:002011-12-22T18:08+09:00PukiWiki Plus! vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000107.html
PukiWiki Plus! contains a cross-site scripting vulnerability.
PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting.
Koki Nakayasu of Keiji Takeda Lab, Keio University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000107http://jvn.jp/en/jp/JVN76515037/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3990http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3990https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:pukiwiki_plus_pukiwiki_plus2011-12-22T18:16+09:002011-12-22T18:16+09:002011-12-22T18:16+09:00Movable Type Plugin MailForm vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html
MailForm contains a cross-site scripting vulnerability.
MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000108http://jvn.jp/en/jp/JVN60887968/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6751http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6751https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:h-fj:mailform_plugin2011-12-26T14:49+09:002011-12-26T14:49+09:002011-12-26T14:49+09:00WordPress vulnerable to arbitrary PHP code execution
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000109.html
WordPress contains a vulnerability where arbitrary PHP code may be executed.
WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000109http://jvn.jp/en/jp/JVN40498018/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wordpress:wordpress2011-12-26T14:28+09:002011-12-26T14:28+09:002011-12-26T14:28+09:00WordPress Japanese vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000110.html
WordPress Japanese contains a cross-site scripting vulnerability.
WordPress provided by WordPress.Org is a weblog system. WordPress Japanese contains a cross-site scripting vulnerability.
Katsuhiro Kawahara, Kozo Fukui of Kobe Digital Labo.,Inc. and Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-000110http://jvn.jp/en/jp/JVN44439553/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wordpress:wordpress2011-12-26T14:26+09:002011-12-26T14:26+09:002011-12-26T14:26+09:00JP1/NETM/DM Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001145.html
JP1/NETM/DM contains a denial of service (DoS) vulnerability.JVNDB-2011-001145https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_software_distribution_clientcpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:job_management_partner_1_software_distribution_submanagercpe:/a:hitachi:jp1_netm-dm_managercpe:/a:hitachi:jp1_netm_dm_clientcpe:/a:hitachi:jp1_netm_dm_submanager2011-03-08T10:25+09:002011-03-08T10:25+09:002011-03-08T10:25+09:00Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001156.html
Hitachi Tuning Manager Software contains a cross-site scripting vulnerability.JVNDB-2011-001156https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:tuning_manager2011-04-01T15:52+09:002011-04-01T15:52+09:002011-04-01T15:52+09:00Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001632.html
When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.JVNDB-2011-001632http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:hitachi_web_servercpe:/a:hp:matrix_operating_environmentcpe:/a:hp:systems_insight_managercpe:/a:hp:virtual_connect2016-09-08T17:05+09:002011-06-29T17:55+09:002016-09-08T17:05+09:00Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001633.html
When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory.
If the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.JVNDB-2011-001633http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0434https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:hitachi_web_server2014-05-21T18:21+09:002011-06-29T17:54+09:002014-05-21T18:21+09:00Arbitrary Code Execution Vulnerability in HiRDB Control Manager
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001927.html
HiRDB Control Manager - Agent contains a vulnerability that could allow a remote attacker to execute arbitrary code when it receives an unexpected, invalid request.JVNDB-2011-001927https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:hirdb_control_manager2011-08-09T10:10+09:002011-08-09T10:10+09:002011-08-09T10:10+09:00JP1/Performance Management - Web Console Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001928.html
JP1/Performance Management - Web Console contains a cross-site scripting vulnerability.JVNDB-2011-001928https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_performance_management2011-08-09T10:11+09:002011-08-09T10:11+09:002011-08-09T10:11+09:00Samba Web Administration Tool vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002110.html
Samba Web Administration Tool (SWAT) contains a cross-site request forgery vulnerability.
Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability.
SWAT is disabled in a default configuration of Samba.
ISHIKAWA YOSHIHIRO of LAC reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-002110https://jvn.jp/en/jp/JVN29529126/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2522http://secunia.com/advisories/45393http://www.securityfocus.com/bid/48899http://xforce.iss.net/xforce/xfdb/68843http://www.securitytracker.com/id?1025852http://osvdb.org/74071https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redhat:rhel_server_euscpe:/a:samba:sambacpe:/a:vmware:esxcpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:enterprise_linux_hpc_nodecpe:/o:redhat:enterprise_linux_servercpe:/o:redhat:enterprise_linux_workstationcpe:/o:redhat:rhel_desktop_workstation2012-12-26T11:37+09:002011-08-26T17:12+09:002012-12-26T11:37+09:00Samba Web Administration Tool vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002111.html
Samba Web Administration Tool contains a cross-site scripting vulnerability.
Samba Web Administration Tool (SWAT) allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability.
SWAT is disabled in a default configuration of Samba.
nobuhiro tsuji of NTT DATA INTELLILINK CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-002111http://jvn.jp/en/jp/JVN63041502/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2694http://secunia.com/advisories/45393http://www.securityfocus.com/bid/48901http://xforce.iss.net/xforce/xfdb/68844http://www.securitytracker.com/id?1025852http://osvdb.org/74072https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redhat:rhel_server_euscpe:/a:samba:sambacpe:/a:vmware:esxcpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:enterprise_linux_hpc_nodecpe:/o:redhat:enterprise_linux_servercpe:/o:redhat:enterprise_linux_workstationcpe:/o:redhat:rhel_desktop_workstation2012-12-26T11:42+09:002011-08-26T17:14+09:002012-12-26T11:42+09:00An authentication information Exposure Vulnerability in JP1/IT Resource Management - Manager
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-002122.html
An authentication information exposure vulnerability was found in JP1/IT Resource Management - Manager.JVNDB-2011-002122https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_it_resource_management2012-01-06T19:53+09:002012-01-06T19:53+09:002012-01-06T19:53+09:00JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-003295.html
JP1/Cm2/Network Node Manager i (NNMi) contains vulnerabilities could allow a remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.JVNDB-2011-003295https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2012-01-06T19:51+09:002012-01-06T19:51+09:002012-01-06T19:51+09:00ASP.NET vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-003557.html
ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component.
ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component. Therefore a web application that implements ASP.NET may be vulnerable.
Tomoki Sanaki of NTT Communications Corporation Security Operation Center reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2011-003557http://jvn.jp/en/jp/JVN71256611/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3415http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3415http://www.npa.go.jp/cyberpolice/important/2011/20111230_1553.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:.net_frameworkcpe:/o:microsoft:windows_7cpe:/o:microsoft:windows_server_2003cpe:/o:microsoft:windows_server_2008cpe:/o:microsoft:windows_vistacpe:/o:microsoft:windows_xp2013-11-15T15:54+09:002013-11-15T15:54+09:002013-11-15T15:54+09:00