Search criteria
11 vulnerabilities found for i-FILTER by Digital Arts Inc.
JVNDB-2025-000066
Vulnerability from jvndb - Published: 2025-08-27 19:50 - Updated:2025-09-29 13:45
Severity ?
Summary
Improper file access permission settings in multiple i-FILTER products
Details
Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability.
- Incorrect default permissions (CWE-276) - CVE-2025-57846
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000066.html",
"dc:date": "2025-09-29T13:45+09:00",
"dcterms:issued": "2025-08-27T19:50+09:00",
"dcterms:modified": "2025-09-29T13:45+09:00",
"description": "Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2025-57846\u003c/li\u003e\u003c/ul\u003e\r\n\r\nKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000066.html",
"sec:cpe": [
{
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_browser_%26_cloud_multiagent",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000066",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55678602/index.html",
"@id": "JVN#55678602",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-57846",
"@id": "CVE-2025-57846",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper file access permission settings in multiple i-FILTER products"
}
JVNDB-2025-000033
Vulnerability from jvndb - Published: 2025-05-23 15:36 - Updated:2025-05-23 15:36
Severity ?
Summary
Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'
Details
The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly.
- Improper pattern file validation (CWE-348) - CVE-2025-47149
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000033.html",
"dc:date": "2025-05-23T15:36+09:00",
"dcterms:issued": "2025-05-23T15:36+09:00",
"dcterms:modified": "2025-05-23T15:36+09:00",
"description": "The optional feature \u0027Anti-Virus \u0026 Sandbox\u0027 of i-FILTER provided by Digital Arts Inc. validates pattern files improperly.\r\n\u003cul\u003e\u003cli\u003eImproper pattern file validation (CWE-348) - CVE-2025-47149\u003c/li\u003e\u003c/ul\u003e\r\nDigital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000033.html",
"sec:cpe": {
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000033",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN68079883/index.html",
"@id": "JVN#68079883",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-47149",
"@id": "CVE-2025-47149",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper pattern file validation in i-FILTER optional feature \u0027Anti-Virus \u0026 Sandbox\u0027"
}
JVNDB-2022-000008
Vulnerability from jvndb - Published: 2022-03-04 14:12 - Updated:2022-03-04 14:12
Severity ?
Summary
i-FILTER vulnerable to improper check for certificate revocation
Details
i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation (CWE-299) .
Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000008.html",
"dc:date": "2022-03-04T14:12+09:00",
"dcterms:issued": "2022-03-04T14:12+09:00",
"dcterms:modified": "2022-03-04T14:12+09:00",
"description": "i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation (CWE-299) .\r\n\r\nDigital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000008.html",
"sec:cpe": [
{
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_browser_%26_cloud_multiagent",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000008",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN33214411/index.html",
"@id": "JVN#33214411",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-21170",
"@id": "CVE-2022-21170",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-21170",
"@id": "CVE-2022-21170",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "i-FILTER vulnerable to improper check for certificate revocation"
}
JVNDB-2018-000129
Vulnerability from jvndb - Published: 2018-12-07 14:30 - Updated:2019-08-27 11:45
Severity ?
Summary
Multiple vulnerabilities in i-FILTER
Details
i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2018-16180
* HTTP header injection (CWE-113) - CVE-2018-16181
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000129.html",
"dc:date": "2019-08-27T11:45+09:00",
"dcterms:issued": "2018-12-07T14:30+09:00",
"dcterms:modified": "2019-08-27T11:45+09:00",
"description": "i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below.\r\n* Cross-site scripting (CWE-79) - CVE-2018-16180\r\n* HTTP header injection (CWE-113) - CVE-2018-16181\r\n\r\nKeigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000129.html",
"sec:cpe": {
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000129",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN32155106/index.html",
"@id": "JVN#32155106",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16180",
"@id": "CVE-2018-16180",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16181",
"@id": "CVE-2018-16181",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16180",
"@id": "CVE-2018-16180",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16181",
"@id": "CVE-2018-16181",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in i-FILTER"
}
JVNDB-2017-000223
Vulnerability from jvndb - Published: 2017-09-29 13:54 - Updated:2017-09-29 13:54
Severity ?
Summary
Install program and Installer of i-filter 6.0 may insecurely load Dynamic Link Libraries and invoke executable files
Details
i-filter 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-filter 6.0 install program and installer contain the following vulnerabilities.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000223.html",
"dc:date": "2017-09-29T13:54+09:00",
"dcterms:issued": "2017-09-29T13:54+09:00",
"dcterms:modified": "2017-09-29T13:54+09:00",
"description": "i-filter 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-filter 6.0 install program and installer contain the following vulnerabilities. \r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000223.html",
"sec:cpe": {
"#text": "cpe:/a:daj:i-filter_installer",
"@product": "i-filter",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000223",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75929834/index.html",
"@id": "JVN#75929834",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10858",
"@id": "CVE-2017-10858",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10859",
"@id": "CVE-2017-10859",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10860",
"@id": "CVE-2017-10860",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10858",
"@id": "CVE-2017-10858",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10859",
"@id": "CVE-2017-10859",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10860",
"@id": "CVE-2017-10860",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Install program and Installer of i-filter 6.0 may insecurely load Dynamic Link Libraries and invoke executable files"
}
CVE-2025-47149 (GCVE-0-2025-47149)
Vulnerability from cvelistv5 – Published: 2025-05-23 09:09 – Updated: 2025-05-23 12:31
VLAI?
Summary
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition.
Severity ?
5.3 (Medium)
CWE
- CWE-348 - Use of less trusted source
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.10.50R01 to Ver.10.67R02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T12:31:23.795831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:31:36.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.10.50R01 to Ver.10.67R02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The optional feature \u0027Anti-Virus \u0026 Sandbox\u0027 of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "Use of less trusted source",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T09:09:37.277Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://download.daj.co.jp/support/detail/?page=releasenote_content\u0026division=6\u0026id=1057"
},
{
"url": "https://jvn.jp/en/jp/JVN68079883/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-47149",
"datePublished": "2025-05-23T09:09:37.277Z",
"dateReserved": "2025-05-20T13:35:31.600Z",
"dateUpdated": "2025-05-23T12:31:36.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16180 (GCVE-0-2018-16180)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16180",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16181 (GCVE-0-2018-16181)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- HTTP header injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16181",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47149 (GCVE-0-2025-47149)
Vulnerability from nvd – Published: 2025-05-23 09:09 – Updated: 2025-05-23 12:31
VLAI?
Summary
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition.
Severity ?
5.3 (Medium)
CWE
- CWE-348 - Use of less trusted source
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.10.50R01 to Ver.10.67R02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T12:31:23.795831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:31:36.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.10.50R01 to Ver.10.67R02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The optional feature \u0027Anti-Virus \u0026 Sandbox\u0027 of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "Use of less trusted source",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T09:09:37.277Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://download.daj.co.jp/support/detail/?page=releasenote_content\u0026division=6\u0026id=1057"
},
{
"url": "https://jvn.jp/en/jp/JVN68079883/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-47149",
"datePublished": "2025-05-23T09:09:37.277Z",
"dateReserved": "2025-05-20T13:35:31.600Z",
"dateUpdated": "2025-05-23T12:31:36.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16180 (GCVE-0-2018-16180)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16180",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16181 (GCVE-0-2018-16181)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- HTTP header injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16181",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}