Search criteria
9 vulnerabilities by Digital Arts Inc.
CVE-2025-57846 (GCVE-0-2025-57846)
Vulnerability from cvelistv5 – Published: 2025-08-27 05:28 – Updated: 2025-08-27 14:52
VLAI?
Summary
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Severity ?
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to 6.00.55
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:47:59.700143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:52:39.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.10.55"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 4.93.R11"
}
]
},
{
"product": "FENCE-Mobile RemoteManager i-FILTER Browser Service",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T05:28:42.925Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN55678602/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-57846",
"datePublished": "2025-08-27T05:28:42.925Z",
"dateReserved": "2025-08-21T04:04:10.182Z",
"dateUpdated": "2025-08-27T14:52:39.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47149 (GCVE-0-2025-47149)
Vulnerability from cvelistv5 – Published: 2025-05-23 09:09 – Updated: 2025-05-23 12:31
VLAI?
Summary
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition.
Severity ?
5.3 (Medium)
CWE
- CWE-348 - Use of less trusted source
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.10.50R01 to Ver.10.67R02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T12:31:23.795831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:31:36.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.10.50R01 to Ver.10.67R02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The optional feature \u0027Anti-Virus \u0026 Sandbox\u0027 of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "Use of less trusted source",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T09:09:37.277Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://download.daj.co.jp/support/detail/?page=releasenote_content\u0026division=6\u0026id=1057"
},
{
"url": "https://jvn.jp/en/jp/JVN68079883/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-47149",
"datePublished": "2025-05-23T09:09:37.277Z",
"dateReserved": "2025-05-20T13:35:31.600Z",
"dateUpdated": "2025-05-23T12:31:36.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22278 (GCVE-0-2023-22278)
Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-04 18:38
VLAI?
Summary
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
Severity ?
5.3 (Medium)
CWE
- Authentication bypass
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | m-FILTER Ver.5 Series and Ver.4 Series |
Affected:
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T18:38:12.014782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T18:38:15.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "m-FILTER Ver.5 Series and Ver.4 Series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users\u0027 unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22278",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-04-04T18:38:15.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21170 (GCVE-0-2022-21170)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
VLAI?
Summary
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
Severity ?
No CVSS data available.
CWE
- Improper check for certificate revocation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER |
Affected:
i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check for certificate revocation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:37",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"version": {
"version_data": [
{
"version_value": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for certificate revocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.daj.co.jp/user/ifilter/V10/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"name": "https://download.daj.co.jp/user/ifb/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V4/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V3/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"name": "https://jvn.jp/en/jp/JVN33214411/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21170",
"datePublished": "2022-03-07T09:00:37",
"dateReserved": "2022-01-31T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16180 (GCVE-0-2018-16180)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16180",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16181 (GCVE-0-2018-16181)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- HTTP header injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16181",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10858 (GCVE-0-2017-10858)
Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | "i-filter 6.0 install program" |
Affected:
file version 1.0.8.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"i-filter 6.0 install program\"",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "file version 1.0.8.1 and earlier"
}
]
}
],
"datePublic": "2017-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 install program\" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"i-filter 6.0 install program\"",
"version": {
"version_data": [
{
"version_value": "file version 1.0.8.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 install program\" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.daj.jp/cs/info/2017/0912/",
"refsource": "MISC",
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10858",
"datePublished": "2017-09-15T17:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10859 (GCVE-0-2017-10859)
Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | "i-filter 6.0 installer" |
Affected:
timestamp of code signing is before 23 Aug 2017 (JST)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"i-filter 6.0 installer\"",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
],
"datePublic": "2017-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"i-filter 6.0 installer\"",
"version": {
"version_data": [
{
"version_value": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.daj.jp/cs/info/2017/0912/",
"refsource": "MISC",
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10859",
"datePublished": "2017-09-15T17:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10860 (GCVE-0-2017-10860)
Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | "i-filter 6.0 installer" |
Affected:
timestamp of code signing is before 23 Aug 2017 (JST)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "100916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100916"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"i-filter 6.0 installer\"",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
],
"datePublic": "2017-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "100916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100916"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"i-filter 6.0 installer\"",
"version": {
"version_data": [
{
"version_value": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.daj.jp/cs/info/2017/0912/",
"refsource": "MISC",
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "100916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100916"
},
{
"name": "JVN#75929834",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10860",
"datePublished": "2017-09-15T17:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}