JVNDB RSS Feed - 2014 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00ZIP with Pass vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000001.html
ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000001http://jvn.jp/en/jp/JVN88313872/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0802https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aokitaka:decompression_toolcpe:/a:aokitaka:decompression_tool_pro2014-01-10T14:34+09:002014-01-10T14:34+09:002014-01-10T14:34+09:00tetra filer vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000002.html
tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000002http://jvn.jp/en/jp/JVN51285738/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0803https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:yuichiro_okuyama:tetra_filercpe:/a:yuichiro_okuyama:tetra_filer_free2014-01-10T14:41+09:002014-01-10T14:41+09:002014-01-10T14:41+09:00Security File Manager vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000003.html
Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000003http://jvn.jp/en/jp/JVN44392991/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0804https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cgene:security_file_managercpe:/a:cgene:security_file_manager_pro2014-01-10T14:42+09:002014-01-10T14:42+09:002014-01-10T14:42+09:00NeoFiler vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000004.html
NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000004http://jvn.jp/en/jp/JVN85716574/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0805http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0805https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:skyarts:neofilercpe:/a:skyarts:neofiler_free2014-01-15T12:32+09:002014-01-10T14:44+09:002014-01-15T12:32+09:00EC-CUBE vulnerable to information alteration
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000005.html
EC-CUBE contains an information alteration vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability.
aratana inc. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000005http://jvn.jp/en/jp/JVN17849447/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0807http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0807https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2014-01-27T09:51+09:002014-01-22T15:27+09:002014-01-27T09:51+09:00EC-CUBE vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000006.html
EC-CUBE contains an information disclosure vulnerability.
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability.
The developer reported this vulnerability to JPCERT/CC under Information Security Early Warning Partnership.JVNDB-2014-000006http://jvn.jp/en/jp/JVN51770585/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0808http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0808http://www.ipa.go.jp/security/ciadr/vul/20140122-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2014-01-27T09:56+09:002014-01-22T15:28+09:002014-01-27T09:56+09:00Information disclosure vulnerability in Sleipnir Mobile for Android
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000007.html
Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location.
Ryoji Tamura reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000007http://jvn.jp/en/jp/JVN81637882/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0806http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0806http://www.w3.org/TR/geolocation-API/#privacy_for_uashttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir_mobile2014-01-27T09:47+09:002014-01-22T15:29+09:002014-01-27T09:47+09:00SimZip (Simple Zip Viewer) vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000008.html
SimZip (Simple Zip Viewer) provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000008http://jvn.jp/en/jp/JVN49384502/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0809http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0809https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gapless_player:simzip2014-01-28T18:03+09:002014-01-24T12:34+09:002014-01-28T18:03+09:00OpenPNE vulnerable to PHP Object Injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000009.html
OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability.
Egidio Romano of Secunia reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000009http://jvn.jp/en/jp/JVN69986880/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5350http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5350http://www.ipa.go.jp/security/ciadr/vul/20140124-jvn.htmlhttps://secunia.com/advisories/54043/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tejimaya:openpne2014-01-28T18:02+09:002014-01-24T12:36+09:002014-01-28T18:02+09:00Multiple SQL injection vulnerabilities in Cybozu Garoon
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000010.html
Cybozu Garoon contains multiple SQL injection vulnerabilities.
Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection.
Note that this vulnerability is different from JVN#60997973.JVNDB-2014-000010http://jvn.jp/en/jp/JVN91153528/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6930https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6931http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6930http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6931https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-01-30T14:22+09:002014-01-28T14:40+09:002014-01-30T14:22+09:00Sanshiro Series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000011.html
The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution.JVNDB-2014-000011http://jvn.jp/en/jp/JVN28011378/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0810http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0810http://www.ipa.go.jp/security/ciadr/vul/20140128-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:sanshiro2014-01-30T14:24+09:002014-01-28T14:48+09:002014-01-30T14:24+09:00Blackboard Vista/CE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000012.html
Blackboard Vista/CE is a learning management system (LMS). Blackboard Vista/CE contains a cross-site scripting vulnerability.
ICHIHARA Ryohei of SERAKU Co.,Ltd. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000012http://jvn.jp/en/jp/JVN24730765/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0811http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0811https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:blackboard:vista%2Fce2014-02-25T16:40+09:002014-02-21T14:12+09:002014-02-25T16:40+09:00Joyful Note vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000013.html
Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability.JVNDB-2014-000013http://jvn.jp/en/jp/JVN30718178/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0812http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0812https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:joyful_note2014-02-04T17:38+09:002014-01-31T13:41+09:002014-02-04T17:38+09:00Opera browser for Android issue in handling intent scheme URL's
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000014.html
Opera browser for Android contains an issue in the handling of intent scheme URL's.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000014http://jvn.jp/en/jp/JVN23256725/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0815http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0815https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_browser2014-02-10T19:09+09:002014-02-06T12:20+09:002014-02-10T19:09+09:00phpMyFAQ vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000015.html
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. JVNDB-2014-000015http://jvn.jp/en/jp/JVN30050348/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0814http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0814https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:phpmyfaq:phpmyfaq2014-02-20T14:00+09:002014-02-07T12:25+09:002014-02-20T14:00+09:00phpMyFAQ vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000016.html
phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability.JVNDB-2014-000016http://jvn.jp/en/jp/JVN50943964/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0813http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0813https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:phpmyfaq:phpmyfaq2014-02-20T13:58+09:002014-02-07T12:26+09:002014-02-20T13:58+09:00Apache Commons FileUpload vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000017.html
Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability.
Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop.
As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed.
Hitachi Incident Response Team (HIRT) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000017http://jvn.jp/en/jp/JVN14876762/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050http://advisories.mageia.org/MGASA-2014-0110.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:commons_fileuploadcpe:/a:apache:tomcat2016-12-27T11:49+09:002014-02-10T17:21+09:002016-12-27T11:49+09:00AutoCAD vulnerable to arbitrary VBScript execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000019.html
AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design (CAD). AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution.
kaito834 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000019http://jvn.jp/en/jp/JVN33382534/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0818http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0818https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:autodesk:autocad2014-02-25T16:39+09:002014-02-21T14:16+09:002014-02-25T16:39+09:00AutoCAD may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000020.html
AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design (CAD). AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
kaito834 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000020http://jvn.jp/en/jp/JVN43254599/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0819http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0819https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:autodesk:autocad2014-02-25T16:38+09:002014-02-21T14:19+09:002014-02-25T16:38+09:00Cybozu Garoon vulnerable to session management
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000021.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management.JVNDB-2014-000021http://jvn.jp/en/jp/JVN24035499/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0817http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0817https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-03-03T18:45+09:002014-02-26T15:21+09:002014-03-03T18:45+09:00Denny's App for Android. contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000022.html
Denny's App for Android. contains an issue where it fails to verify SSL server certificates.
kurisu and matt reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000022http://jvn.jp/en/jp/JVN48810179/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1967http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1967https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:7andi-fs.co:denny%27s2014-03-03T18:49+09:002014-02-26T15:21+09:002014-03-03T18:49+09:00Cybozu Garoon vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000023.html
Cybozu Garoon contains a directory traversal vulnerability.
