JVNDB RSS Feed - 2012 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-24T09:10:24+09:002024-03-24T09:10:24+09:00Cogent DataHub vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability.
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000001http://jvn.jp/en/jp/JVN12983784/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0309http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0309http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdfhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cogentdatahub:cascade_datahubcpe:/a:cogentdatahub:cogent_datahubcpe:/a:cogentdatahub:opc_datahub2012-01-13T15:57+09:002012-01-11T15:22+09:002012-01-13T15:57+09:00Cogent DataHub vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability (also known as CRLF, carriage return line feed, injection vulnerability).
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000002http://jvn.jp/en/jp/JVN63249231/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0310http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0310http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdfhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cogentdatahub:cascade_datahubcpe:/a:cogentdatahub:cogent_datahubcpe:/a:cogentdatahub:opc_datahub2012-01-13T16:08+09:002012-01-11T15:12+09:002012-01-13T16:08+09:00Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html
CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability.
CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS).
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000003http://jvn.jp/en/jp/JVN78901873/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4057http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4057http://www.kb.cert.org/vuls/id/659515https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wibu:codemeter_runtime2012-01-11T15:02+09:002012-01-11T15:02+09:002012-01-11T15:02+09:00osCommerce Japanese version vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000004.html
osCommerce Japanese version contains a cross-site scripting vulnerability.
osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000004http://jvn.jp/en/jp/JVN36559450/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0311http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0311https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oscommerce:oscommerce2012-01-20T16:23+09:002012-01-20T16:23+09:002012-01-20T16:23+09:00osCommerce vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000005.html
osCommerce contains a cross-site scripting vulnerability.
osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000005http://jvn.jp/en/jp/JVN64386898/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0312http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0312https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oscommerce:oscommerce2012-04-26T16:58+09:002012-01-20T16:15+09:002012-04-26T16:58+09:00osCommerce vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000006.html
osCommerce contains a directory traversal vulnerability.
osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability.JVNDB-2012-000006http://jvn.jp/en/jp/JVN38216398/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2330http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2330https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oscommerce:oscommerce2012-01-20T16:09+09:002012-01-20T16:09+09:002012-01-20T16:09+09:00Oracle WebLogic Server vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000007.html
Oracle WebLogic Server contains a cross-site scripting vulnerability.
Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console.
Minetoshi Takizawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000007http://jvn.jp/en/jp/JVN54779201/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0077http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0077https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:oracle:weblogic_server2012-01-20T15:37+09:002012-01-20T15:37+09:002012-01-20T15:37+09:00glucose 2 vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000008.html
glucose 2 is vulnerable to arbitrary script execution.
glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000008http://jvn.jp/en/jp/JVN65869891/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0313http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0313https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:glucose:glucose_22012-01-23T18:27+09:002012-01-23T18:27+09:002012-01-23T18:27+09:00Multiple web browsers vulnerable in processing Tranfer-Encoding header
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000009.html
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header.
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server.
Kazuho Oku reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000009https://jvn.jp/en/jp/JVN90389651/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorercpe:/a:mozilla:firefox2012-07-30T14:53+09:002012-07-30T14:53+09:002012-07-30T14:53+09:00Pocket WiFi (GP02) vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000010.html
Pocket WiFi (GP02) contains a cross-site request forgery vulnerability.
Pocket WiFi (GP02) provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi (GP02) contains a cross-site request forgery vulnerability.
Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000010http://jvn.jp/en/jp/JVN33021167/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0314http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0314https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:emobile:pocket_wifi2012-02-01T14:12+09:002012-02-01T14:12+09:002012-02-01T14:12+09:00ALFTP may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000011.html
ALFTP may use unsafe methods for determining how to load executables.
ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files.
For example, if an user tries to open README (a file without extention) which exists in the same directory where README.exe (a file with .exe extention) exists, README.exe is executed instead of README.
Fumihiko Sano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000011http://jvn.jp/en/jp/JVN85695061/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0315http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0315https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:estsoft:alftp2012-02-13T15:58+09:002012-02-13T15:58+09:002012-02-13T15:58+09:00Apache Struts 2 vulnerable to an arbitrary Java method execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000012.html
Apache Struts 2 contains an arbitrary Java method execution vulnerability.
Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000012https://jvn.jp/en/jp/JVN79099262/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0838http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0838https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2012-02-10T14:29+09:002012-02-10T14:29+09:002012-02-10T14:29+09:00cforms II vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000013.html
cforms II contains a cross-site scripting vulnerability.
cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability.
Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000013http://jvn.jp/en/jp/JVN35256978/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3977http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3977https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:deliciousdays:cforms2012-02-15T17:14+09:002012-02-15T17:14+09:002012-02-15T17:14+09:00Multiple COOKPAD applications for Android vulnerable in WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000014.html
Multiple COOKPAD applications for Android contain a vulnerability in WebView class.
Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000014http://jvn.jp/en/jp/JVN25731073/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0316http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0316https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cookpad:android_activitiescpe:/a:cookpad:android_mykitchen2012-02-29T10:56+09:002012-02-22T14:44+09:002012-02-29T10:56+09:00Movable Type vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000015.html
Movable Type contains a cross-site request forgery vulnerability.
Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality.JVNDB-2012-000015https://jvn.jp/en/jp/JVN70683217/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0317http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0317https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2012-02-23T14:19+09:002012-02-23T14:19+09:002012-02-23T14:19+09:00Movable Type vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000016.html
Movable Type contains a cross-site scripting vulnerability.
mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability.JVNDB-2012-000016http://jvn.jp/en/jp/JVN49836527/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0318http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0318https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2012-02-23T14:20+09:002012-02-23T14:20+09:002012-02-23T14:20+09:00Movable Type vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000017.html
Movable Type contains an OS command injection vulnerability.
Movable Type contains an OS command injection vulnerability in its file management system.JVNDB-2012-000017http://jvn.jp/en/jp/JVN92683325/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0319http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0319https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2012-02-23T14:21+09:002012-02-23T14:21+09:002012-02-23T14:21+09:00Movable Type vulnerable to session hijacking
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000018.html
Movable Type contains a session hijacking vulnerability.
