JVNDB RSS Feed - 2013 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00Documents Pro (formerly Files HD) vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000001.html
Documents Pro provided by Olive Toast Software Ltd. contains a cross-site scripting vulnerability.
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability.
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000001http://jvn.jp/en/jp/JVN91881278/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5184http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5184https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olivetoast:documents_pro_file_viewer2013-01-18T13:36+09:002013-01-18T13:36+09:002013-01-18T13:36+09:00Documents Pro (formerly Files HD) vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000002.html
Documents Pro provided by Olive Toast Software Ltd. contains a directory traversal vulnerability.
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a directory traversal vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000002http://jvn.jp/en/jp/JVN52197991/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5185http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5185https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olivetoast:documents_pro_file_viewer2013-01-18T13:39+09:002013-01-18T13:39+09:002013-01-18T13:39+09:00myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000003.html
myu-s and PHP WeblogSystem by netmania contain a cross-site scripting vulnerability.
myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability.JVNDB-2013-000003http://jvn.jp/en/jp/JVN99681273/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5186http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5186https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fleugel:myu-scpe:/a:fleugel:php_weblog_system_mania2013-01-22T15:22+09:002013-01-22T15:22+09:002013-01-22T15:22+09:00WebSphere Application Server (WAS) vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000004.html
WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability.
WebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting.
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000004http://jvn.jp/en/jp/JVN24343509/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ibm:websphere_application_server2013-01-25T12:32+09:002013-01-25T12:32+09:002013-01-25T12:32+09:00Weathernews Touch for Android stores location information in the system log file
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000005.html
Weathernews Touch for Android contains a vulnerability that stores location information in the system log file.
Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the system log file.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000005https://jvn.jp/en/jp/JVN86040029/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5187http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5187https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:weathernews:weathernews_touch2013-01-31T13:38+09:002013-01-31T13:38+09:002013-01-31T13:38+09:00mora Downloader may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000006.html
mora Downloader may use unsafe methods for determining how to load executables (.exe)
mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files.
Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000006https://jvn.jp/en/jp/JVN91387819/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5188http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5188https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:labelgate:label_gate_mora_downloader2013-02-07T14:00+09:002013-02-07T14:00+09:002013-02-07T14:00+09:00Cybozu Garoon vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000007.html
Cybozu Garoon contains an SQL injection vulnerability.
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000007https://jvn.jp/en/jp/JVN07629635/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0701http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0701https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2013-02-08T13:58+09:002013-02-08T13:58+09:002013-02-08T13:58+09:00Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000008.html
Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000008https://jvn.jp/en/jp/JVN95863326/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0702http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0702https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2013-02-08T13:53+09:002013-02-08T13:53+09:002013-02-08T13:53+09:00imgboard vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000009.html
imgboard contains a cross-site scripting vulnerability.
imgboard provided by imgboard.com CGI Download Center (formerly 1998 t-club CGI Download Center) is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp and Saeki Tominaga reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000009https://jvn.jp/en/jp/JVN09223079/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0703http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0703https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:big:imgboard2013-02-14T14:10+09:002013-02-14T14:10+09:002013-02-14T14:10+09:00GREE for Android vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000010.html
GREE for Android contains a directory traversal vulnerability.
GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000010https://jvn.jp/en/jp/JVN78601526/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0704http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0704https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gree:gree2013-02-14T14:15+09:002013-02-14T14:15+09:002013-02-14T14:15+09:003DM (3ware Disk Manager) vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000011.html
3DM (3ware Disk Manager) contains a directory traversal vulnerability.
3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability.
yamaguchi tsuyoshi of Digiplate.inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000011http://jvn.jp/en/jp/JVN02596643/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0705http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0705https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lsi:3ware_disk_manager2013-02-15T14:29+09:002013-02-15T14:29+09:002013-02-15T14:29+09:00NEC Universal RAID Utility fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000012.html
NEC Universal RAID Utility contains an issue where access permissions are not restricted.
NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted.
SAKURA Internet Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000012https://jvn.jp/en/jp/JVN75585394/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0706http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0706https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nec:universal_raid_utility2013-03-01T11:34+09:002013-02-21T13:54+09:002013-03-01T11:34+09:00dopvCOMET* vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000013.html
dopvCOMET* provided by bayashi.net is a software to analyze web access logs.
dopvCOMET* contains a cross-site scripting vulnerability.
Masahiro YAMADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000013http://jvn.jp/en/jp/JVN64756004/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0708http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0708https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bayashi:dopvcomet%2A2013-02-28T13:37+09:002013-02-28T13:37+09:002013-02-28T13:37+09:00dopvSTAR* vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000014.html
dopvSTAR* provided by bayashi.net is a software to analyze web access logs.
dopvSTAR* contains a cross-site scripting vulnerability.
Masahiro YAMADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000014http://jvn.jp/en/jp/JVN36339873/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0709http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0709https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bayashi:dopvstar%2A2013-02-28T13:46+09:002013-02-28T13:46+09:002013-02-28T13:46+09:00Multiple JustSystems products vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000015.html
Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution.
For more information, refer to the information provided by the developer.JVNDB-2013-000015http://jvn.jp/en/jp/JVN16817324/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0707http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0707http://www.ipa.go.jp/about/press/20130226.htmlhttp://www.symantec.com/connect/blogs/ichitaro-vulnerability-another-zero-day-exploit-wildhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:hanakocpe:/a:justsystems:ichitaro2013-02-26T14:45+09:002013-02-26T14:45+09:002013-02-26T14:45+09:00Kingsoft Writer vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000016.html
Kingsoft Writer contains a buffer overflow vulnerability.
Kingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000016https://jvn.jp/en/jp/JVN55924624/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0710http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0710https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kingsoft:writer_20102013-03-01T14:47+09:002013-03-01T14:47+09:002013-03-01T14:47+09:00Multiple Cisco products vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000017.html
The SSH implementation in multiple Cisco products contains a denial-of-service (DoS) vulnerability.
Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000017http://jvn.jp/en/jp/JVN05132866/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1154http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1154http://www.ipa.go.jp/about/press/20130307.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cisco:200_series_smart_switches_softwarecpe:/h:cisco:200_series_smart_switchescpe:/h:cisco:300_series_managed_switchescpe:/h:cisco:500_series_stackable_managed_switches2013-03-11T16:22+09:002013-03-07T14:13+09:002013-03-11T16:22+09:00VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000018.html
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in processing authentication requests.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000018http://jvn.jp/en/jp/JVN45545972/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0711http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0711http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:windriver:vxworks2013-06-25T17:54+09:002013-03-18T14:33+09:002013-06-25T17:54+09:00VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000019.html
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing directly after the SSH connection is established.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000019http://jvn.jp/en/jp/JVN01611135/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0712http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0712https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:windriver:vxworks2013-06-25T17:57+09:002013-03-18T14:32+09:002013-06-25T17:57+09:00VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000020.html
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000020http://jvn.jp/en/jp/JVN52492830/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0713http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0713http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:windriver:vxworks2013-06-25T18:01+09:002013-03-18T14:30+09:002013-06-25T18:01+09:00VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000021.html
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing authentication requests.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000021http://jvn.jp/en/jp/JVN20671901/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0714http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0714http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:windriver:vxworks2013-06-25T18:06+09:002013-03-18T14:38+09:002013-06-25T18:06+09:00VxWorks WebCLI vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000022.html
The VxWorks WebCLI contains a denial-of-service (DoS) vulnerability.
The VxWorks WebCLI contains a denial-of-service (DoS) vulnerability due to an issue in parsing command strings.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000022http://jvn.jp/en/jp/JVN65923092/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0715http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0715http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:windriver:vxworks2013-06-25T18:10+09:002013-03-18T14:40+09:002013-06-25T18:10+09:00VxWorks Web Server vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000023.html
The VxWorks Web Server contains a denial-of-service vulnerability.
The VxWorks Web Server contains a denial-of-service (DoS) vulnerability.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000023http://jvn.jp/en/jp/JVN41022517/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0716http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0716http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:windriver:vxworks2013-06-25T18:15+09:002013-03-18T14:43+09:002013-06-25T18:15+09:00Multiple NEC mobile routers vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000024.html
Multiple mobile routers provided by NEC contain a cross-site request forgery vulnerability.
Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery.
Sen UENO of Tricorder Co. Ltd., Hiroshi Kumagai and Kimura Youichi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000024http://jvn.jp/en/jp/JVN59503133/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0717http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0717https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:nec:atermwm3450rncpe:/h:nec:atermwm3600rcpe:/h:nec:atermwr8160ncpe:/h:nec:atermwr8170ncpe:/h:nec:atermwr8370ncpe:/h:nec:atermwr8600ncpe:/h:nec:atermwr8700ncpe:/h:nec:atermwr9500n2013-06-25T18:19+09:002013-03-19T13:45+09:002013-06-25T18:19+09:00OpenWnn for Android vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000025.html
OpenWnn for Android contains an issue in the access permissions for certain files.
OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor (IME). OpenWnn for Android contains an issue in the access permissions for certain files.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000025https://jvn.jp/en/jp/JVN01167429/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2301http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2301https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:omron_2:openwnn2013-03-29T13:58+09:002013-03-29T13:58+09:002013-03-29T13:58+09:00ArtIME Japanese Input vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000026.html
ArtIME Japanese Input contains an issue in the access permissions for the certain files.
ArtIME Japanese Input is a Japanese Input Method Editor (IME) for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000026http://jvn.jp/en/jp/JVN80922020/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0719http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0719https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:codedesign:artime_japanese_input2013-03-26T13:36+09:002013-03-26T13:36+09:002013-03-26T13:36+09:00COBIME vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000027.html
COBIME contains an issue in the access permissions for the certain files.
COBIME is a Japanese Input Method Editor (IME) for Android devices. COBIME contains an issue in the access permissions for the certain files.JVNDB-2013-000027http://jvn.jp/en/jp/JVN11249169/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0720http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0720https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cob%27s_products:cobime2013-03-26T14:55+09:002013-03-26T14:55+09:002013-03-26T14:55+09:00OpenWnn/Flick support vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000028.html
OpenWnn/Flick support contains an issue in the access permissions for the certain files.
OpenWnn/Flick support is a Japanese Input Method Editor (IME) for Android devices. OpenWnn/Flick support contains an issue in the access permissions for the certain files.
JVNDB-2013-000028http://jvn.jp/en/jp/JVN11434157/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2300http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2300https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:pm9:flickwnn2013-03-26T14:55+09:002013-03-26T14:55+09:002013-03-26T14:55+09:00Simeji vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000029.html
Simeji contains an issue in the access permissions for the certain files.
Simeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000029http://jvn.jp/en/jp/JVN77360971/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0718http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0718https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:baidu:simeji2013-03-26T14:51+09:002013-03-26T14:51+09:002013-03-26T14:51+09:00Lotus Domino vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000030.html
Lotus Domino provided by IBM contains a denial-of-service (DoS) vulnerability.
Lotus Domino contains a denial-of-service (DoS) vulnerability due to an issue in processing HTTP requests.
Ryouichi Ozawa of Oki Electric Industry Co., Ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000030http://jvn.jp/en/jp/JVN51305555/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0486http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0486https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ibm:lotus_domino2013-03-28T12:32+09:002013-03-28T12:32+09:002013-03-28T12:32+09:00Active! mail vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000031.html
Active! mail contains an information disclosure vulnerability.
Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability.
Mitsuru Ogino of Sugiyama Jogakuen reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000031http://jvn.jp/en/jp/JVN04288738/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2302http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2302https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:transware:active_mail2013-06-25T18:30+09:002013-04-04T14:43+09:002013-06-25T18:30+09:00Sleipnir for Windows vulnerable to address bar spoofing
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000032.html
Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000032http://jvn.jp/en/jp/JVN65034198/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2303http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2303https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir2013-04-11T14:14+09:002013-04-11T14:14+09:002013-04-11T14:14+09:00Sleipnir Mobile for Android loads arbitrary Extension API
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000033.html
Sleipnir Mobile for Android has an Extension mechanism to customize browser functions, and this Extension function makes calls to an Extension API.
Sleipnir Mobile for Android contains an issue that may allow a specially crafted web page to load an arbitrary Extension API.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000033http://jvn.jp/en/jp/JVN02895867/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2304http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2304https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir_mobile2013-04-12T12:41+09:002013-04-12T12:41+09:002013-04-12T12:41+09:00Multiple Cybozu products vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000034.html
Multiple Cybozu products contain a cross-site request forgery vulnerability.JVNDB-2013-000034https://jvn.jp/en/jp/JVN06251813/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2305http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2305https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:deziecpe:/a:cybozu:mailwisecpe:/a:cybozu:office2013-06-25T18:36+09:002013-04-15T17:08+09:002013-06-25T18:36+09:00Online Service Gate vulnerable in Office 365 password management
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000035.html
Online Service Gate contains a vulnerability in Office 365 password management.
Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper and OSG Lite provided by Online Service Gate contain a vulnerability which allows users to obtain their own Office 365 passwords.JVNDB-2013-000035https://jvn.jp/en/jp/JVN61972596/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2308http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2308https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:softbanktech:online_service_gate2013-05-08T15:08+09:002013-05-08T15:08+09:002013-05-08T15:08+09:00jigbrowser+ for Android vulnerable to address bar spoofing
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000036.html
jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000036http://jvn.jp/en/jp/JVN01313594/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2306http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2306https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jig_jp_co:jigbrowser%2B2013-04-26T15:05+09:002013-04-26T15:05+09:002013-04-26T15:05+09:00Yahoo! Browser vulnerable to address bar spoofing
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000037.html
Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000037https://jvn.jp/en/jp/JVN55074201/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2307http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2307https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yahoo_japan_yahoo_browser2013-04-26T15:50+09:002013-04-26T15:50+09:002013-04-26T15:50+09:00OpenPNE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000038.html
The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability.
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000038https://jvn.jp/en/jp/JVN18501376/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2309http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2309https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tejimaya:openpne2013-06-19T09:56+09:002013-05-13T13:39+09:002013-06-19T09:56+09:00Wi-Fi Spot Configuration Software vulnerability in the connection process
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000039.html
Wi-Fi Spot Configuration Software provided by SoftBank contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally.
Masashi Sakai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000039https://jvn.jp/en/jp/JVN85371480/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2310http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2310https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:multiple_vendors2013-06-19T09:58+09:002013-05-15T14:25+09:002013-06-19T09:58+09:00Cross-site scripting vulnerability in the web2py social bookmarking widget
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000040.html
The social bookmarking widget (share.js) in web2py contains a cross-site scripting vulnerability.
web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability.
Yuji Kosuga of Everforth Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000040https://jvn.jp/en/jp/JVN10461119/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2311http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2311https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:web2py:web2py2013-05-20T15:16+09:002013-05-20T15:16+09:002013-05-20T15:16+09:00EC-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000041.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000041https://jvn.jp/en/jp/JVN52552792/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2312http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2312https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-05-23T14:11+09:002013-05-23T14:11+09:002013-05-23T14:11+09:00EC-CUBE vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000042.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000042https://jvn.jp/en/jp/JVN00985872/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2313http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2313https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-05-23T14:15+09:002013-05-23T14:15+09:002013-05-23T14:15+09:00EC-CUBE fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000043.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted.
Gen Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000043http://jvn.jp/en/jp/JVN45306814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2314http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2314http://www.ipa.go.jp/security/ciadr/vul/20130523-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-06-03T16:13+09:002013-05-23T15:42+09:002013-06-03T16:13+09:00EC-CUBE vulnerable to information disclosure as a result of improper input checking
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000044.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure.
LOCKON CO.,LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
LOCKON CO.,LTD. credits System Friend,lnc. for reporting this vulnerability.JVNDB-2013-000044http://jvn.jp/en/jp/JVN39699406/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2315http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2315https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-05-23T15:46+09:002013-05-23T15:46+09:002013-05-23T15:46+09:00Yahoo! Browser vulnerable to address bar spoofing
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000045.html
Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed.
Note that this vulnerability is different from JVN#55074201.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000045https://jvn.jp/en/jp/JVN31817913/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2316http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2316https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yahoo_japan_yahoo_browser2013-05-27T15:04+09:002013-05-27T15:04+09:002013-05-27T15:04+09:00Sleipnir Mobile for Android vulnerable to address bar spoofing
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000046.html
Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000046http://jvn.jp/en/jp/JVN22756333/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2317http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2317https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir_mobile2013-05-29T15:19+09:002013-05-29T15:19+09:002013-05-29T15:19+09:00Content Provider in MovatwiTouch fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000047.html
MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted.
Masata Nishida of Advanced Research Laboratory, SecureBrain Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000047http://jvn.jp/en/jp/JVN90289505/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2318http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2318https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jig_jp_co:movatwitouchcpe:/a:jig_jp_co:movatwitouch_paid2013-05-29T15:32+09:002013-05-29T15:32+09:002013-05-29T15:32+09:00FileMaker Pro fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000048.html
FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate.JVNDB-2013-000048https://jvn.jp/en/jp/JVN85812843/index.htmlhttp://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000114.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2319https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:claris:filemaker_pro2014-09-18T21:08+09:002013-05-31T15:43+09:002014-09-18T21:08+09:00FileMaker Pro vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000049.html
FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting.JVNDB-2013-000049https://jvn.jp/en/jp/JVN53579095/index.htmlhttp://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000113.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3640https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:claris:filemaker_pro2015-05-22T11:34+09:002013-05-31T15:43+09:002015-05-22T11:34+09:00Safari information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000050.html
Safari contains an information disclosure vulnerability caused the by the improper handling of XML files.
Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000050https://jvn.jp/en/jp/JVN07354844/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:safari2013-05-31T15:44+09:002013-05-31T15:44+09:002013-05-31T15:44+09:00Adobe Reader X vulnerable to sandbox bypass
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000051.html
Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000051http://jvn.jp/en/jp/JVN24560784/index.htmlhttp://www.fourteenforty.jp/cgi-bin/advisory/advisory.cgi?type=release&id=FFRRA-20130603https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:acrobat_reader2013-05-31T15:44+09:002013-05-31T15:44+09:002013-05-31T15:44+09:00HP ProCurve 1700 series switches vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000052.html
ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability.
Darren Willis of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000052http://jvn.jp/en/jp/JVN48108258/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5216http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5216https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:hp:procurve_switch_1700-24cpe:/h:hp:procurve_switch_1700-82013-06-03T14:28+09:002013-06-03T14:28+09:002013-06-03T14:28+09:00Internet Explorer vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000053.html
Internet Explorer contains an issue in handling XML files, which may result in information disclosure.
Isayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000053http://jvn.jp/en/jp/JVN63901692/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2013-06-07T13:59+09:002013-06-07T13:59+09:002013-06-07T13:59+09:00Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000054.html
Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates.
Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000054http://jvn.jp/en/jp/JVN39218538/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:pizzahut:pizza_hut_japan_official_order_application2013-06-07T15:03+09:002013-06-07T15:03+09:002013-06-07T15:03+09:00Angel Browser vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000055.html
Angel Browser is a web browser for Android devices. Angel Browser contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000055http://jvn.jp/en/jp/JVN79301570/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3642http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3642https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adgjm:angel_browser2013-06-18T17:52+09:002013-06-11T13:40+09:002013-06-18T17:52+09:00Galapagos Browser vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000056.html
Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000056http://jvn.jp/en/jp/JVN99813183/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3643http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3643https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adgjm:galapagos_browser2013-06-18T17:55+09:002013-06-11T13:48+09:002013-06-18T17:55+09:00Orchard vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000057.html
Orchard is a content management system (CMS). Orchard contains a cross-site scripting vulnerability.
Tatsuya Sekiguchi of Hitachi Systems, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000057https://jvn.jp/en/jp/JVN53622030/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3645http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3645https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:orchardcore:orchard2013-06-17T12:01+09:002013-06-13T13:49+09:002013-06-17T12:01+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000058.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.JVNDB-2013-000058http://jvn.jp/en/jp/JVN98712361/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3644http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3644http://www.ipa.go.jp/security/ciadr/vul/20130618-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_governmentcpe:/a:justsystems:ichitaro_portablecpe:/a:justsystems:ichitaro_procpe:/a:justsystems:ichitaro_viewercpe:/a:justsystems:justschool2013-06-26T14:49+09:002013-06-18T15:17+09:002013-06-26T14:49+09:00Cybozu Live for Android vulnerable to arbitrary Java method execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000059.html
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability.
Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN#23009798.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000059https://jvn.jp/en/jp/JVN63428218/https://jvn.jp/en/jp/JVN23009798/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3646http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3646https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:cybozu_live_for_android2013-06-26T14:46+09:002013-06-18T15:19+09:002013-06-26T14:46+09:00Cybozu Live for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000060.html
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class.
Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN#77393797.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000060https://jvn.jp/en/jp/JVN19740283/https://jvn.jp/en/jp/JVN77393797/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3647http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3647https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:cybozu_live_for_android2013-06-26T14:43+09:002013-06-18T15:20+09:002013-06-26T14:43+09:00EC-CUBE vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000061.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability.
Note that this vulnerability is different from JVN#04161229.
Gen Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000061http://jvn.jp/en/jp/JVN43886811/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3650http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3650https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-07-02T15:57+09:002013-06-27T14:29+09:002013-07-02T15:57+09:00EC-CUBE vulnerable to code injection
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000062.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability.
Gen Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000062http://jvn.jp/en/jp/JVN34900750/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3651http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3651http://www.ipa.go.jp/security/ciadr/vul/20130627-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-07-02T16:01+09:002013-06-27T14:29+09:002013-07-02T16:01+09:00EC-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000063.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#98665228.
Daiki Ishimori of Gehirn Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000063http://jvn.jp/en/jp/JVN07192063/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3652http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3652https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-07-02T16:06+09:002013-06-27T14:31+09:002013-07-02T16:06+09:00EC-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000064.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#07192063.
Ren Hirasawa of Gehirn Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000064http://jvn.jp/en/jp/JVN98665228/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3653http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3653https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-07-02T16:10+09:002013-06-27T14:31+09:002013-07-02T16:10+09:00EC-CUBE vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000065.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability.
Note that this vulnerability is different from JVN#43886811.
LOCKON CO.,LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
LOCKON CO.,LTD. credits System Friend,lnc. for reporting this vulnerability.JVNDB-2013-000065http://jvn.jp/en/jp/JVN04161229/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3654http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3654https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-07-02T16:15+09:002013-06-27T14:33+09:002013-07-02T16:15+09:00POST-MAIL vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000066.html
POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability.
Taketo Ikeuchi of Hitachi Solutions, Ltd. and Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000066https://jvn.jp/en/jp/JVN26394323/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3648http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3648https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:post-mail2013-07-02T15:47+09:002013-06-27T14:38+09:002013-07-02T15:47+09:00CLIP-MAIL vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000067.html
CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability.JVNDB-2013-000067https://jvn.jp/en/jp/JVN85804149/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3649http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3649https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:clip-mail2013-07-02T15:52+09:002013-06-27T14:35+09:002013-07-02T15:52+09:00AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000068.html
AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service (DoS).
Ayako Matsuda of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000068http://jvn.jp/en/jp/JVN68773685/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3655http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3655https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sharp:aquos_hn-pp150cpe:/o:sharp:aquos_hn-pp150_firmware2013-07-16T14:21+09:002013-07-11T15:39+09:002013-07-16T14:21+09:00Cybozu Office session management vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000069.html
Cybozu Office is a groupware. Cybozu Office contains a vulnerability in session management.
Ooi Keita reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000069http://jvn.jp/en/jp/JVN19491840/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3656http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3656https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2013-07-23T19:09+09:002013-07-16T12:27+09:002013-07-23T19:09+09:00Oracle Outside In vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000070.html
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability.
Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000070http://jvn.jp/en/jp/JVN07497769/index.htmlhttp://jvn.jp/cert/JVNTA13-225A/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3781http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3781http://www.ipa.go.jp/security/ciadr/vul/20130717-jvn.htmlhttp://www.ipa.go.jp/security/ciadr/vul/20130814-ms.htmlhttp://www.jpcert.or.jp/at/2013/at130035.htmlhttp://www.npa.go.jp/cyberpolice/topics/?seq=12042http://www.us-cert.gov/ncas/alerts/TA13-225Ahttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ibm:websphere_portalcpe:/a:microsoft:exchange_servercpe:/a:oracle:fusion_middleware2014-02-24T16:38+09:002013-07-17T13:45+09:002014-02-24T16:38+09:00Oracle Outside In vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service (DoS) vulnerability.
Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000071http://jvn.jp/en/jp/JVN68663052/index.htmlhttp://jvn.jp/cert/JVNTA13-225A/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3776http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3776http://www.ipa.go.jp/security/ciadr/vul/20130814-ms.htmlhttp://www.jpcert.or.jp/at/2013/at130035.htmlhttp://www.npa.go.jp/cyberpolice/topics/?seq=12042http://www.us-cert.gov/ncas/alerts/TA13-225Ahttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ibm:websphere_portalcpe:/a:microsoft:exchange_server2013-08-28T14:31+09:002013-07-17T13:56+09:002013-08-28T14:31+09:00JBoss RichFaces vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000072.html
JBoss RichFaces contains a remote code execution vulnerability due to an issue with deserialization.
JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interface may deserialize untrusted data, which may lead to arbitrary code execution.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000072http://jvn.jp/en/jp/JVN38787103/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2165http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2165https://www.ipa.go.jp/security/ciadr/vul/20130719-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redhat:jboss_enterprise_application_platformcpe:/a:redhat:jboss_enterprise_brms_platformcpe:/a:redhat:jboss_enterprise_soa_platformcpe:/a:redhat:jboss_enterprise_web_platformcpe:/a:redhat:jboss_operations_networkcpe:/a:redhat:jboss_portalcpe:/a:redhat:jboss_web_framework_kitcpe:/a:redhat:richfaces2013-07-24T16:16+09:002013-07-19T12:32+09:002013-07-24T16:16+09:00docomo overseas usage application vulnerability in the connection process
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000075.html
docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally.JVNDB-2013-000075https://jvn.jp/en/jp/JVN44035194/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3659http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3659https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdocomo:overseas_usage2013-08-14T14:17+09:002013-08-07T15:01+09:002013-08-14T14:17+09:00JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000076.html
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability.
Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000076http://jvn.jp/en/jp/JVN00065218/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4697http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4697https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:it_operations_directorcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-managercpe:/a:hitachi:jp1%2Fit_desktop_management-manager2013-08-02T18:17+09:002013-07-29T13:39+09:002013-08-02T18:17+09:00Cybozu Mailwise vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000077.html
Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field.JVNDB-2013-000077http://jvn.jp/en/jp/JVN21103639/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4698http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4698https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:mailwise2013-08-20T11:37+09:002013-08-13T12:22+09:002013-08-20T11:37+09:00Yafuoku! contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000078.html
Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.
Zachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000078http://jvn.jp/en/jp/JVN68156832/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4699http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4699https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yafuoku%212013-08-23T18:43+09:002013-08-19T15:35+09:002013-08-23T18:43+09:00Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000079.html
Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.
Zachary Mathis of Proactive Defense (Kobe Digital Labo) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000079http://jvn.jp/en/jp/JVN75084836/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4700http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4700https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:japan_shopping2013-08-23T18:42+09:002013-08-19T15:50+09:002013-08-23T18:42+09:00PHP OpenID Library vulnerable to XML external entity injection
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000080.html
The PHP OpenID Library contains an XML external entity injection vulnerability.
Takeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000080http://jvn.jp/en/jp/JVN24713981/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4701http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4701https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:janrain:php-openid2013-08-23T18:38+09:002013-08-21T14:26+09:002013-08-23T18:38+09:00EC-CUBE vulnerable to directory traversal when used in Windows
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000081.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows.
Gen Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000081http://jvn.jp/en/jp/JVN15973066/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4702http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4702https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-09-02T18:25+09:002013-08-30T14:38+09:002013-09-02T18:25+09:00Cybozu Office vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000082.html
Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability in the function to customize the top page.
Motoki Nishio of VALTES CO.,LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000082https://jvn.jp/en/jp/JVN53014207/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4703http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4703https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2013-09-11T13:34+09:002013-09-10T13:56+09:002013-09-11T13:34+09:00VMware ESX and ESXi vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000084.html
VMware ESX and ESXi contains a directory traversal vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000084http://jvn.jp/en/jp/JVN72911629/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3658http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3658http://www.ipa.go.jp/security/ciadr/vul/20130906-jvn.htmlhttp://blog.shanonolsson.com/blog/2013/08/24/esxi-cim-services-authentication-bypass-and-remote-code-execution-vulnerabilities/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:vmware:esxcpe:/o:vmware:esxi2013-09-11T13:59+09:002013-09-06T13:59+09:002013-09-11T13:59+09:00VMware ESX and ESXi vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000085.html
VMware ESX and ESXi contains a buffer overflow vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000085http://jvn.jp/en/jp/JVN19847770/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3657http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3657http://www.ipa.go.jp/security/ciadr/vul/20130906-jvn.htmlhttp://blog.shanonolsson.com/blog/2013/08/24/esxi-cim-services-authentication-bypass-and-remote-code-execution-vulnerabilities/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:vmware:esxcpe:/o:vmware:esxi2013-09-11T14:06+09:002013-09-06T14:03+09:002013-09-11T14:06+09:00Opera vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000086.html
Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8.JVNDB-2013-000086https://jvn.jp/en/jp/JVN01094166/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4705http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4705https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_browser2013-09-17T14:20+09:002013-09-12T14:13+09:002013-09-17T14:20+09:00Multiple broadband routers may behave as open resolvers
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000087.html
Multiple broadband routers contain an issue where they may behave as open resolvers.
A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver.
Multiple broadband routers may contain an issue where they may behave as open resolvers.
This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC.
In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.JVNDB-2013-000087https://jvn.jp/en/jp/JVN62507275/http://www.jpcert.or.jp/at/2013/at130022.htmlhttps://www.us-cert.gov/ncas/alerts/TA13-088Ahttp://www.us-cert.gov/ncas/alerts/TA14-017Ahttp://jprs.jp/important/2013/130418.htmlhttps://www.nic.ad.jp/ja/dns/openresolver/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:multiple_vendors2014-08-28T18:10+09:002013-09-19T13:29+09:002014-08-28T18:10+09:00ChamaCargo vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000088.html
ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability.
Koki Takahashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000088http://jvn.jp/en/jp/JVN77455005/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4704http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4704https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:chama:chama_cargo2013-09-18T16:12+09:002013-09-13T12:21+09:002013-09-18T16:12+09:00D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000089.html
DWL-2100AP provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in SSH implementation.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000089https://jvn.jp/en/jp/JVN03082733/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4706http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4706https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dlink:dwl-2100ap_firmwarecpe:/h:dlink:dwl-2100AP2013-09-30T15:47+09:002013-09-20T15:07+09:002013-09-30T15:47+09:00D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000090.html
DES-3810 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in SSH implementation.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000090https://jvn.jp/en/jp/JVN70245052/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4707http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4707https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:dlink:des-3810cpe:/o:dlink:des-3810_firmware2013-09-30T15:52+09:002013-09-20T15:12+09:002013-09-30T15:52+09:00SEIL Series routers vulnerable in RADIUS authentication
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000091.html
SEIL Series routers contain a vulnerability in RADIUS authentication.
The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated random numbers to be easily predicted.JVNDB-2013-000091https://jvn.jp/en/jp/JVN40079308/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4708http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4708https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fneu_2fe_pluscpe:/h:iij:seil%2Fturbocpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx2cpe:/h:iij:seil%2Fx86cpe:/o:iij:seil%252fb1_firmwarecpe:/o:iij:seil%252fneu_2fe_plus_firmwarecpe:/o:iij:seil%252fturbo_firmwarecpe:/o:iij:seil%252fx1_firmwarecpe:/o:iij:seil%252fx2_firmwarecpe:/o:iij:seil%252fx86_firmware2013-10-08T15:36+09:002013-09-20T14:52+09:002013-10-08T15:36+09:00SEIL Series routers vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000092.html
SEIL Series routers contain a buffer overflow vulnerability.