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files.JVNDB-2014-000023http://jvn.jp/en/jp/JVN26393529/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0820http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0820https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-03-03T18:44+09:002014-02-26T15:22+09:002014-03-03T18:44+09:00Cybozu Garoon vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000024.html
Cybozu Garoon contains a SQL injection vulnerability.
Note that this vulnerability is different from JVN#91153528.
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection.JVNDB-2014-000024http://jvn.jp/en/jp/JVN71045461/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0821http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0821https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-03-03T18:42+09:002014-02-26T15:23+09:002014-03-03T18:42+09:00XooNIps vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000025.html
XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability.
Koki Takahashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000025http://jvn.jp/en/jp/JVN87797318/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1968http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1968https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:riken:xoonips2014-03-03T18:50+09:002014-02-26T15:19+09:002014-03-03T18:50+09:00Norman Security Suite vulnerable to privilege escalation
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000026.html
Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability.
Satoshi Tanda reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000026http://jvn.jp/en/jp/JVN02017463/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0816http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0816https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:norman:security_suite2014-03-03T18:47+09:002014-02-26T15:20+09:002014-03-03T18:47+09:00sp mode mail issue when accessing attachments in incoming mail
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000027.html
sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions.
Satoru Takekoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000027http://jvn.jp/en/jp/JVN81739241/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1977http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1977https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdocomo:spmode_mail_android2014-03-24T19:04+09:002014-03-18T14:07+09:002014-03-24T19:04+09:00sp mode mail issue where emails in the process of creation may be accessed
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000028.html
sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android applications may access this data.
Hironori Tokuta reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000028http://jvn.jp/en/jp/JVN05951929/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1978http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1978https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdocomo:spmode_mail_android2014-03-25T19:24+09:002014-03-18T14:08+09:002014-03-25T19:24+09:00sp mode mail vulnerability where Java methods may be executed
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000029.html
sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail.
Hironori Tokuta reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000029http://jvn.jp/en/jp/JVN89260331/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1979http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1979https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdocomo:spmode_mail_android2014-03-25T19:25+09:002014-03-18T14:09+09:002014-03-25T19:25+09:00Demaecan for Android. contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000030.html
Demaecan for Android. contains an issue where it fails to verify SSL server certificates.
kurisu and matt reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000030http://jvn.jp/en/jp/JVN16263849/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1976http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1976https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:yumenomachi:demaecan2014-03-19T15:14+09:002014-03-17T13:43+09:002014-03-19T15:14+09:00Unzipper vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000031.html
Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000031http://jvn.jp/en/jp/JVN38227002/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1975http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1975https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:r-company:unzipper2014-03-19T15:15+09:002014-03-17T13:45+09:002014-03-19T15:15+09:00Silex vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000032.html
Silex is a software to build websites. Silex contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000032http://jvn.jp/en/jp/JVN14282890/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1971http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1971https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:silexlabs:silex2014-03-24T18:27+09:002014-03-20T14:02+09:002014-03-24T18:27+09:00ES File Explorer vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000033.html
ES File Explorer provided by ES APP Group contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000033http://jvn.jp/en/jp/JVN70029459/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1970http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1970https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:estrongs:es_file_explorer2014-03-24T18:50+09:002014-03-20T14:05+09:002014-03-24T18:50+09:00SD Card Manager vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000035.html
SD Card Manager provided by apps4u@android contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000035https://jvn.jp/en/jp/JVN47386847/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1969http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1969https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apps4u%40android:sd_card_manager2014-04-16T18:22+09:002014-04-11T13:43+09:002014-04-16T18:22+09:00Content Provider in CamiApp for Android fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000036.html
The Content Provider in CamiApp for Android provided by KOKUYO S&T Co.,Ltd. contains an issue where access permissions are not restricted.
Hiroshi Kumagai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000036https://jvn.jp/en//jp/JVN55438786/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1986http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1986https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kokuyo:camiapp2014-04-21T18:34+09:002014-04-14T13:45+09:002014-04-21T18:34+09:00AndExplorer vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000037.html
AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000037http://jvn.jp/en/jp/JVN22670349/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1974http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1974https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lyesoft:andexplorer2014-04-28T18:12+09:002014-04-18T12:39+09:002014-04-28T18:12+09:00TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000038.html
e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery.JVNDB-2014-000038https://jvn.jp/en/jp/JVN13313061/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1990http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1990https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:toshibatec:e-studio-232cpe:/h:toshibatec:e-studio-233cpe:/h:toshibatec:e-studio-282cpe:/h:toshibatec:e-studio-2832014-04-28T18:11+09:002014-04-18T14:30+09:002014-04-28T18:11+09:00Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000039.html
Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service (DoS) vulnerability.JVNDB-2014-000039http://jvn.jp/en/jp/JVN10319260/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1983http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1983https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:remote_service_manager2014-04-28T18:13+09:002014-04-18T13:40+09:002014-04-28T18:13+09:00Cybozu Remote Service Manager vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000040.html
Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability.JVNDB-2014-000040http://jvn.jp/en/jp/JVN00058727/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1984http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1984https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:remote_service_manager2014-04-28T18:14+09:002014-04-18T13:35+09:002014-04-28T18:14+09:00Redmine vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000041.html
Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000041https://jvn.jp/en/jp/JVN93004610/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1985https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redmine:redmine2014-04-16T15:06+09:002014-04-16T15:06+09:002014-04-16T15:06+09:00Cybozu Garoon Phone Messages vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000042.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability in the Phone Messages function.JVNDB-2014-000042https://jvn.jp/en/jp/JVN90519014/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1988http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1988https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-05-14T10:50+09:002014-04-30T15:14+09:002014-05-14T10:50+09:00Cybozu Garoon API access restriction bypass vulnerability
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000043.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability when using APIs.JVNDB-2014-000043https://jvn.jp/en/jp/JVN31230946/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1989http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1989https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-05-08T18:06+09:002014-04-30T15:08+09:002014-05-08T18:06+09:00intra-mart vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000044.html
intra-mart is a software framework for creating web applications. intra-mart contains an open redirect vulnerability.
Shun Suzaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000044http://jvn.jp/jp/JVN68340046/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1991http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1991https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:intra-mart:webplatform%2Fappframework2014-05-12T17:45+09:002014-05-08T12:46+09:002014-05-12T17:45+09:00Apache Struts vulnerable to ClassLoader manipulation
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated.
NTT-CERT reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000045http://jvn.jp/en/jp/JVN19294237/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.htmlhttp://www.kb.cert.org/vuls/id/719225http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:strutscpe:/a:fujitsu:cloud_infrastructure_management_softwarecpe:/a:fujitsu:integrated_system_ha_database_readycpe:/a:fujitsu:interstagecpe:/a:fujitsu:interstage_application_development_cycle_managercpe:/a:fujitsu:interstage_application_framework_suitecpe:/a:fujitsu:interstage_application_servercpe:/a:fujitsu:interstage_apworkscpe:/a:fujitsu:interstage_business_application_servercpe:/a:fujitsu:interstage_interaction_managercpe:/a:fujitsu:interstage_job_workload_servercpe:/a:fujitsu:interstage_service_integratorcpe:/a:fujitsu:interstage_studiocpe:/a:fujitsu:serverviewcpe:/a:fujitsu:symfowarecpe:/a:fujitsu:systemwalker_service_catalog_managercpe:/a:fujitsu:systemwalker_service_quality_coordinatorcpe:/a:fujitsu:systemwalker_software_configuration_managercpe:/a:fujitsu:triolecpe:/o:misc:miraclelinux_asianux_server2015-05-08T18:01+09:002014-04-25T15:37+09:002015-05-08T18:01+09:00CN8000 vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000046.html
CN8000 provided by ATEN contains a denial-of-service (DoS) vulnerability.