Movable Type contains a session hijacking vulnerability in entering comments and community functionality.JVNDB-2012-000018http://jvn.jp/en/jp/JVN20083397/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0320http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0320https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sixapart:movabletype2012-02-23T14:28+09:002012-02-23T14:28+09:002012-02-23T14:28+09:00Kingsoft Internet Security 2011 vulnerable to denial-of-service
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000019.html
Kingsoft Internet Security 2011 contains a denial-of-service (DoS) vulnerability.
Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service (DoS).
Satoshi TANDA of Fourteenforty Research Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000019http://jvn.jp/en/jp/JVN31517714/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0321http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0321https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kingsoft:internet_security2012-03-01T14:03+09:002012-03-01T14:03+09:002012-03-01T14:03+09:00ES File Explorer fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000020.html
ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted.
ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted.
Shiongu of satoweb and Masafumi Horimoto of HOLLY & Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000020http://jvn.jp/en/jp/JVN08871006/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0322http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0322https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:estrongs:es_file_explorer2012-03-05T15:50+09:002012-03-05T15:50+09:002012-03-05T15:50+09:00SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000021.html
The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability.
The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting vulnerability.
Masaki Konishi of M&K reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000021http://jvn.jp/en/jp/JVN56653852/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0323http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0323https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:squirrelmail:autocomplete2012-03-09T14:18+09:002012-03-09T14:18+09:002012-03-09T14:18+09:00Jenkins vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000022.html
Jenkins contains a cross-site scripting vulnerability.
Jenkins is a continuous integration (CI) tool. Jenkins contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#79950061.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000022https://jvn.jp/en/jp/JVN14791558/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0324http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0324https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cloudbees:jenkins2012-03-09T14:28+09:002012-03-09T14:28+09:002012-03-09T14:28+09:00Jenkins vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000023.html
Jenkins contains a cross-site scripting vulnerability.
Jenkins is a continuous integration (CI) tool.
Note that this vulnerability is different from JVN#14791558.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000023https://jvn.jp/en/jp/JVN79950061/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0325http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0325https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cloudbees:jenkins2012-03-09T14:35+09:002012-03-09T14:35+09:002012-03-09T14:35+09:00twicca fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000024.html
twicca contains an issue where access permissions are not restricted.
twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted.
Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000024http://jvn.jp/en/jp/JVN31860555/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0326http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0326https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tetsuya_aoyama:twicca2012-03-13T13:36+09:002012-03-13T13:36+09:002012-03-13T13:36+09:00Redmine vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000025.html
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Kousuke Ebihara reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000025http://jvn.jp/en/jp/JVN93406632/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0327http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0327https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:redmine:redmine2012-03-13T13:39+09:002012-03-13T13:39+09:002012-03-13T13:39+09:00Janetter vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000026.html
Janetter contains an information disclosure vulnerability.
Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability.
Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000026http://jvn.jp/en/jp/JVN10745573/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0328http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0328https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:janesoft_janetter2012-03-19T14:27+09:002012-03-19T14:27+09:002012-03-19T14:27+09:00Janetter vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000027.html
Janetter contains a cross-site request forgery vulnerability.
Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability.
Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000027http://jvn.jp/en/jp/JVN83459967/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1236http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1236https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:janesoft_janetter2012-03-19T14:31+09:002012-03-19T14:31+09:002012-03-19T14:31+09:00TOSHIBA TEC e-Studio series vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000028.html
Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability.
e-Studio is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass.JVNDB-2012-000028http://jvn.jp/en/jp/JVN92830293/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1239http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1239https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:toshibatec:e-studio-167_with_network_printer_kit_firmwarecpe:/a:toshibatec:e-studio-181_with_network_printer_kit_firmwarecpe:/a:toshibatec:e-studio-182_with_network_printer_kit_firmwarecpe:/a:toshibatec:e-studio-207_with_network_printer_kit_firmwarecpe:/a:toshibatec:e-studio-232_firmwarecpe:/a:toshibatec:e-studio-2330c_firmwarecpe:/a:toshibatec:e-studio-2500c_firmwarecpe:/a:toshibatec:e-studio-255p_firmwarecpe:/a:toshibatec:e-studio-255_firmwarecpe:/a:toshibatec:e-studio-281c_firmwarecpe:/a:toshibatec:e-studio-282_firmwarecpe:/a:toshibatec:e-studio-2830c_firmwarecpe:/a:toshibatec:e-studio-3500c_firmwarecpe:/a:toshibatec:e-studio-3510c_firmwarecpe:/a:toshibatec:e-studio-351c_firmwarecpe:/a:toshibatec:e-studio-3520c_firmwarecpe:/a:toshibatec:e-studio-352_firmwarecpe:/a:toshibatec:e-studio-355_firmwarecpe:/a:toshibatec:e-studio-451c_firmwarecpe:/a:toshibatec:e-studio-4520c_firmwarecpe:/a:toshibatec:e-studio-452_firmwarecpe:/a:toshibatec:e-studio-455_firmwarecpe:/a:toshibatec:e-studio-5520c_firmwarecpe:/a:toshibatec:e-studio-600_firmwarecpe:/a:toshibatec:e-studio-6520c_firmwarecpe:/a:toshibatec:e-studio-6530c_firmwarecpe:/a:toshibatec:e-studio-655_firmwarecpe:/a:toshibatec:e-studio-720_firmwarecpe:/a:toshibatec:e-studio-755_firmwarecpe:/a:toshibatec:e-studio-850_firmwarecpe:/a:toshibatec:e-studio-855_firmwarecpe:/a:toshibatec:e-studio-tf-182_with_network_printer_kit_firmware2012-04-05T16:40+09:002012-04-05T16:40+09:002012-04-05T16:40+09:00SENCHA SNS vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000029.html
SENCHA SNS contains a cross-site request forgery vulnerability.
SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability.
Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000029https://jvn.jp/en/jp/JVN44913777/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1237http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1237https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:icz:sencha_sns2012-04-05T16:41+09:002012-04-05T16:41+09:002012-04-05T16:41+09:00SENCHA SNS vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000030.html
SENCHA SNS contains a session fixation vulnerability.
SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability.
Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000030https://jvn.jp/en/jp/JVN97200417/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1238http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1238https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:icz:sencha_sns2012-04-05T16:41+09:002012-04-05T16:41+09:002012-04-05T16:41+09:00ActiveScriptRuby vulnerable to arbitrary Ruby script execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000031.html
ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on a web browser that can execute ActiveX controls when HTML is displayed.
ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed.
Moca reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000031http://jvn.jp/en/jp/JVN33283707/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1241http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1241https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:artonx.org:activescriptruby2012-04-13T14:08+09:002012-04-13T14:08+09:002012-04-13T14:08+09:00Dokodemo Rikunabi 2013 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000032.html
Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability.
Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability.
Kazuhiko Kusano of Graduate School of Information Sciences,Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000032http://jvn.jp/en/jp/JVN90055996/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1240http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1240https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:recruit:dokodemo_rikunabi_20132012-04-13T14:03+09:002012-04-13T14:03+09:002012-04-13T14:03+09:00TwitRocker2 (Android version) vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000033.html
TwitRocker2 (Android version) contains a vulnerability in the WebView class.
TwitRocker2 is a client software for using twitter. TwitRocker2 (Android version) contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000033http://jvn.jp/en/jp/JVN00000601/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1243http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1243https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:studiohitori:twitrocker2_android2012-04-20T12:21+09:002012-04-20T12:21+09:002012-04-20T12:21+09:00Multiple JustSystems products may insecurely load dynamic libraries
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000034.html
Multiple JustSystems products may use unsafe methods for determining how to load DLL's.
Multiple JustSystems products contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000034http://jvn.jp/en/jp/JVN95378720/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1242http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1242https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_governmentcpe:/a:justsystems:ichitaro_portablecpe:/a:justsystems:ichitaro_viewercpe:/a:justsystems:justschoolcpe:/a:justsystems:just_frontiercpe:/a:justsystems:just_jumpcpe:/h:justsystems:oreplug2012-04-24T13:36+09:002012-04-24T13:36+09:002012-04-24T13:36+09:00Multiple JustSystems products vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000035.html
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability.
Multiple products provided by JustSystems Corporation contain a buffer overflow vulnerability due to improper handling of image files.
Tielei Wang of Georgia Tech Information Security Center reported this vulnerability to JPCERT/CC via The Secunia Vulnerability Coordination Reward Programme (SVCRP).
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000035http://jvn.jp/en/jp/JVN09619876/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0269http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0269http://www.ipa.go.jp/security/english/vuln/201205_justsystem_en.htmlhttp://secunia.com/advisories/47363/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_governmentcpe:/a:justsystems:ichitaro_portablecpe:/a:justsystems:ichitaro_viewercpe:/a:justsystems:justschoolcpe:/a:justsystems:just_frontiercpe:/a:justsystems:just_jumpcpe:/a:justsystems:rekishimailcpe:/a:justsystems:shurikencpe:/h:justsystems:oreplug2012-05-09T19:49+09:002012-04-24T13:37+09:002012-05-09T19:49+09:00OSQA vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000036.html
OSQA (The Open Source Q&A system) contains a cross-site scripting vulnerability.
OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability.
Kousuke Ebihara reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000036http://jvn.jp/en/jp/JVN15503729/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1245http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1245https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:osqa:osqa2012-04-26T14:15+09:002012-04-26T14:15+09:002012-04-26T14:15+09:00sp mode mail issue in the verification of SSL certificates
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html
sp mode mail contains an issue in the verification of the SSL server certificate.
sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.
Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000037http://jvn.jp/en/jp/JVN82029095/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1244http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1244https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdocomo:spmode_mail_android2012-04-26T14:21+09:002012-04-26T14:21+09:002012-04-26T14:21+09:00WEB MART from KENT-WEB vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000041.html
WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability.
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting.
ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000041https://jvn.jp/en/jp/JVN47536971/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1246http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1246https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:kent-web_mart2012-05-15T16:44+09:002012-05-15T16:44+09:002012-05-15T16:44+09:00WEB MART from KENT-WEB vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000042.html
WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability.
WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting.
Isayama Takayoshi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000042https://jvn.jp/en/jp/JVN63941302/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1247http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1247http://blogs.msdn.com/b/ie/archive/2008/10/16/ending-expressions.aspxhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:kent-web_mart2012-05-15T16:53+09:002012-05-15T16:53+09:002012-05-15T16:53+09:00baserCMS vulnerable to session management
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000043.html
baserCMS contains a vulnerability in session management.
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability in session management.JVNDB-2012-000043http://jvn.jp/en/jp/JVN53465692/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1248http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1248https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2012-05-15T16:56+09:002012-05-15T16:56+09:002012-05-15T16:56+09:00iLunascape for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000044.html
iLunascape for Android contains a vulnerability in the WebView class.
iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000044https://jvn.jp/en/jp/JVN86044443/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1249http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1249https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lunascape:ilunascape2012-05-21T13:56+09:002012-05-21T13:56+09:002012-05-21T13:56+09:00Drupal Form API fails to validate the redirect URL
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000045.html
Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure.
Drupal is a content management system (CMS). Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure.
Katsuhiko Nakanishi from NEC Nexsolutions, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000045https://jvn.jp/en/jp/JVN45898075/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1589http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1589https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:drupal:drupal_core2012-05-17T13:55+09:002012-05-17T13:55+09:002012-05-17T13:55+09:00Flash Player issue in implementations of the Same Origin Policy
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000046.html
Flash Player contains an issue in implementations of the Same Origin Policy.
SoundMixer.computeSpectrum() method, included in Flash Player, contains an issue in implementations of the Same Origin Policy.
Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000046http://jvn.jp/en/jp/JVN38163638/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2038https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:flash_player2012-06-13T16:39+09:002012-06-11T15:05+09:002012-06-13T16:39+09:00Sybase EAServer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000047.html
EAServer contains a cross-site scripting vulnerability.
EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000047http://jvn.jp/en/jp/JVN47662377/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4340http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4340https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sybase:easerver2012-05-25T15:34+09:002012-05-25T15:34+09:002012-05-25T15:34+09:00RSSOwl vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000048.html
RSSOwl is vulnerable to arbitrary script execution.
RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000048http://jvn.jp/en/jp/JVN77947437/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1252http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1252https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:rssowl:rssowl2012-05-25T15:37+09:002012-05-25T15:37+09:002012-05-25T15:37+09:00Opera fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html
Opera contains an issue where it fails to verify SSL server certificates.