The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages.JVNDB-2013-000092https://jvn.jp/en/jp/JVN43152129/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4709http://web.nvd.nist.gov/view/vuln/detail?vulnId=http://support.apple.com/kb/CVE-2013-4709https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fneu_2fe_pluscpe:/h:iij:seil%2Fturbocpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx2cpe:/h:iij:seil%2Fx86cpe:/o:iij:seil%252fb1_firmwarecpe:/o:iij:seil%252fneu_2fe_plus_firmwarecpe:/o:iij:seil%252fturbo_firmwarecpe:/o:iij:seil%252fx1_firmwarecpe:/o:iij:seil%252fx2_firmwarecpe:/o:iij:seil%252fx86_firmware2013-09-30T16:46+09:002013-09-20T14:57+09:002013-09-30T16:46+09:00Internet Explorer vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000093.html
Internet Explorer contains a vulnerability that may allow arbitrary code execution.
According to Microsoft, targeted attacks that attempt to exploit this vulnerability have been confirmed but are limited.JVNDB-2013-000093https://jvn.jp/en/jp/JVN27443259/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3893http://www.ipa.go.jp/security/ciadr/vul/20130918-ms.htmlhttps://www.jpcert.or.jp/at/2013/at130040.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2013-10-10T18:12+09:002013-09-19T14:39+09:002013-10-10T18:12+09:00Accela BizSearch vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000094.html
Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000094https://jvn.jp/en/jp/JVN33788325/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4711http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4711https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:accelatech:bizsearch2013-10-08T14:56+09:002013-10-04T12:36+09:002013-10-08T14:56+09:00HDL-A and HDL2-A Series vulnerable in session management
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000095.html
HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions.
Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000095http://jvn.jp/en/jp/JVN52509236/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4712http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4712https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:hdl-acpe:/h:i-o_data_device:hdl-a%2fecpe:/h:i-o_data_device:hdl-ahcpe:/h:i-o_data_device:hdl-ascpe:/h:i-o_data_device:hdl2-acpe:/h:i-o_data_device:hdl2-a%2fecpe:/h:i-o_data_device:hdl2-ah2013-10-22T17:56+09:002013-10-18T14:30+09:002013-10-22T17:56+09:00RockDisk vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000096.html
RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000096https://jvn.jp/en/jp/JVN74608669/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000096https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4713http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4713https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:rockdiskcpe:/o:i-o_data_device:rockdisk_firmware2014-07-02T14:36+09:002013-10-29T14:40+09:002014-07-02T14:36+09:00EC-CUBE vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000097.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability.
Gen Sato reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000097http://jvn.jp/en/jp/JVN11221613/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5993http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5993https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-11-22T14:37+09:002013-11-20T15:40+09:002013-11-22T14:37+09:00EC-CUBE information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000098.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability.
Gen Sato reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000098http://jvn.jp/en/jp/JVN06870202/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5994http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5994https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-11-22T14:35+09:002013-11-20T15:48+09:002013-11-22T14:35+09:00Tiki Wiki CMS Groupware vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000099.html
Tiki Wiki CMS Groupware (Tiki) is a content management system (CMS). Tiki contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000099http://jvn.jp/en/jp/JVN81813850/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4714http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4714https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tiki:tikiwiki_cms%2Fgroupware2013-11-07T17:55+09:002013-11-05T15:05+09:002013-11-07T17:55+09:00Tiki Wiki CMS Groupware vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000100.html
Tiki Wiki CMS Groupware (Tiki) is a content management system (CMS). Tiki contains a SQL injection vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000100http://jvn.jp/en/jp/JVN75720314/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4715http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4715https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tiki:tikiwiki_cms%2Fgroupware2013-11-07T17:57+09:002013-11-05T15:11+09:002013-11-07T17:57+09:00TOWN (modified version) vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000101.html
TOWN (modified version) contains a cross-site scripting vulnerability.
TOWN (modified version) provided by Tattyan's HP contains a cross-site scripting vulnerability.
Yu Yagihashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000101http://jvn.jp/en/jp/JVN12513975/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4716http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4716https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tattyan:tattyan_hptown2013-11-11T16:34+09:002013-11-07T13:59+09:002013-11-11T16:34+09:00Page Scroller vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000102.html
The ZIP archive for Page Scroller contains an issue where it includes a version of jQuery that is vulnerable to cross-site scripting.
Page Scroller from coliss is a script that uses jQuery. In addition to Page Scroller being avaliable just as a script, it is also available as a ZIP archive that includes jQuery and demo files.
The jQuery included in the ZIP archive contains a known cross-site scripting vulnerability (CVE-2011-4969).JVNDB-2013-000102http://jvn.jp/en/jp/JVN28467717/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5989https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:coliss_page_scroller2013-11-07T14:03+09:002013-11-07T14:03+09:002013-11-07T14:03+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000103.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.
For more information, please refer to the developer's website.JVNDB-2013-000103http://jvn.jp/en/jp/JVN44999463/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5990http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5990http://www.ipa.go.jp/security/ciadr/vul/20131112-jvn.htmlhttp://www.npa.go.jp/cyberpolice/topics/?seq=12597https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_governmentcpe:/a:justsystems:ichitaro_portablecpe:/a:justsystems:ichitaro_procpe:/a:justsystems:ichitaro_viewer2013-11-15T10:22+09:002013-11-12T14:33+09:002013-11-15T10:22+09:00EC-CUBE vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000104.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure.
Gen Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000104http://jvn.jp/en/jp/JVN61077110/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5991http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5991https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-11-22T14:42+09:002013-11-20T15:19+09:002013-11-22T14:42+09:00EC-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000105.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error messages, which may lead to cross-site scripting.
Gen Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000105http://jvn.jp/en/jp/JVN38790987/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5992http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5992https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-11-22T14:40+09:002013-11-20T15:34+09:002013-11-22T14:40+09:00EC-CUBE information disclosure vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000106.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features.