CN8000 provided by ATEN is a remote access unit used to connect a keyboard, mouse and monitor to two or more computers in a remote location. CN8000 contains a denial-of-service (DoS) vulnerability.
Testuya Nagata of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000046http://jvn.jp/en/jp/JVN78136804/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1997http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1997https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:aten:cn8000cpe:/o:aten:cn8000_firmware2014-06-06T18:35+09:002014-06-04T14:37+09:002014-06-06T18:35+09:00SOY CMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000047.html
SOY CMS contains a cross-site scripting vulnerability.
SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is an open source content management system (CMS). SOY CMS contains a cross-site scripting vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000047http://jvn.jp/en/jp/JVN54650130/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1998http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1998https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:n-i-agroinformatics:soy_cms2014-06-06T18:34+09:002014-06-04T14:32+09:002014-06-06T18:34+09:00OpenSSL improper handling of Change Cipher Spec message
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000048.html
OpenSSL improperly handles Change Cipher Spec message in the initial SSL/TLS handshake.
OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM (man-in-the-middle) attacker to force a server and a client to use easily guessable cryptgraphic key material during the initial SSL/TLS handshake (CWE-325).
KIKUCHI Masashi of Lepidum Co. Ltd. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000048http://jvn.jp/en/jp/JVN61247051/index.htmlhttp://jvn.jp/vu/JVNVU93868849/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224http://www.ipa.go.jp/security/ciadr/vul/20140606-jvn.htmlhttp://www.kb.cert.org/vuls/id/978508http://ics-cert.us-cert.gov/advisories/ICSA-14-156-01https://ics-cert.us-cert.gov/advisories/ICSA-14-198-03https://www.cert.fi/haavoittuvuudet/2014/haavoittuvuus-2014-075.htmlhttps://plus.google.com/app/basic/stream/z12xhp3hbzbhhjgfm22ncvtbeua1dpaa004http://ccsinjection.lepidum.co.jp/http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.htmlhttp://www.aratana.jp/security/detail.php?id=9http://tools.ietf.org/html/rfc5246#section-7.1https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:openssl:openssl2016-12-27T11:49+09:002014-06-06T13:48+09:002016-12-27T11:49+09:00050 plus for Android information management vulnerability
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000049.html
050 plus for Android contains an information management vulnerability.
050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product to a system log file on the device.
Ryo SATO reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000049http://jvn.jp/en/jp/JVN07677464/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2000http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2000https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt:050_plus2014-06-23T11:03+09:002014-06-17T14:50+09:002014-06-23T11:03+09:00JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000050.html
JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates.
Akihisa Ishida reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000050http://jvn.jp/en/jp/JVN10603428/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2001http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2001https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jreast:jr_east_japan2014-06-23T11:06+09:002014-06-18T14:57+09:002014-06-23T11:06+09:00C-BOARD Moyuku vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000051.html
C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability.
Koki Takahashi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000051http://jvn.jp/en/jp/JVN58029817/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2002http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2002https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:c-board_moyuku_project:c-board_moyuku2014-06-17T16:22+09:002014-06-11T14:22+09:002014-06-17T16:22+09:00JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000053.html
"JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid.
Please note that this is a flaw in the online update program, not a flaw in each software itself.JVNDB-2014-000053http://jvn.jp/en/jp/JVN50129191/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2003http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2003http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:just_online_update2014-06-17T16:25+09:002014-06-11T12:22+09:002014-06-17T16:25+09:00Spring Framework vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html
Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000054http://jvn.jp/en/jp/JVN49154900/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3578http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3578https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:pivotal:spring_framework2016-06-23T13:45+09:002014-06-13T12:40+09:002016-06-23T13:45+09:00SEIL Series routers vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000055.html
The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to an issue in processing certain packets. (CWE-119)JVNDB-2014-000055http://jvn.jp/en/jp/JVN10724763/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2004http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2004https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fneu_2fe_pluscpe:/h:iij:seil%2Fturbocpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx2cpe:/h:iij:seil%2Fx86cpe:/o:iij:seil%252fb1_firmwarecpe:/o:iij:seil%252fneu_2fe_plus_firmwarecpe:/o:iij:seil%252fturbo_firmwarecpe:/o:iij:seil%252fx1_firmwarecpe:/o:iij:seil%252fx2_firmwarecpe:/o:iij:seil%252fx86_firmware2014-06-17T16:11+09:002014-06-13T12:44+09:002014-06-17T16:11+09:00TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000056.html
TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.JVNDB-2014-000056http://jvn.jp/en/jp/JVN30962312/index.htmlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002308.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdata:terasoluna_server_framework_for_java_web2015-01-22T15:50+09:002014-06-17T15:01+09:002015-01-22T15:50+09:00Usermin vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000057.html
Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000057http://jvn.jp/en/jp/JVN48805624/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3883http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3883http://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:webmin:usermin2014-06-24T13:44+09:002014-06-20T13:56+09:002014-06-24T13:44+09:00Usermin vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000058.html
Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000058http://jvn.jp/en/jp/JVN92737498/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3884http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3884https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:webmin:usermin2014-07-23T10:59+09:002014-06-20T13:56+09:002014-07-23T10:59+09:00Webmin vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000059.html
Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability.
Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000059https://jvn.jp/en/jp/JVN49974594/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3885http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3885https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:webmin:webmin2014-07-23T10:59+09:002014-06-20T13:58+09:002014-07-23T10:59+09:00Webmin vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000060.html
Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off.
Note that "referrer checking" is enabled by default.
hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000060https://jvn.jp/en/jp/JVN02213197/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3886http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3886https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:webmin:webmin2014-07-23T11:00+09:002014-06-20T13:58+09:002014-07-23T11:00+09:00Sophos Disk Encryption vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000061.html
Sophos Disk Encryption contains an authentication bypass vulnerability.
Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC.
Cybozu Inc. Security Incident Response Team reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000061http://jvn.jp/en/jp/JVN63940326/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2005http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2005http://www.ipa.go.jp/security/ciadr/vul/20140624-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sophos:disk_encryption2014-06-26T17:46+09:002014-06-24T14:21+09:002014-06-26T17:46+09:00Login rebuilder vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000062.html
Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability.JVNDB-2014-000062https://jvn.jp/en/jp/JVN05329568/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3882http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3882https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:12net:login_rebuilder2014-06-24T14:22+09:002014-06-24T14:22+09:002014-06-24T14:22+09:00Web Kyukincho vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000063.html
Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability.JVNDB-2014-000063http://jvn.jp/en/jp/JVN80006084/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2006http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2006https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:intercom:web_kyukincho2014-07-01T16:08+09:002014-06-25T14:53+09:002014-07-01T16:08+09:00Web Kyukincho vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000064.html
Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability.JVNDB-2014-000064http://jvn.jp/en/jp/JVN36259412/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3881http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3881https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:intercom:web_kyukincho2014-07-01T16:07+09:002014-06-25T15:01+09:002014-07-01T16:07+09:00SX-2000WG vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000065.html
SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives (HDD). SX-2000WG contains an issue in the processing of TCP Option header, which may cause a denial-of-service (DoS).