Opera is a web browser. Opera contains an issue where it fails to verify SSL server certificates.JVNDB-2012-000049http://jvn.jp/en/jp/JVN39707339/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1251http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1251https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_browser2012-07-26T17:31+09:002012-05-25T15:40+09:002012-07-26T17:31+09:00Roundcube Webmail vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000050.html
Roundcube webmail contains a cross-site scripting vulnerability.
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000050http://jvn.jp/en/jp/JVN21422837/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1253http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1253https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:roundcube:roundcube_webmail2012-05-25T15:43+09:002012-05-25T15:43+09:002012-05-25T15:43+09:00Logitec LAN-W300N/R series fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000051.html
Logitec LAN-W300N/R series contain an issue where access permissions are not restricted.
The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted.
Jin Sawada, Keisuke Okazaki, Naoto Katsumi of Security Engineering Laboratory, IT Security Center(ISEC), IPA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000051http://jvn.jp/en/jp/JVN85934986/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1250http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1250http://www.ipa.go.jp/security/english/vuln/201205_lan-w300n_en.htmlhttps://www.jpcert.or.jp/at/2012/at120017.htmlhttp://www.ocn.ne.jp/info/announce/2012/05/16_2.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:logitec:lan-w300n%2Fr_firmware2012-05-25T15:50+09:002012-05-25T15:50+09:002012-05-25T15:50+09:00Segue vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000052.html
Segue contains a cross-site scripting vulnerability.
Segue is a content management system. Segue contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000052http://jvn.jp/en/jp/JVN29083866/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1254http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1254https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adam_franco:segue2012-06-01T14:03+09:002012-06-01T14:03+09:002012-06-01T14:03+09:00Segue vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000053.html
Segue contains a SQL injection vulnerability.
Segue is a content management system. Segue contains a SQL injection vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000053http://jvn.jp/en/jp/JVN97995841/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1255http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1255https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adam_franco:segue2012-06-01T14:06+09:002012-06-01T14:06+09:002012-06-01T14:06+09:00Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000054.html
Puella Magi Madoka Magica iP for Android contains an information disclosure vulnerability.
Puella Magi Madoka Magica iP for Android has a function to link with a Twitter account. Puella Magi Madoka Magica iP for Android contains an issue where Twitter account credentials entered by a user are saved in a log file in plain text.
Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000054https://jvn.jp/en/jp/JVN23328321/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2630http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2630https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bandainamcogames:madomagi-ip_android2012-06-01T14:09+09:002012-06-01T14:09+09:002012-06-01T14:09+09:00@WEB ShoppingCart vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000055.html
@WEB ShoppingCart contains a cross-site scripting vulnerability.
@WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability.
Yoshinori Matsumoto of Kobe Digital Labo.,Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000055http://jvn.jp/en/jp/JVN78305073/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2631http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2631https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:atmarkweb:%40web_shoppingcart2012-06-05T14:04+09:002012-06-05T14:04+09:002012-06-05T14:04+09:00FeedDemon vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000056.html
FeedDemon is vulnerable to arbitrary script execution.
FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000056http://jvn.jp/en/jp/JVN18397171/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2634http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2634https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:newsgator:feeddemon2012-06-07T15:39+09:002012-06-07T15:39+09:002012-06-07T15:39+09:00Dolphin Browser vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000057.html
Dolphin Browser contains a vulnerability in the WebView class.
Dolphin Browser is a web browser for Android devices. Dolphin Browser HD and Dolphin for Pad contain a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000057https://jvn.jp/en/jp/JVN90751882/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2635http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2635https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dolphin-browser:dolphin_browser_hdcpe:/a:dolphin-browser:dolphin_for_pad2012-06-14T14:20+09:002012-06-14T14:20+09:002012-06-14T14:20+09:00WordPress plugin WassUp vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000058.html
The WordPress plugin WassUp contains a cross-site scripting vulnerability.
WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000058http://jvn.jp/en/jp/JVN15646988/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2633http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2633https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:wassup_wassup2012-06-06T12:29+09:002012-06-06T12:29+09:002012-06-06T12:29+09:00SEIL series fail to restrict access permissions
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000059.html
SEIL series contain an issue where access permissions are not restricted.
SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted.JVNDB-2012-000059http://jvn.jp/en/jp/JVN24646833/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2632http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2632https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:iij:seil%252fb1_firmwarecpe:/o:iij:seil%252fx1_firmwarecpe:/o:iij:seil%252fx2_firmwarecpe:/o:iij:seil%252fx86_firmware2012-06-06T12:39+09:002012-06-06T12:39+09:002012-06-06T12:39+09:00SmallPICT vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000060.html
SmallPICT contains a cross-site scripting vulnerability.
SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000060https://jvn.jp/en/jp/JVN36993373/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2638http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2638https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wap2:smallpict2012-06-19T14:00+09:002012-06-19T14:00+09:002012-06-19T14:00+09:00WEB PATIO vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000061.html
WEB PATIO contains a cross-site scripting vulnerability.
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000061https://jvn.jp/en/jp/JVN33171616/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2636http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2636https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:web_patio2012-06-19T14:31+09:002012-06-19T14:31+09:002012-06-19T14:31+09:00WEB PATIO vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000062.html
WEB PATIO contains a cross-site scripting vulnerability.
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling cookies, which may result in cross-site scripting.
Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000062http://jvn.jp/en/jp/JVN58102473/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2637http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2637https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:web_patio2012-06-19T12:35+09:002012-06-19T12:35+09:002012-06-19T12:35+09:00Python SimpleHTTPServer vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000063.html
The SimpleHTTPServer in Python contains a cross-site scripting vulnerability.
Keigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000063https://jvn.jp/en/jp/JVN51176027/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4940https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:python:pythoncpe:/a:vmware:esx2012-12-26T18:01+09:002012-06-19T14:38+09:002012-12-26T18:01+09:00Yome Collection for Android issue in management of IMEI
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000064.html
Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity (IMEI) on a SD card.
Applications without the READ_PHONE_STATE permission may obtain the IMEI from the SD card.
Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000064http://jvn.jp/en/jp/JVN05102851/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2640http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2640https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:yomecolle:nec_biglobe_yome_collection2012-07-03T14:57+09:002012-07-03T14:57+09:002012-07-03T14:57+09:00Zenphoto vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000065.html
Zenphoto contains a cross-site scripting vulnerability.
Zenphoto is a content management system (CMS). Zenphoto contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000065http://jvn.jp/en/jp/JVN59842447/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2641http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2641https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zenphoto:zenphoto2012-07-03T14:49+09:002012-07-03T14:49+09:002012-07-03T14:49+09:00Ruby hash table implementation vulnerable to denial-of-service
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000066.html
The hash table implementation in Ruby contains a denial-of-service (DoS) vulnerability.
The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service (DoS) attack may be conducted.
Tanaka Akira of National Institute of Advanced Industrial Science and Technology (AIST) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000066http://jvn.jp/en/jp/JVN90615481/index.htmlhttp://jvn.jp/cert/JVNVU692779/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4815http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4815http://www.ipa.go.jp/security/ciadr/vul/20120106-web.htmlhttp://www.kb.cert.org/vuls/id/903934https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ruby-lang:ruby2012-07-06T17:11+09:002012-07-06T17:11+09:002012-07-06T17:11+09:00Movable Type plugin MT4i vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000067.html
MT4i contains a cross-site scripting vulnerability.
MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#79111101.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000067http://jvn.jp/en/jp/JVN80835745/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2642http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2642https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hazama:mt4i2012-07-06T17:14+09:002012-07-06T17:14+09:002012-07-06T17:14+09:00YY-BOARD vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000068.html
YY-BOARD contains a cross-site scripting vulnerability.
YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000068http://jvn.jp/en/jp/JVN03582364/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2643http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2643https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:yy-board2012-07-06T17:19+09:002012-07-06T17:19+09:002012-07-06T17:19+09:00Movable Type plugin MT4i vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000069.html
MT4i contains a cross-site scripting vulnerability.
MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#80835745.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000069http://jvn.jp/en/jp/JVN79111101/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2644http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2644https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hazama:mt4i2012-07-06T17:24+09:002012-07-06T17:24+09:002012-07-06T17:24+09:00Yahoo! Browser vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000070.html
Yahoo! Browser contains a vulnerability in the WebView class.
Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000070http://jvn.jp/en/jp/JVN46088915/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2645http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2645https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yahoo_japan_yahoo_browser2012-07-20T12:12+09:002012-07-13T15:00+09:002012-07-20T12:12+09:00Sleipnir Mobile for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000071.html
Sleipnir Mobile for Android contains a vulnerability in the WebView class.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000071http://jvn.jp/en/jp/JVN88643450/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2646http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2646https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir_mobile2012-07-24T14:05+09:002012-07-24T14:05+09:002012-07-24T14:05+09:00Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000072.html
Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered.
Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000072http://jvn.jp/en/jp/JVN51769987/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2647http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2647https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yahoo_japan_yahoo_toolbar2012-08-02T16:33+09:002012-07-30T14:56+09:002012-08-02T16:33+09:00GoodReader vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000073.html
GoodReader contains a cross-site scripting vulnerability.
GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability.
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000073http://jvn.jp/en/jp/JVN01598734/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2648http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2648https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:goodiware:goodreader2012-08-02T14:46+09:002012-08-02T14:46+09:002012-08-02T14:46+09:00LINE for Android vulnerable in handling of implicit intents
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000074.html
LINE for Android contains a vulnerability in the handling of implicit intents.
LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000074http://jvn.jp/en/jp/JVN67435981/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4005http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4005https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:naver:nhn_japan_naver_line2012-08-07T13:33+09:002012-08-07T13:33+09:002012-08-07T13:33+09:00Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000075.html
Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000075http://jvn.jp/en/jp/JVN99730704/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2649http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2649https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir_mobile2012-08-08T14:39+09:002012-08-08T14:39+09:002012-08-08T14:39+09:00Sleipnir Mobile for Android vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000076.html
Sleipnir Mobile for Android contains an arbitrary script execution vulnerability.
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000076http://jvn.jp/en/jp/JVN39519659/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4004http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4004https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir_mobile2012-08-08T14:43+09:002012-08-08T14:43+09:002012-08-08T14:43+09:00Multiple GREE Android applications vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000077.html
Multiple Android applications provided by GREE contain a vulnerability in the WebView class.
Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc., Katsuhiko Sato of Japan Smartphone Security Association(JSSEC) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000077http://jvn.jp/en/jp/JVN99192898/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4006http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4006https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gree:greecpe:/a:gree:haconiwacpe:/a:gree:kaizokuoukoku_columbuscpe:/a:gree:monpuracpe:/a:gree:seisen_cerberuscpe:/a:gree:tanken_dorirandocpe:/a:gree:tsurisutacpe:/a:kddi_%26_gree:gree_market2012-08-17T15:52+09:002012-08-17T15:52+09:002012-08-17T15:52+09:00mixi for Android information management vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000078.html
mixi for Android contains an issue which stores friends' comments on a SD card.
mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card.
Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000078http://jvn.jp/en/jp/JVN92038939/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4007http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4007https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mixi:mixi2012-08-17T15:58+09:002012-08-17T15:58+09:002012-08-17T15:58+09:00Adobe Reader fails to properly handle signatures
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000079.html
Adobe Reader fails to properly handle RSA signatures.
Adobe Reader contains an issue where it may fail to properly verify RSA signatures.
Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000079https://jvn.jp/en/jp/JVN51615542/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339http://www.kb.cert.org/vuls/id/845620https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adobe:acrobat_readercpe:/a:hitachi:cosminexus_application_server_enterprisecpe:/a:hitachi:cosminexus_application_server_standardcpe:/a:hitachi:cosminexus_application_server_version_5cpe:/a:hitachi:cosminexus_developer_light_version_6cpe:/a:hitachi:cosminexus_developer_professional_version_6cpe:/a:hitachi:cosminexus_developer_standard_version_6cpe:/a:hitachi:cosminexus_developer_version_5cpe:/a:hitachi:cosminexus_server_-_enterprise_editioncpe:/a:hitachi:cosminexus_server_-_standard_editioncpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4cpe:/a:hitachi:cosminexus_server_-_web_editioncpe:/a:hitachi:cosminexus_server_-_web_edition_version_4cpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2014-05-23T18:34+09:002012-08-30T13:57+09:002014-05-23T18:34+09:00Opera address bar spoofing vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000080.html
Opera contains a vulnerability where the URL displayed in the address bar may be spoofed.
Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other.
Masahiro Yamada reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000080https://jvn.jp/en/jp/JVN69880570/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4010http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4010https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_browser2013-06-26T13:48+09:002012-08-30T14:00+09:002013-06-26T13:48+09:00Cybozu Live for Android vulnerable to arbitrary Java method execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000081.html
Cybozu Live for Android contains an arbitrary Java method execution vulnerability.
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to JPCERT/CC via the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000081https://jvn.jp/en/jp/JVN23009798/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4008http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4008https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:cybozu_live_for_android2012-09-03T10:34+09:002012-09-03T10:34+09:002012-09-03T10:34+09:00Cybozu Live for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000082.html
Cybozu Live for Android contains a vulnerability in the WebView class.
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to JPCERT/CC via the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000082https://jvn.jp/en/jp/JVN77393797/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4009http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4009https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:cybozu_live_for_android2012-09-03T10:41+09:002012-09-03T10:41+09:002012-09-03T10:41+09:00Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000083.html
Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability.
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability.JVNDB-2012-000083http://jvn.jp/en/jp/JVN23568423/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4011http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4011https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kunai2012-09-07T16:39+09:002012-09-07T16:39+09:002012-09-07T16:39+09:00Cybozu KUNAI for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000084.html
Cybozu KUNAI for Android contains a vulnerability in the WebView class.
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class.JVNDB-2012-000084http://jvn.jp/en/jp/JVN59652356/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4012http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4012https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kunai2012-09-07T16:40+09:002012-09-07T16:40+09:002012-09-07T16:40+09:00KUNAI Browser for Remote Service beta vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000085.html
KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class.
KUNAI Browser for Remote Service beta is an Android browser software for using Cybozu. KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class.JVNDB-2012-000085http://jvn.jp/en/jp/JVN03015214/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4013http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4013https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:cybozu_kunai_browser_for_remote_service_beta2012-09-13T13:51+09:002012-09-13T13:51+09:002012-09-13T13:51+09:00Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000086.html
Email Anti-virus (formerly WebShield SMTP) provided by McAfee Co., Ltd. contains a denial-of-service (DoS) vulnerability.
Email Anti-virus (formerly WebShield SMTP) provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus (formerly WebShield SMTP) contains a denial-of-service (DoS) vulnerability.
IGARASHI Eiichi of New Media Research Institute Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000086http://jvn.jp/en/jp/JVN50701493/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4014http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4014https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mcafee:email_anti-virus2012-09-20T12:31+09:002012-09-20T12:31+09:002012-09-20T12:31+09:00myLittleAdmin for SQL Server 2000 vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000087.html
myLittleAdmin for SQL Server 2000 contains a vulnerability that may allow arbitrary script execution.
myLittleAdmin for SQL server 2000 from myLittleTools is a web-based database management software.The management screen in myLittleAdmin for SQL server 2000 contains a vulnerability that may allow arbitrary script execution.
maka666 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000087http://jvn.jp/en/jp/JVN56373673/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4015http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4015https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mylittletools:mylittleadmin2012-09-20T12:33+09:002012-09-20T12:33+09:002012-09-20T12:33+09:00Safari vulnerable to local file content disclosure
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000088.html
Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure.
Masahiro YAMADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000088http://jvn.jp/en/jp/JVN42676559/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3713http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3713https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:safari2012-10-23T14:57+09:002012-10-23T14:57+09:002012-10-23T14:57+09:00ATOK for Android issue in the access permissions for the learning information file
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000089.html
ATOK for Android provided by JUST Systems, contains an issue in the access permissions for the learning information file.
ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this information to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000089http://jvn.jp/en/jp/JVN93344001/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4016http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4016https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:atok2012-09-25T13:40+09:002012-09-25T13:40+09:002012-09-25T13:40+09:00Trend Micro Control Manager vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000090.html
Trend Micro Control Manager contains a SQL injection vulnerability.
Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection.
Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000090http://jvn.jp/en/jp/JVN42014489/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2998http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2998http://www.kb.cert.org/vuls/id/950795https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:control_manager2012-09-27T12:43+09:002012-09-27T12:43+09:002012-09-27T12:43+09:00jigbrowser+ for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000091.html
jigbrowser+ for Android contains a vulnerability in the WebView class.
jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000091http://jvn.jp/en/jp/JVN86318665/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4017http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4017https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jig_jp_co:jigbrowser%2B2012-09-28T12:20+09:002012-09-28T12:20+09:002012-09-28T12:20+09:00MyWebSearch vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000092.html
MyWebSearch contains a cross-site scripting vulnerability.
MyWebSearch is a CGI script for searching within a website. MyWebSearch contains a cross-site scripting vulnerability.JVNDB-2012-000092https://jvn.jp/en/jp/JVN58160713/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4018http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4018https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:finalbeta:mywebsearch2012-10-05T16:49+09:002012-10-05T16:49+09:002012-10-05T16:49+09:00Tokyo BBS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000093.html
Tokyo BBS contains a cross-site scripting vulnerability.
Tokyo BBS provided by Come on Girls Interface contains a cross-site scripting vulnerability.
Naohiko Tsuda reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000093http://jvn.jp/en/jp/JVN00322303/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4019http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4019https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:c61:tokyo_bbs2012-10-26T14:00+09:002012-10-26T14:00+09:002012-10-26T14:00+09:00Smarty vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000094.html
Smarty contains a cross-site scripting vulnerability.
Smarty is a template engine for PHP. Smarty contains a cross-site scripting vulnerability when displaying an error message.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000094http://jvn.jp/en/jp/JVN63650108/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4437https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:smarty:smarty2012-10-10T14:45+09:002012-10-10T14:45+09:002012-10-10T14:45+09:00Mac OS X OpenSSH vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000095.html
The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service.
The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service.