LAC Co., Ltd. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000106http://jvn.jp/en/jp/JVN55630933/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5995http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5995http://www.ipa.go.jp/security/ciadr/vul/20131120-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-11-22T14:18+09:002013-11-20T16:14+09:002013-11-22T14:18+09:00EC-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000107.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
LAC Co., Ltd. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000107http://jvn.jp/en/jp/JVN06377589/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5996http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5996https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2013-11-22T13:57+09:002013-11-20T15:56+09:002013-11-22T13:57+09:00KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000108.html
KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates.
Yamano Yasuaki of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000108http://jvn.jp/en/jp/JVN97810280/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5999http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5999https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kingsoft:kdrive2013-11-26T16:02+09:002013-11-22T17:39+09:002013-11-26T16:02+09:00D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000109.html
DES-3800 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in the implementation of SSH.
Note that this vulnerability is different from JVN#28812735.
Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000109http://jvn.jp/en/jp/JVN65312543/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5997http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5997https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:dlink:des-38002013-11-26T16:09+09:002013-11-22T14:50+09:002013-11-26T16:09+09:00D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000110.html
DES-3800 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in the Web manager function.
Note that this vulnerability is different from JVN#65312543.
Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000110http://jvn.jp/en/jp/JVN28812735/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5998http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5998https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:dlink:des-38002013-11-26T16:15+09:002013-11-22T14:51+09:002013-11-26T16:15+09:00Android OS vulnerable to arbitrary Java method execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000111.html
Android OS contains a vulnerability where an arbitrary Java method may be executed.
Tamami Eguchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000111http://jvn.jp/en/jp/JVN53768697/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4710http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4710https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:google:android2014-03-05T17:27+09:002013-12-17T13:57+09:002014-03-05T17:27+09:00TOWN (modified version) vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000112.html
TOWN (modified version) provided by Tattyan's HP contains a directory traversal vulnerability.
Misukuro reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000112http://jvn.jp/en/jp/JVN41703192/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6000http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6000https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tattyan:tattyan_hptown2013-12-06T10:38+09:002013-11-29T14:23+09:002013-12-06T10:38+09:00Multiple cross-site scripting vulnerabilities in Cybozu Garoon
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000113.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities.JVNDB-2013-000113http://jvn.jp/en/jp/JVN23981867/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6900https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6901https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6902https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6903https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6904https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6905https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6906https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6907https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6908https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6909https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6910https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6911https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6912https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6913https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6914https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6915https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6916http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6900http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6901http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6902http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6903http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6904http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6905http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6906http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6907http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6908http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6909http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6910http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6911http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6912http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6913http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6914http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6915http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6916https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2013-12-06T10:42+09:002013-12-03T13:37+09:002013-12-06T10:42+09:00Cybozu Garoon vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000114.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function.JVNDB-2013-000114http://jvn.jp/en/jp/JVN82375148/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6001http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6001https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2013-12-06T10:47+09:002013-12-03T13:45+09:002013-12-06T10:47+09:00Cybozu Garoon vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000115.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability.JVNDB-2013-000115http://jvn.jp/en/jp/JVN94245330/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6002http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6002https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2013-12-06T10:48+09:002013-12-03T13:46+09:002013-12-06T10:48+09:00Cybozu Garoon vulnerable to mail header injection
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000116.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function.JVNDB-2013-000116http://jvn.jp/en/jp/JVN84221103/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6003http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6003https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2013-12-06T10:50+09:002013-12-03T13:49+09:002013-12-06T10:50+09:00Cybozu Garoon vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000117.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability.JVNDB-2013-000117http://jvn.jp/en/jp/JVN87729477/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6004http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6004https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2013-12-06T10:52+09:002013-12-03T13:51+09:002013-12-06T10:52+09:00Cybozu Dezie vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000118http://jvn.jp/en/jp/JVN21336955/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6005http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6005https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:deziecpe:/a:cybozu:office2013-12-18T14:51+09:002013-12-10T14:13+09:002013-12-18T14:51+09:00Juniper ScreenOS vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000119.html
ScreenOS provided by Juniper Networks contains a denial-of-service (DoS) vulnerability.
Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000119https://jvn.jp/en/jp/JVN28436508/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6958http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6958https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:juniper:screenos2013-12-18T15:23+09:002013-12-13T12:23+09:002013-12-18T15:23+09:00IrfanView vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000120.html
IrfanView is an application for viewing images of many different file formats.
IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled.
Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000120https://jvn.jp/en/jp/JVN63194482/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6932http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6932https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:irfanview:irfanview2014-01-07T19:25+09:002013-12-24T15:02+09:002014-01-07T19:25+09:00VMware ESX and ESXi may allow access to arbitrary files
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html
VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000123https://jvn.jp/en/jp/JVN13154935/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5973http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5973https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:vmware:esxcpe:/o:vmware:esxi2013-12-25T14:01+09:002013-12-24T15:02+09:002013-12-25T14:01+09:00Cybozu Garoon vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000124.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection.JVNDB-2013-000124http://jvn.jp/en/jp/JVN60997973/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6929http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6929https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-01-07T19:22+09:002013-12-25T12:21+09:002014-01-07T19:22+09:00Cybozu Garoon Keitai vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000125.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability.JVNDB-2013-000125http://jvn.jp/en/jp/JVN81706478/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6006http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6006https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-01-07T16:12+09:002013-12-25T12:22+09:002014-01-07T16:12+09:00HP Autonomy Ultraseek vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000126.html
HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting.
NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-000126https://jvn.jp/en/jp/JVN69700259/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6196http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6196https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hp:autonomy_ultraseek2013-12-26T12:32+09:002013-12-26T12:32+09:002013-12-26T12:32+09:00User Authentication Vulnerability in Operational Management Function of Cosminexus
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001321.html
The operational management function of Cosminexus does not properly require authentication for manipulation of an operational management portal, which allows remote attackers to delete and replace applications which other users attached.
JVNDB-2013-001321https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_component_containercpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_smart_editioncpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2013-02-12T14:24+09:002013-02-12T14:24+09:002013-02-12T14:24+09:00Accela BizSearch Gateway Option for TeamWARE Spoofing Vulnerability
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001470.html
Accela BizSearch Gateway Option for TeamWARE, when the TeamWARE Gateway and Single Sign-On are enabled, which allows remote attackers to spoof user accounts of TeamWARE Office under specified conditions.JVNDB-2013-001470https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:accelatech:accelatech_eaccela_bizsearchcpe:/a:accelatech:bizsearch2013-02-13T16:47+09:002013-02-13T16:47+09:002013-02-13T16:47+09:00Multiple vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001605.html
Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option contain Cross-site scripting and cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities can not be exploited, unless logging in these products.JVNDB-2013-001605https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_performance_management_web_consolecpe:/a:hitachi:jp1_performance_managementcpe:/a:hitachi:tuning_manager2013-02-22T20:09+09:002013-02-22T20:09+09:002013-02-22T20:09+09:00Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001665.html
Multiple products that use International Components for Unicode (ICU) contain a denial-of-service (DoS) vulnerability.