Note that this vulnerability is different from JVN#35998716.
Network Security Class Students, Teaching Assistants, and Mentors of Security Camp 2013 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000065http://jvn.jp/en/jp/JVN85571806/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3889http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3889https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:silex:sx-2000wg_firmware2014-07-07T18:28+09:002014-07-02T15:16+09:002014-07-07T18:28+09:00SX-2000WG vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000066.html
SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives (HDD). SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service (DoS).
Note that this vulnerability is different from JVN#85571806.
Network Security Class Students, Teaching Assistants, and Mentors of Security Camp 2013 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000066http://jvn.jp/en/jp/JVN35998716/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3890http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3890https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:silex:sx-2000wg_firmware2014-07-07T18:34+09:002014-07-02T15:20+09:002014-07-07T18:34+09:00RockDisk vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000069.html
RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability.
NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2014-000069http://jvn.jp/jp/JVN74608669/index.htmlhttp://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000096.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3887https://nvd.nist.gov/vuln/detail/CVE-2014-3887https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:rockdiskcpe:/o:i-o_data_device:rockdisk_firmware2017-05-17T17:07+09:002014-07-02T14:40+09:002017-05-17T17:07+09:00Becky! Internet Mail vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000071.html
Becky! Internet Mail contains a buffer overflow vulnerability.
Becky! Internet Mail contains an issue in processing responses from a POP3 server, which may result in a buffer overflow vulnerability.
Shingo HAYASHI of Cyber Defense Institute, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000071http://jvn.jp/en/jp/JVN35376006/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3891http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3891https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:rimarts_inc.:becky_internet_mail2014-07-10T17:05+09:002014-07-08T14:53+09:002014-07-10T17:05+09:00Seasar S2Struts vulnerable to ClassLoader manipulation
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000072.html
Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation (CVE-2014-0114). Consequently, Seasar S2Struts contains the same vulnerability.
Cybozu, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000072http://jvn.jp/en/jp/JVN19118282/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3893https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:the_seasar_foundation:s2struts2014-07-15T14:44+09:002014-07-15T14:44+09:002014-07-15T14:44+09:00Cybozu Garoon CGI vulnerable to remote command execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000073.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability.
Masaaki Chida of GREE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000073http://jvn.jp/en/jp/JVN42024228/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1987http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1987https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-07-23T11:00+09:002014-07-15T14:44+09:002014-07-23T11:00+09:00Cybozu Garoon 3 API access restriction bypass vulnerability
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000074.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability (CWE-264) when using Garoon APIs.JVNDB-2014-000074http://jvn.jp/en/jp/JVN31082531/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1996http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1996https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-07-23T11:00+09:002014-07-15T14:45+09:002014-07-23T11:00+09:00Cybozu Garoon vulnerable to cross-site scritping
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000075.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability (CWE-79).JVNDB-2014-000075http://jvn.jp/en/jp/JVN97558950/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1995http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1995https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-07-23T11:01+09:002014-07-15T14:45+09:002014-07-23T11:01+09:00Cybozu Garoon vulnerable to cross-site scritping
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000076.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability (CWE-79).JVNDB-2014-000076http://jvn.jp/en/jp/JVN80583739/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1994http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1994https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-07-23T11:01+09:002014-07-15T14:46+09:002014-07-23T11:01+09:00Cybozu Garoon vulnerable to access restriction bypass
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000077.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability (CWE-264).JVNDB-2014-000077http://jvn.jp/en/jp/JVN75990997/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1993http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1993https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-07-23T11:01+09:002014-07-15T14:46+09:002014-07-23T11:01+09:00Cybozu Garoon vulnerable to cross-site scritping
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000078.html
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability (CWE-79).JVNDB-2014-000078http://jvn.jp/en/jp/JVN94838679/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1992http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1992https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2014-07-23T11:01+09:002014-07-15T14:47+09:002014-07-23T11:01+09:00Multifunctional MailForm Free vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000079.html
Multifunctional MailForm Free provided by PHP Kobo contains a cross-site scripting vulnerability.
Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting.JVNDB-2014-000079http://jvn.jp/en/jp/JVN41028866/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3894http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3894https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:php_kobo:mailform012014-07-23T11:02+09:002014-07-16T15:13+09:002014-07-23T11:02+09:00Meridian vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000080.html
Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability.
Kazuyuki Matsuda reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000080http://jvn.jp/en/jp/JVN36028879/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3892http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3892https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nexatechnologies:meridian2014-07-23T11:02+09:002014-07-18T13:47+09:002014-07-23T11:02+09:00File Explorer vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000081.html
File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000081http://jvn.jp/en/jp/JVN84335912/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1973http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1973https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nextapp:file_explorer2014-07-23T11:02+09:002014-07-18T13:48+09:002014-07-23T11:02+09:00FuelPHP vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000082.html
FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the Request_Curl class, which may result in arbitrary code execution.
Masaaki Chida of GREE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000082http://jvn.jp/en/jp/JVN94791545/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1999http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1999https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fuelphp:fuelphp2014-07-23T11:03+09:002014-07-18T13:50+09:002014-07-23T11:03+09:00WisePoint vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000084.html
WisePoint provided by Falcon System Consulting, Inc. contains a session fixation vulnerability.
Hiroki Ikemoto of NTT SOFT SERVICE Corp. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000084http://jvn.jp/en/jp/JVN49672671/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3909http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3909https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:falcon_system_consulting:wisepoint2014-09-09T15:02+09:002014-09-04T16:46+09:002014-09-09T15:02+09:00GOM Player vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000085.html
GOM Player provided by Gretech contains a denial-of-service (DoS) vulnerability due to an issue in processing an image file.
Security Engineering Laboratory, IT Security Center(ISEC), IPA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000085http://jvn.jp/en/jp/JVN32726697/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3899http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3899https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gomlab:gom_media_player2014-08-13T18:29+09:002014-08-06T15:22+09:002014-08-13T18:29+09:00Outlook.com for Android contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000086.html
Outlook.com for Android contains an issue where it fails to verify SSL server certificates.
Koki Takahashi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000086http://jvn.jp/en/jp/JVN72950786/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5239http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5239https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:outlook.com2014-08-18T10:09+09:002014-07-30T15:11+09:002014-08-18T10:09+09:00Multiple I-O DATA IP Cameras vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000087.html
Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.JVNDB-2014-000087http://jvn.jp/en/jp/JVN94592501/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3895http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3895http://www.ipa.go.jp/security/ciadr/vul/20140729-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmwarecpe:/o:i-o_data_device:ts-ptcam_firmwarecpe:/o:i-o_data_device:ts-wlc2_firmwarecpe:/o:i-o_data_device:ts-wlcam%2Fv_camera_firmwarecpe:/o:i-o_data_device:ts-wlcam_camera_firmwarecpe:/o:i-o_data_device:ts-wptcam_firmware2014-08-01T18:30+09:002014-07-29T14:24+09:002014-08-01T18:30+09:00PerlMailer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000088.html
PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability.