MASAKI KATAYAMA of Appirits inc Cyber Security Laboratory reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
[JPCERT/CC Addendum]
This JVN publication was delayed to 2012/10/31 after the developer fix was developed. From the fiscal year 2011, JPCERT/CC is using a new vendor coordination procedure. This new procedure came from the recommendation of the fiscal year 2010 "Study Group on Information System Vulnerability Handling" aimed at more timely JVN publications.JVNDB-2012-000095http://jvn.jp/en/jp/JVN75345069/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:apple:mac_os_x2012-10-31T15:01+09:002012-10-31T15:01+09:002012-10-31T15:01+09:00MosP kintai kanri fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000096.html
MosP kintai kanri contains an issue where access permissions are not restricted.
MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an issue where access permissions are not restricted.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000096http://jvn.jp/en/jp/JVN23465354/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4020http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4020https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mosp:kintai_kanri2012-11-02T14:16+09:002012-11-02T14:16+09:002012-11-02T14:16+09:00MosP kintai kanri vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000097.html
MosP kintai kanri contains an authentication bypass vulnerability.
MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000097http://jvn.jp/en/jp/JVN52264310/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4021http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4021https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mosp:kintai_kanri2012-11-02T14:18+09:002012-11-02T14:18+09:002012-11-02T14:18+09:00Pebble vulnerability where entries may become unviewable
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000098.html
Pebble contains a vulnerability where blog entries may become unviewable due to a specially crafted comment being posted.
Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability where blog entries may become unviewable.
Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000098http://jvn.jp/en/jp/JVN75492883/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4022http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4022https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:pebble:pebble2012-11-02T14:20+09:002012-11-02T14:20+09:002012-11-02T14:20+09:00Pebble vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000099.html
Pebble contains an HTTP header injection vulnerability.
Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability.
Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000099http://jvn.jp/en/jp/JVN39563771/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4023http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4023https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:pebble:pebble2012-11-02T14:21+09:002012-11-02T14:21+09:002012-11-02T14:21+09:00Pebble vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000100.html
Pebble contains an open redirect vulnerability.
Pebble is an open source weblog system. Pebble contains an open redirect vulnerability.
Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000100http://jvn.jp/en/jp/JVN55398821/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5170http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5170https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:pebble:pebble2012-11-02T14:23+09:002012-11-02T14:23+09:002012-11-02T14:23+09:00BeZIP vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000101.html
BeZIP contains a directory traversal vulnerability.
BeZIP provided by Be Graph Co.,Ltd. is a file compression/extraction software supporting ZIP and LZH formats. BeZIP contains a directory traversal vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000101http://jvn.jp/en/jp/JVN18223913/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5171http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5171https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:be-graph:bezip2012-11-07T16:01+09:002012-11-07T16:01+09:002012-11-07T16:01+09:00Multiple Android devices vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000102.html
Multiple Android devices contains a denial-of-service (DoS) vulnerability.
Multiple Android devices contain an issue when referencing specific system area, which may lead to a denial-of-service (DoS).
Tsukasa Oi of Fourteenforty Research Institue, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000102http://jvn.jp/en/jp/JVN74829345/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:multiple_vendors2012-11-30T18:01+09:002012-11-14T15:07+09:002012-11-30T18:01+09:00Monaca Debugger for Android information management vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000103.html
Monaca Debugger for Android contains an information management vulnerability.
Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file.
KuMaGa ShiRoIHi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000103https://jvn.jp/en/jp/JVN56923652/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5172http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5172https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:asial:monaca_debugger2012-11-16T14:10+09:002012-11-16T14:10+09:002012-11-16T14:10+09:00BIGACE vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000104.html
BIGACE contains a session fixation vulnerability.
BIGACE is a content management system (CMS). BIGACE contains a session fixation vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000104http://jvn.jp/en/jp/JVN60931933/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5173http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5173https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bigace:bigace2012-11-21T14:34+09:002012-11-21T14:34+09:002012-11-21T14:34+09:00Multiple KYOCERA mobile devices may reboot during email reception
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000105.html
Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format.
Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email.
Masashi Shimizu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000105http://jvn.jp/en/jp/JVN83907168/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5174https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kyocera:ah-k3001vcpe:/h:kyocera:ah-k3002vcpe:/h:kyocera:wx300kcpe:/h:kyocera:wx310kcpe:/h:kyocera:wx320kcpe:/h:kyocera:wx320kr2012-11-30T13:58+09:002012-11-30T13:58+09:002012-11-30T13:58+09:00KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000106.html
ACCESS REPORT provided by KENT-WEB contains a cross-site scripting vulnerability.
ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#23563149.
Saeki Tominaga of KINOTROPE INC. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000106http://jvn.jp/en/jp/JVN68830017/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5175http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5175https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:access_report2012-12-06T12:40+09:002012-12-06T12:40+09:002012-12-06T12:40+09:00KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000107.html
ACCESS REPORT provided by KENT-WEB contains a cross-site scripting vulnerability.
ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.
Note that this vulnerability is different from JVN#68830017.
Masahiro YAMADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000107http://jvn.jp/en/jp/JVN23563149/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5176http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5176https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kent-web:access_report2012-12-06T12:41+09:002012-12-06T12:41+09:002012-12-06T12:41+09:00Welcart vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000108.html
Welcart contains a cross-site scripting vulnerability.
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability.
Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000108http://jvn.jp/en/jp/JVN18731696/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5177http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5177https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:collne:welcart_plugin2012-12-14T12:50+09:002012-12-14T12:50+09:002012-12-14T12:50+09:00Welcart vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000109.html
Welcart contains a cross-site request forgery vulnerability.
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability.
Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000109http://jvn.jp/en/jp/JVN53269985/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5178http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5178https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:collne:welcart_plugin2012-12-14T12:52+09:002012-12-14T12:52+09:002012-12-14T12:52+09:00WikkaWiki vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000110.html
WikkaWiki contains a cross-site scripting vulnerability.
WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000110http://jvn.jp/en/jp/JVN66596216/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wikkawiki:wikkawiki2012-12-17T12:23+09:002012-12-17T12:23+09:002012-12-17T12:23+09:00Boat Browser / Boat Browser Mini vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000111.html
Boat Browser and Boat Browser Mini contain an issue in the WebView class.
Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000111http://jvn.jp/en/jp/JVN69589791/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5179http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5179https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:boatmob:boat_broweser_boat_browsercpe:/a:boatmob:boat_browser_boat_browser_mini2012-12-20T15:00+09:002012-12-20T15:00+09:002012-12-20T15:00+09:00Opera Mini / Opera Mobile for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000112.html
Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class.
Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000112http://jvn.jp/en/jp/JVN27691264/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5180http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5180https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:opera:opera_minicpe:/a:opera:opera_mobile2012-12-28T16:13+09:002012-12-20T15:04+09:002012-12-28T16:13+09:00concrete5 vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000113.html
concrete5 contains a cross-site scripting vulnerability.
concrete5 is an open source content management system (CMS). concrete5 contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000113http://jvn.jp/en/jp/JVN65458431/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5181http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5181https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:concrete5:concrete52013-02-20T16:10+09:002012-12-21T12:41+09:002013-02-20T16:10+09:00Loctouch for Android vulnerable in handling of implicit intents
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000114.html
Loctouch for Android contains a vulnerability in the handling of implicit intents.
Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000114http://jvn.jp/en/jp/JVN42625179/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5182http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5182https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:naver:loctouch2012-12-21T12:29+09:002012-12-21T12:29+09:002012-12-21T12:29+09:00Loctouch for Android information management vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000115.html
Loctouch for Android contains an information management vulnerability.
Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-000115http://jvn.jp/en/jp/JVN33159152/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5183http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5183https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:naver:loctouch2012-12-21T12:37+09:002012-12-21T12:37+09:002012-12-21T12:37+09:00Hitachi IT Operations Analyzer Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001189.html
Hitachi IT Operations Analyzer contains a cross-site scripting vulnerability.JVNDB-2012-001189http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0917http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0917https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:it_operations_analyzer2012-01-27T10:37+09:002012-01-27T10:37+09:002012-01-27T10:37+09:00Hitachi IT Operations Director Cross-Site Scripting Vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001190.html
Hitachi IT Operations Director contains a cross-site scripting vulnerability.JVNDB-2012-001190http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0919http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0919https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:it_operations_director2012-01-27T10:38+09:002012-01-27T10:38+09:002012-01-27T10:38+09:00Arbitrary Code Execution Vulnerability in Hitachi COBOL2002
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001191.html
Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite contain a vulnerability where arbitrary code may be executed.JVNDB-2012-001191http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0918http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0918https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cobol2002_net_client_suitecpe:/a:hitachi:cobol2002_net_developercpe:/a:hitachi:cobol2002_net_server_suite2012-01-27T10:44+09:002012-01-27T10:44+09:002012-01-27T10:44+09:00JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001793.html
JP1/Cm2/Network Node Manager i (NNMi) contains vulnerabilities could allow a remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. JVNDB-2012-001793https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2012-03-19T12:04+09:002012-03-19T12:04+09:002012-03-19T12:04+09:00Vulnerability in Fujitsu Interstage List Works Where Permissions Cannot Be Denied
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001932.html
Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on the lists.JVNDB-2012-001932https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_list_works2012-04-11T11:45+09:002012-04-11T11:45+09:002012-04-11T11:45+09:00WordPress vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-002110.html
WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library.
ma.la reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2012-002110https://jvn.jp/en/jp/JVN25280162/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2399http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2399https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wordpress:wordpress2013-07-26T13:33+09:002013-07-26T13:33+09:002013-07-26T13:33+09:00Arbitrary Code Execution Vulnerability in Hitachi COBOL GUI Option on Windows
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-002377.html
Hitachi COBOL GUI Option on Windows contains a vulnerability where arbitrary code may be executed.
This problem does not occur when only the following runtime products are solely used.
COBOL GUI Option Run Time System Version 6
COBOL GUI Option Server Run Time System Version 6
COBOL GUI Option Run Time System Version 7
COBOL GUI Option Server Run Time System Version 7
COBOL GUI Option Run Time System
COBOL GUI Option Server Run Time SystemJVNDB-2012-002377http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4274http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4274https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:cobol_gui_option2012-05-15T15:14+09:002012-05-15T15:14+09:002012-05-15T15:14+09:00Privilege escalation vulnerability in Hitachi JP1/NETM/DM
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-003244.html
The package setup manager in Hitachi JP1/NETM/DM contains an privilege escalation vulnerability.JVNDB-2012-003244https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_software_distribution_clientcpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:jp1_netm-dm_managercpe:/a:hitachi:jp1_netm_dm_client2012-07-23T17:13+09:002012-07-23T17:13+09:002012-07-23T17:13+09:00Cross-site Scripting Vulnerability in JP1/Integrated Management - Service Support
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-003525.html
A cross-site scripting vulnerability was found in JP1/Integrated Management - Service Support.JVNDB-2012-003525https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_integrated_management2012-08-10T15:05+09:002012-08-10T15:05+09:002012-08-10T15:05+09:00Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-005201.html
Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities.
* FTP Bounce Attack in PASV mode
* Buffer overflow at file transmission
* Defect of the account information check in user authenticationJVNDB-2012-005201https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_file_transmission_server_ftp2012-11-26T18:01+09:002012-11-05T17:58+09:002012-11-26T18:01+09:00Hitachi Device Manager Software Denial of Service (DoS) Vulnerability
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-005485.html
Hitachi Device Manager Software (HDvM) contains a denial of service (abend) vulnerability when receiving a large amount of data at once.
If HDvM exits abnormally, users will be able to resume using the software by restarting the HDvM service or daemon.JVNDB-2012-005485https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:device_manager2012-11-29T14:48+09:002012-11-29T14:48+09:002012-11-29T14:48+09:00Denial of Service (DoS) Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-005486.html
JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability that could allow a remote attacker to cause a denial of service (DoS) condition.JVNDB-2012-005486https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_automatic_job_management_system_2cpe:/a:hitachi:jp1_automatic_job_management_system_32012-11-29T15:23+09:002012-11-29T15:23+09:002012-11-29T15:23+09:00Cross-site Scripting Vulnerability in Collaboration - Bulletin board in Multiple Hitachi Products
https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-005827.html
A cross-site scripting vulnerability has been found in Collaboration - Bulletin board in multiple Hitachi products.JVNDB-2012-005827https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_clientcpe:/a:hitachi:ucosminexus_collaboration_portal2012-12-28T16:43+09:002012-12-28T16:43+09:002012-12-28T16:43+09:00