International Components for Unicode (ICU) is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU4C contain a denial-of-service vulnerability due to a race condition.
ICU released ICU4C version 50.1.1 that addresses this vulnerability in December, 2012.JVNDB-2013-001665http://jvn.jp/en/jp/JVN70739377/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0900https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:multiple_vendors2015-10-28T10:05+09:002013-10-30T16:08+09:002015-10-28T10:05+09:00Arbitrary program execution vulnerability in TrendLink ActiveX control
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-002240.html
TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted.
Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C Kuang-Chun Hung reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-002240http://jvn.jp/en/jp/JVN30281958/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3022http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3022http://ics-cert.us-cert.gov/advisories/ICSA-13-098-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:canarylabs:trendlink2014-07-25T14:44+09:002014-07-25T14:44+09:002014-07-25T14:44+09:00Buffer Overflow Vulnerability in Hitachi IT Operations Director
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-002427.html
Hitachi IT Operation Director Agent in client PC contains a buffer overflow vulnerability.JVNDB-2013-002427https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:it_operations_director2013-04-24T09:55+09:002013-04-24T09:55+09:002013-04-24T09:55+09:00Cross-site Scripting Vulnerability in JP1/Automatic Operation
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-002770.html
JP1/Automatic Operation contains a cross-site scripting vulnerability.JVNDB-2013-002770https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_automatic_operation2013-05-21T15:45+09:002013-05-21T15:45+09:002013-05-21T15:45+09:00Arbitrary Commands Execution Vulnerability in JP1/Integrated Management - TELstaff Alarm View
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-002796.html
JP1/Integrated Management - TELstaff Alarm View contains a vulnerability where arbitrary commands may be executed with administrator privilege.JVNDB-2013-002796https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_integrated_management2013-05-24T14:37+09:002013-05-24T14:37+09:002013-05-24T14:37+09:00Vulnerability in JP1/HIBUN Advanced Edition Information Cypher Removable Media Encryption
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-003073.html
Removable media encrypted by JP1/HIBUN Advanced Edition Information Cypher contains a vulnerability.JVNDB-2013-003073https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_hibun2013-06-20T14:24+09:002013-06-20T14:24+09:002013-06-20T14:24+09:00Cross-site Scripting Vulnerability in Hitachi Command Suite Products
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-003074.html
Hitachi Command Suite Products contains a cross-site scripting vulnerability.JVNDB-2013-003074https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:compute_systems_managercpe:/a:hitachi:device_managercpe:/a:hitachi:tiered_storage_managercpe:/a:hitachi:tuning_manager2013-06-20T14:37+09:002013-06-20T14:37+09:002013-06-20T14:37+09:00Oracle Enterprise Manager vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-003391.html
Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-003391http://jvn.jp/en/jp/JVN26103805/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3791http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3791https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oracle:database_servercpe:/a:oracle:enterprise_managercpe:/a:oracle:enterprise_manager_database_control2013-07-22T15:00+09:002013-07-22T15:00+09:002013-07-22T15:00+09:00Apache Struts vulnerable to remote command execution
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-003469.html
Apache Struts contains a remote command execution vulnerability.
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability.
This issue is the same issue that the developer published as S2-016 on July 16, 2013
Note that attacks leveraging this vulnerability have been confirmed.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2013-003469https://jvn.jp/en/jp/JVN33504150/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2251https://www.jpcert.or.jp/english/at/2013/at130033.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:strutscpe:/a:oracle:financial_services_softwarecpe:/a:oracle:mysql2015-08-11T15:19+09:002013-09-06T14:12+09:002015-08-11T15:19+09:00Multiple vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-004318.html
Hitachi JP1/Cm2/Network Node Manager i contains multiple vulnerabilities. JVNDB-2013-004318https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2013-09-27T14:49+09:002013-09-27T14:49+09:002013-09-27T14:49+09:00Multiple vulnerabilities in Java bundled with Hitachi JP1/Cm2/Network Node Manager i
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-004319.html
The Java bundled with Hitachi JP1/Cm2/Network Node Manager i contains multiple vulnerabilities.JVNDB-2013-004319https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2013-09-27T14:51+09:002013-09-27T14:51+09:002013-09-27T14:51+09:00Arbitrary Commands Execution Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-004409.html
The JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability where arbitrary commands may be executed when they receive request messages from unexpected hosts in the network.JVNDB-2013-004409https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_automatic_job_management_system_2cpe:/a:hitachi:jp1_automatic_job_management_system_32013-10-03T19:24+09:002013-10-03T19:24+09:002013-10-03T19:24+09:00Arbitrary Commands Execution Vulnerability in JP1/Base
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-004410.html
The JP1/Base contains a vulnerability where arbitrary commands may be executed when it receives request messages from unexpected hosts in the network.JVNDB-2013-004410https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_base2013-10-03T19:26+09:002013-10-03T19:26+09:002013-10-03T19:26+09:00Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-004446.html
Multiple products that use International Components for Unicode (ICU) contain a use-after-free vulnerability.
International Components for Unicode (ICU) is a library for handling Unicode strings. A C version, ICU4C and a Java version, ICU4J are available. Multiple products that use ICU4C contain a use-after-free vulnerability.
ICU released ICU4C version 52.1 that addresses this vulnerability on October 9, 2013.JVNDB-2013-004446http://jvn.jp/en/jp/JVN85336306/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2924https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:multiple_vendors2015-10-28T10:05+09:002013-10-30T16:32+09:002015-10-28T10:05+09:00Buffer Overflow Vulnerability in the log function of Interstage HTTP Server
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-005262.html
The log function (ihsrlog/rotatelogs) of Interstage HTTP Server contains a buffer overflow vulnerability. JVNDB-2013-005262http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7105http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7105https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:interstage_web_server2013-12-18T16:16+09:002013-11-28T16:38+09:002013-12-18T16:16+09:00Xml eXternal Entity Vulnerability in Hitachi Cosminexus
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-005669.html
When using Cosminexus JAX-WS, XXE (Xml eXternal Entity) in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage.JVNDB-2013-005669https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cosminexus_component_containercpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_smart_editioncpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2013-12-25T19:13+09:002013-12-25T19:13+09:002013-12-25T19:13+09:00