Koki Takahashi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.JVNDB-2014-000088http://jvn.jp/en/jp/JVN85748534/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3897http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3897https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:homepage_decorator:perlmailer2014-08-01T18:28+09:002014-07-29T14:20+09:002014-08-01T18:28+09:00acmailer contains a cross-site request forgery vulnerability
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000089.html
Several cgi programs in acmailer contain a cross-site request forgery vulnerability.
Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000089http://jvn.jp/en/jp/JVN42511610/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3896http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3896https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:seeds:acmailer2014-08-01T18:29+09:002014-07-29T14:15+09:002014-08-01T18:29+09:00ServerView Operations Manager vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000091.html
ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability.
TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000091http://jvn.jp/en/jp/JVN22534185/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3898http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3898https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:serverview_operations_manager2014-08-18T10:05+09:002014-08-01T15:42+09:002014-08-18T10:05+09:00Piwigo vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000092.html
Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000092http://jvn.jp/en/jp/JVN80310172/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1980http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1980https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:piwigo:piwigo2014-08-15T13:35+09:002014-08-08T13:49+09:002014-08-15T13:35+09:00Piwigo vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000093.html
Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000093http://jvn.jp/en/jp/JVN09717399/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3900http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3900https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:piwigo:piwigo2014-08-19T16:48+09:002014-08-08T13:52+09:002014-08-19T16:48+09:00Piwigo vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000094.html
Piwigo is a software to manage and host image files on the web. Piwigo contains a SQL injection vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000094http://jvn.jp/en/jp/JVN87962145/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4649https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:piwigo:piwigo2014-08-08T13:57+09:002014-08-08T13:57+09:002014-08-08T13:57+09:00Shutter vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000095.html
Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000095http://jvn.jp/en/jp/JVN48039501/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3904http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3904https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tenfourzero:shutter2015-01-15T17:47+09:002014-08-15T13:24+09:002015-01-15T17:47+09:00Shutter vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000096.html
Shutter provided by tenfourzero is a web package allowing users to share their photos. Shutter contains a cross-site scripting vulnerability, which can be exploited through the SQL injection vulnerability (JVN#48039501).
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000096http://jvn.jp/en/jp/JVN04455183/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3905http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3905https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tenfourzero:shutter2014-08-19T16:27+09:002014-08-15T13:27+09:002014-08-19T16:27+09:00Dominion KX2-101 vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000097.html
Dominion KX2-101 provided by Raritan Japan, Inc. contains a denial-of-service (DoS) vulnerability.
Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service (DoS) vulnerability.
Yusuke Okano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000097http://jvn.jp/en/jp/JVN07957080/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3901http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3901https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:raritan:dominion2014-08-18T09:44+09:002014-08-12T14:03+09:002014-08-18T09:44+09:00Ameba for Android contains an issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000098.html
Ameba for Android contains an issue where it fails to verify SSL server certificates.
Koki Takahashi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000098http://jvn.jp/en/jp/JVN27702217/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3902http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3902https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cyberagent:ameba2014-08-18T12:22+09:002014-08-14T12:32+09:002014-08-18T12:22+09:00Advance-Flow vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000099.html
Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000099http://jvn.jp/en/jp/JVN20812625/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3906http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3906https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:osk:advance-flowcpe:/a:osk:advance-flow_forms2014-08-20T16:26+09:002014-08-19T12:35+09:002014-08-20T16:26+09:00Cakifo vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000100.html
Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000100http://jvn.jp/en/jp/JVN27531188/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3903http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3903https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:Jayj:cakifo2014-08-20T16:30+09:002014-08-18T13:32+09:002014-08-20T16:30+09:00MailPoet Newsletters vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000101.html
MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability.
Yoshinori Matsumoto reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000101http://jvn.jp/en/jp/JVN94409737/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3907http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3907https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mailpoet:mailpoet_newsletters2014-08-28T18:13+09:002014-08-26T13:33+09:002014-08-28T18:13+09:00Kindle App for Android fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000102.html
Kindle App for Android fails to verify SSL server certificates.
Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000102http://jvn.jp/en/jp/JVN17637243/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3908http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3908https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:amazon:kindle2014-09-03T18:25+09:002014-08-29T13:38+09:002014-09-03T18:25+09:00EmFTP may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000103.html
EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" (without an extension) and an executable "example.exe" are in the same directory, attemtping to open the file "example" will result in the execution of "example.exe".JVNDB-2014-000103http://jvn.jp/en/jp/JVN50367052/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3910http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3910https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:emurasoft:emftp_professionalcpe:/a:emurasoft:emftp_standard2014-09-09T15:15+09:002014-09-04T16:36+09:002014-09-09T15:15+09:00Movable Type vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000104.html
Movable Type provided by Six Apart, Ltd. contains a cross-site scripting vulnerability.
Movable Type contains an issue in processing the management page, which may result in a cross-site scripting vulnerability.
Saeki Tominaga reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000104http://jvn.jp/en/jp/JVN73357573/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5313http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5313https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2014-09-11T16:56+09:002014-09-09T15:02+09:002014-09-11T16:56+09:00Help Page in multiple Adobe products vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000105.html
The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000105http://jvn.jp/en/jp/JVN84376800/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5315http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5315https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:acrobatcpe:/a:adobe:coldfusion2014-09-29T11:42+09:002014-09-12T14:00+09:002014-09-29T11:42+09:00365 Links series vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000106.html
365 Links series provided by php365.com are link directory management tools. 365 Links series contain a cross-site scripting vulnerability.
Koki Takahashi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000106http://jvn.jp/en/jp/JVN36205251/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5317http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5317https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:php365:365_linkscpe:/a:php365:365_links%2Bcpe:/a:php365:365_links2cpe:/a:php365:365_links2%2B2014-09-19T13:33+09:002014-09-17T15:23+09:002014-09-19T13:33+09:00SLFileManager for Android vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000107.html
SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000107http://jvn.jp/en/jp/JVN16485017/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5319https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5319https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:s-link:slfilemanager2015-07-31T16:30+09:002014-09-25T14:52+09:002015-07-31T16:30+09:00jigbrowser+ for iOS same origin policy bypass
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000108.html
jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy.
Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000108http://jvn.jp/en/jp/JVN80531230/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5318http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5318https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jig_jp_co:jigbrowser%2B2014-09-29T11:47+09:002014-09-25T14:52+09:002014-09-29T11:47+09:00Bump for Android vulnerable in handling of implicit intents
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000109.html
Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000109http://jvn.jp/en/jp/JVN08994136/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5320http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5320https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bump_project:bump2014-09-25T17:44+09:002014-09-19T13:41+09:002014-09-25T17:44+09:00Dotclear vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000110.html
Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000110http://jvn.jp/en/jp/JVN61637002/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5316http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5316https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dotclear:dotclear2014-09-25T17:52+09:002014-09-19T13:42+09:002014-09-25T17:52+09:00Yuko Yuko App for Android fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000111.html
Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates.
Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000111http://jvn.jp/en/jp/JVN04560253/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5323https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yuko_yuko_yuko_yuko_for_android2014-09-22T13:50+09:002014-09-22T13:50+09:002014-09-22T13:50+09:00N-Media file uploader vulnerability in handling uploaded files
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000112.html
N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability (CWE-264) in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000112http://jvn.jp/en/jp/JVN87863382/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5324http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5324https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:najeebmedia:n-media_file_uploader2014-09-29T11:39+09:002014-09-25T14:53+09:002014-09-29T11:39+09:00FileMaker Pro vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000113.html
FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting.
NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-3640.JVNDB-2014-000113http://jvn.jp/en/jp/JVN53579095/index.htmlhttp://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000049.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5322http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5322https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:claris:filemaker_procpe:/a:claris:filemaker_pro_advanced2015-05-22T11:37+09:002014-09-18T20:36+09:002015-05-22T11:37+09:00FileMaker Pro fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000114.html
FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate.
NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-2319.JVNDB-2014-000114http://jvn.jp/en/jp/JVN85812843/index.htmlhttp://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000048.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5321http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5321https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:claris:filemaker_procpe:/a:claris:filemaker_pro_advanced2014-09-24T18:47+09:002014-09-18T20:36+09:002014-09-24T18:47+09:00Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000116.html
Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates.
Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN.
JPCERT/CC coordinated with Yahoo Japan Corporation to publish this JVN advisory under the Information Security Early Warning Partnership.JVNDB-2014-000116http://jvn.jp/en/jp/JVN48270605/index.htmlhttp://jvn.jp/vu/JVNVU90369988/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5881http://www.kb.cert.org/vuls/id/582497https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yahoo_japan_yahoo_box_for_android2014-09-25T14:54+09:002014-09-25T14:54+09:002014-09-25T14:54+09:00Direct Web Remoting (DWR) vulnerable to XML external entity injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000117.html
Direct Web Remoting (DWR) is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability (CWE-611).
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000117http://jvn.jp/en/jp/JVN91502163/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5325http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5325https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:directwebremoting:direct_web_remoting2014-11-25T17:50+09:002014-11-14T14:33+09:002014-11-25T17:50+09:00Direct Web Remoting (DWR) vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000118.html
Direct Web Remoting (DWR) is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability (CWE-79).
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000118http://jvn.jp/en/jp/JVN52422792/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5326http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5326https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:directwebremoting:direct_web_remoting2014-11-25T17:51+09:002014-11-14T14:37+09:002014-11-25T17:51+09:00Huawei E5332 vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000119.html
Huawei E5332 contains a denial-of-service (DoS) vulnerability.
Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting.
Shuto Imai of Chukyo Univ. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000119https://jvn.jp/en/jp/JVN63587560/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5328http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5328https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:huawei:e53322014-10-21T15:15+09:002014-10-10T14:02+09:002014-10-21T15:15+09:00Huawei E5332 vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000120.html
Huawei E5332 contains a denial-of-service (DoS) vulnerability.
Huawei E5332 provided by Huawei Technologies is a mobile router.
Huawei E5332 contain an issue when processing a URL that is extremely long, which may lead to the device to terminate abnormally.
Shuto Imai of Chukyo Univ. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000120http://jvn.jp/en/jp/JVN58417930/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5327http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5327https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:huawei:e53322014-10-21T15:11+09:002014-10-10T14:03+09:002014-10-21T15:11+09:00BirdBlog vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000121.html
BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000121http://jvn.jp/en/jp/JVN87373393/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5330https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:birdblog:birdblog2014-10-16T13:26+09:002014-10-16T13:26+09:002014-10-16T13:26+09:00Aflax vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000122.html
Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000122http://jvn.jp/en/jp/JVN66285408/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5331http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5331https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aptana:aflax2014-10-24T18:32+09:002014-10-16T13:35+09:002014-10-24T18:32+09:00GIGAPOD vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000123.html
GIGAPOD provided by TripodWorks CO.,LTD. contains a denial-of-service (DoS) vulnerability.
GIGAPOD file servers (Appliance model and Software model) from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interface via port 8001. The administrative web interface uses a version of the Apache HTTP server which contains a flaw in handling HTTP requests (CVE-2011-3192). As a result, GIGAPOD contains a denial-of-service (DoS) vulnerability.
Teruo Yamada of IOS Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000123http://jvn.jp/en/jp/JVN23809730/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5329https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:tripodworks_gigapod2014-10-16T13:51+09:002014-10-16T13:51+09:002014-10-16T13:51+09:00TSUTAYA App for Android vulnerable to arbitrary Java method execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000124.html
TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000124http://jvn.jp/en/jp/JVN97384696/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7241http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7241https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tsutaya:tsutaya2014-12-22T17:52+09:002014-12-18T13:41+09:002014-12-22T17:52+09:00SumaHo for Android fails to verify SSL/TLS server certificates
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000125.html
SumaHo for Android fails to verify SSL/TLS server certificates.
Hiroshi Kumagai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000125http://jvn.jp/en/jp/JVN27388160/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7242https://nvd.nist.gov/vuln/detail/CVE-2014-7242https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ms-ins:sumahocpe:/a:ms-ins:sumaho_driving_capability_diagnosis2018-03-07T14:24+09:002014-10-23T13:43+09:002018-03-07T14:24+09:00QNAP QTS vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000126.html
QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability (CWE-78).
Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000126http://jvn.jp/en/jp/JVN55667175/index.htmlhttps://jvn.jp/vu/JVNVU97219505/index.htmlhttp://jvn.jp/vu/JVNVU97220341/index.htmlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004399.htmlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004410.htmlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004431.htmlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004476.htmlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004432.htmlhttp://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004433.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187http://www.kb.cert.org/vuls/id/252743https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:qnap:qts2015-12-25T13:47+09:002014-10-28T14:39+09:002015-12-25T13:47+09:00OpenAM vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000129.html
OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service (DoS) vulnerability due to a flaw in processing Cookies (CWE-400).
Yasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000129http://jvn.jp/en/jp/JVN65559247/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7246https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7246http://www.ipa.go.jp/security/ciadr/vul/20141110-jvn.htmlhttps://www.osstech.co.jp/support/am20141106-1-enhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:forgerock:openam2014-11-20T10:09+09:002014-11-10T14:23+09:002014-11-20T10:09+09:00Multiple Cybozu products vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000130.html
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability (CWE-119).
Masaaki Chida of GREE, Inc. reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000130http://jvn.jp/en/jp/JVN14691234/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5314http://www.ipa.go.jp/security/ciadr/vul/20141111-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:deziecpe:/a:cybozu:mailwisecpe:/a:cybozu:office2014-11-25T17:52+09:002014-11-11T13:36+09:002014-11-25T17:52+09:00Ichitaro series vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000131.html
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution.
This vulnerability differs from other issues that were previously published on JVN.
For more information, please refer to the developer's website.JVNDB-2014-000131http://jvn.jp/jp/JVN16318793/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7247http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7247http://www.ipa.go.jp/security/ciadr/vul/20141113-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_pro2014-11-27T17:58+09:002014-11-13T16:52+09:002014-11-27T17:58+09:00Multiple Allied Telesis products vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000132.html
AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability (CWE-788) due to a flaw when processing a POST method.JVNDB-2014-000132http://jvn.jp/en/jp/JVN22440986/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7249https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7249http://www.ipa.go.jp/security/ciadr/vul/20141218-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:allied_telesis_k.k.:ar440scpe:/h:allied_telesis_k.k.:ar441scpe:/h:allied_telesis_k.k.:ar442scpe:/h:allied_telesis_k.k.:ar745cpe:/h:allied_telesis_k.k.:ar750scpe:/h:allied_telesis_k.k.:ar750s-dpcpe:/h:allied_telesis_k.k.:at-8624poecpe:/h:allied_telesis_k.k.:at-8624t%2F2mcpe:/h:allied_telesis_k.k.:at-8648t%2F2spcpe:/h:allied_telesis_k.k.:at-8848cpe:/h:allied_telesis_k.k.:at-9924tcpe:/h:allied_telesis_k.k.:centrecom_8700xlcpe:/h:allied_telesis_k.k.:centrecom_8724slcpe:/h:allied_telesis_k.k.:centrecom_8948xlcpe:/h:allied_telesis_k.k.:centrecom_9812tcpe:/h:allied_telesis_k.k.:centrecom_9816gbcpe:/h:allied_telesis_k.k.:centrecom_9924spcpe:/h:allied_telesis_k.k.:centrecom_9924t%2f4spcpe:/h:allied_telesis_k.k.:centrecom_9924tscpe:/h:allied_telesis_k.k.:centrecom_ar300cpe:/h:allied_telesis_k.k.:centrecom_ar300lcpe:/h:allied_telesis_k.k.:centrecom_ar320cpe:/h:allied_telesis_k.k.:centrecom_ar410%28s%29cpe:/h:allied_telesis_k.k.:centrecom_ar415scpe:/h:allied_telesis_k.k.:centrecom_ar450scpe:/h:allied_telesis_k.k.:centrecom_ar550scpe:/h:allied_telesis_k.k.:centrecom_ar560scpe:/h:allied_telesis_k.k.:centrecom_ar570scpe:/h:allied_telesis_k.k.:centrecom_ar720%28s%29cpe:/h:allied_telesis_k.k.:centrecom_ar740%28s%29cpe:/h:allied_telesis_k.k.:centrecom_ar8700slcpe:/h:allied_telesis_k.k.:rapier_48icpe:/h:allied_telesis_k.k.:switchblade40002015-01-28T17:38+09:002014-12-18T14:47+09:002015-01-28T17:38+09:00iLogScanner vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000133.html
iLogScanner contains a cross-site scripting vulnerability.
iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability (CWE-79) due to a flaw when processing analysis results and outputting the results into a HTML page.
Shinya Mizutani of NTT NEOMEIT CORPORATION and Kazuhiko Kusano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000133http://jvn.jp/jp/JVN89852154/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7248http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7248https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:ilogscanner2014-11-18T18:22+09:002014-11-14T14:38+09:002014-11-18T18:22+09:00BSD Operating Systems vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000134.html
BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service (DoS) vulnerability.
Hiroki Takakura reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000134http://jvn.jp/en/jp/JVN07930208/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7250https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7250https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:freebsd:freebsd2014-12-16T17:08+09:002014-11-21T14:10+09:002014-12-16T17:08+09:00SEIL Series routers vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000135.html
SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to an issue in processing NTP requests.
Note that this vulnerability is different from JVN#04895240.JVNDB-2014-000135http://jvn.jp/en/jp/JVN21907573/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7255http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7255https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx2cpe:/h:iij:seil_x86_fuji2014-12-09T15:32+09:002014-12-01T15:18+09:002014-12-09T15:32+09:00SEIL Series routers vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000136.html
The PPP Access Concentrator (PPPAC) and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to an issue in processing certain packets (CWE-119).
Note that this vulnerability is different from JVN#21907573.JVNDB-2014-000136http://jvn.jp/en/jp/JVN04895240/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7256http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7256https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fneu_2fe_pluscpe:/h:iij:seil%2Fturbocpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx2cpe:/h:iij:seil_x86_fuji2014-12-09T15:31+09:002014-12-01T15:24+09:002014-12-09T15:31+09:00Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000137.html
The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities.
The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors.
The Syslink driver contains multiple vulnerabilities where userland data is not properly validated prior to use. Exploitation of these vulnerabilities may lead to arbitrary code execution or kernel memory content disclosure.
Masaaki Chida of GREE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000137http://jvn.jp/en/jp/JVN67792023/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7252http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7252https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:multiple_vendors2014-12-09T15:34+09:002014-12-02T13:56+09:002014-12-09T15:34+09:00OS command injection vulnerability in multiple FUJITSU Android devices
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000138.html
Multiple FUJITSU Android devices contain an OS command injection vulnerability.
Masaaki Chida of GREE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000138http://jvn.jp/en/jp/JVN06302787/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7253http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7253https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:multiple_vendors2014-12-09T15:33+09:002014-12-02T14:21+09:002014-12-09T15:33+09:00ARROWS Me F-11D vulnerability where arbitrary areas may be accessed
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000139.html
ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed.
FUKAUMI Naoki of SOUM Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000139http://jvn.jp/en/jp/JVN61593104/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7254http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7254https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:fujitsu:arrows_me_f-11d2014-12-08T16:06+09:002014-12-02T14:26+09:002014-12-08T16:06+09:00LG Electronics mobile access routers lack access restrictions
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000140.html
LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface.
Taiga Asano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000140http://jvn.jp/en/jp/JVN71762315/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7243http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7243https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:lg_electronics:l-03ecpe:/h:lg_electronics:l-04dcpe:/h:lg_electronics:l-09c2014-12-08T16:07+09:002014-12-02T14:27+09:002014-12-08T16:07+09:00FAST/TOOLS vulnerable to improper restriction of XML external entity references
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000141.html
FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity (XXE) references are not properly restricted (CWE-611).
Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000141http://jvn.jp/en/jp/JVN54775800/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7251http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7251https://ics-cert.us-cert.gov/advisories/ICSA-14-343-01https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:yokogawa:scada_software_%28fast%2ftools%292014-12-10T10:16+09:002014-11-28T14:54+09:002014-12-10T10:16+09:00DBD::PgPP vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000142.html
DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability.
Toshiharu Sugiyama reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000142http://jvn.jp/en/jp/JVN70490316/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7257https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:dbd%3A%3Apgpp_dbd%3A%3Apgpp2014-12-03T15:09+09:002014-12-03T15:09+09:002014-12-03T15:09+09:00"File Upload BBS" of i-HTTPD vulnerable to remote command execution
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000143.html
i-HTTPD is a web server for Windows, implementing Server Side Includes (SSI). i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files (CWE-97).
Yamagata of webappsec.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000143http://jvn.jp/en/jp/JVN16406395/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7260https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7260https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ultrapop:i-httpd2014-12-16T17:10+09:002014-12-09T14:40+09:002014-12-16T17:10+09:00i-HTTPD vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000144.html
i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting (CWE-79).
Note that this vulnerability is different from JVN#87910097.
Yamagata of webappsec.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000144http://jvn.jp/en/jp/JVN89613370/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7261https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7261https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ultrapop:i-httpd2014-12-16T17:09+09:002014-12-09T14:41+09:002014-12-16T17:09+09:00"Omake BBS" of i-HTTPD vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000145.html
i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability (CWE-79).
Yamagata of webappsec.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000145http://jvn.jp/en/jp/JVN98097877/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7262https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7262https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ultrapop:i-httpd2014-12-15T19:16+09:002014-12-09T14:44+09:002014-12-15T19:16+09:00i-HTTPD vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000146.html
i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting (CWE-79).
Note that this vulnerability is different from JVN#89613370.
Yamagata of webappsec.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000146http://jvn.jp/en/jp/JVN87910097/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7263https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7263https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ultrapop:i-httpd2014-12-09T14:45+09:002014-12-09T14:45+09:002014-12-09T14:45+09:00KENT-WEB Clip Board vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000147.html
KENT-WEB Clip Board is a bulletin board software that a user can upload binary files such as image files. Clip Board contains a cross-site scripting vulnerability.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000147https://jvn.jp/en/jp/JVN12798709/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7258http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7258https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:clip_board2014-12-08T16:03+09:002014-12-04T12:22+09:002014-12-08T16:03+09:00Kaku-San-Sei Million Arthur for Android information management vulnerability
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000148.html
Kaku-San-Sei Million Arthur provided by SQUARE ENIX CO., LTD. is a gaming application. Kaku-San-Sei Million Arthur for Android contains an information management vulnerability.
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000148http://jvn.jp/en/jp/JVN24909891/index.html//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7259http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7259https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:square_enix_co_ltd:kaku_san_sei_million_aruthur2014-12-08T16:05+09:002014-12-04T12:28+09:002014-12-08T16:05+09:00Chyrp vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000149.html
Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability.
Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000149http://jvn.jp/en/jp/JVN13160869/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7264http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7264https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:chyrp:chyrp2014-12-15T18:06+09:002014-12-10T14:18+09:002014-12-15T18:06+09:00LinPHA vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000150.html
LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000150http://jvn.jp/en/jp/JVN61181790/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7265https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7265https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:linpha:linpha2014-12-16T17:07+09:002014-12-12T13:48+09:002014-12-16T17:07+09:00WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000151.html
WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS (Work Breakdown Structure) and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting (CWE-79).
Note that this vulnerability is different from JVN#76515134.
KUSANO Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000151http://jvn.jp/en/jp/JVN09289074/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7267https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7267https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ricksoft:wbs_gantt-chart2014-12-22T17:30+09:002014-12-18T14:48+09:002014-12-22T17:30+09:00WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000152.html
WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS (Work Breakdown Structure) and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting (CWE-79).
Note that this vulnerability is different from JVN#09289074.
KUSANO Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-000152http://jvn.jp/en/jp/JVN76515134/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7268https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7268https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ricksoft:wbs_gantt-chart2014-12-22T17:33+09:002014-12-18T14:49+09:002014-12-22T17:33+09:00A Problem of CPU Consumption in Host Data Collector bundled with Hitachi Device Manager Software
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-001203.html
Host Data Collector bundled with Hitachi Device Manager Software contains a problem of CPU consumption.JVNDB-2014-001203https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:device_manager2015-03-03T16:59+09:002014-01-22T18:06+09:002015-03-03T16:59+09:00JP1/Integrated Management - Service Support vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-001593.html
JP1/Integrated Management - Service Support has a cross-site scripting vulnerability, which occurs when receiving a request that contains malicious scripts when being used with JP1/Integrated Management - View.JVNDB-2014-001593https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_integrated_management2015-03-03T16:59+09:002014-03-11T15:54+09:002015-03-03T16:59+09:00JP1/File Transmission Server / FTP vulnerable to access control violation
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-001594.html
JP1/File Transmission Server/FTP has a vulnerability where an FTP client with limited access rights can bypass the access control and access arbitrary directories on the FTP server when enabling the directory access control function.JVNDB-2014-001594https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_file_transmission_server_ftp2015-03-03T16:59+09:002014-03-11T16:33+09:002015-03-03T16:59+09:00Cacti vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-002239.html
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site request forgery vulnerability (CWE-352).
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-002239http://jvn.jp/en/jp/JVN55076671/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2327http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2327https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cacti:cacti2015-07-09T14:41+09:002015-07-09T14:41+09:002015-07-09T14:41+09:00Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-002800.html
Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option contains cross-site scripting and cross-site request forgery (CSRF) vulnerabilities.
These vulnerabilities can not be exploited, unless logging in these products.JVNDB-2014-002800http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4188http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4189http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4188http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4189https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_performance_managementcpe:/a:hitachi:tuning_manager2015-03-03T16:59+09:002014-06-12T11:43+09:002015-03-03T16:59+09:00Xml eXternal Entity Vulnerability in XML link function of Hitachi COBOL2002
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-002802.html
XML link function of Hitachi COBOL2002 contains vulnerabilities to conduct information leakage or cause a denial of service (DoS) condition.JVNDB-2014-002802https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cobol2002_developer_professionalcpe:/a:hitachi:cobol2002_net_client_runtimecpe:/a:hitachi:cobol2002_net_client_suitecpe:/a:hitachi:cobol2002_net_developercpe:/a:hitachi:cobol2002_net_server_runtimecpe:/a:hitachi:cobol2002_net_server_suitecpe:/a:hitachi:cobol2002_professional_option_for_developer2015-03-03T16:59+09:002014-06-12T11:43+09:002015-03-03T16:59+09:00Safari issue in handling application cache
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-004316.html
Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-004316http://jvn.jp/vu/JVNVU93868849/index.htmlhttp://jvn.jp/en/jp/JVN45442753/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4409http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4409http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:safaricpe:/o:apple:iphone_os2014-09-25T14:54+09:002014-09-25T14:54+09:002014-09-25T14:54+09:00Vulnerability in JP1/NETM/DM and Job Management Partner 1/Software Distribution data reproduction functionality
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-004833.html
JP1/NETM/DM and Job Management Partner 1/Software Distribution contain a vulnerability that prevents them from disabling writing to built-in USB storage devices.JVNDB-2014-004833https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_software_distribution_clientcpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:jp1_netm-dm_managercpe:/a:hitachi:jp1_netm_dm_client2015-03-03T16:59+09:002014-11-11T15:33+09:002015-03-03T16:59+09:00Multiple buffer overflows in Hitachi JP1/Cm2/Network Node Manager i
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-005986.html
Multiple buffer overflow vulnerabilities exist in JP1/Cm2/Network Node Manager i.JVNDB-2014-005986https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2016-02-26T17:32+09:002014-12-16T17:30+09:002016-02-26T17:32+09:00Multiple Vulnerabilities in JP1/Cm2/Network Node Manager i
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-005987.html
JP1/Cm2/Network Node Manager i contains cross-site scripting and execution of arbitrary code vulnerabilities.JVNDB-2014-005987https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2016-02-26T17:52+09:002014-12-16T17:31+09:002016-02-26T17:52+09:00Welcart vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-007612.html
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection (CWE-89) vulnerability due to the processing of changeSort parameter in admin.php.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2014-007612http://jvn.jp/en/jp/JVN92828286/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10017http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-10017http://packetstormsecurity.com/files/125513https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:collne:welcart_plugin2015-07-24T14:52+09:002015-07-24T14:52+09:002015-07-24T14:52+09:00