Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by jig.jp co., ltd.

    JVNDB-2014-000108

    Vulnerability from jvndb - Published: 2014-09-25 14:52 - Updated:2014-09-29 11:47
    Severity
    N/A (UNKNOWN) - -
    Summary
    jigbrowser+ for iOS same origin policy bypass
    Details
    jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000108.html",
      "dc:date": "2014-09-29T11:47+09:00",
      "dcterms:issued": "2014-09-25T14:52+09:00",
      "dcterms:modified": "2014-09-29T11:47+09:00",
      "description": "jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy.\r\n\r\nToshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000108.html",
      "sec:cpe": {
        "#text": "cpe:/a:jig_jp_co:jigbrowser%2B",
        "@product": "jigbrowser+",
        "@vendor": "jig.jp co., ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000108",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN80531230/index.html",
          "@id": "JVN#80531230",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5318",
          "@id": "CVE-2014-5318",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5318",
          "@id": "CVE-2014-5318",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "jigbrowser+ for iOS same origin policy bypass"
    }

    JVNDB-2013-000047

    Vulnerability from jvndb - Published: 2013-05-29 15:32 - Updated:2013-05-29 15:32
    Severity
    N/A (UNKNOWN) - -
    Summary
    Content Provider in MovatwiTouch fails to restrict access permissions
    Details
    MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted. Masata Nishida of Advanced Research Laboratory, SecureBrain Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000047.html",
      "dc:date": "2013-05-29T15:32+09:00",
      "dcterms:issued": "2013-05-29T15:32+09:00",
      "dcterms:modified": "2013-05-29T15:32+09:00",
      "description": "MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted.\r\n\r\nMasata Nishida of Advanced Research Laboratory, SecureBrain Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000047.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:jig_jp_co:movatwitouch",
          "@product": "MovatwiTouch",
          "@vendor": "jig.jp co., ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:jig_jp_co:movatwitouch_paid",
          "@product": "MovatwiTouch Paid Version",
          "@vendor": "jig.jp co., ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000047",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN90289505/index.html",
          "@id": "JVN#90289505",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2318",
          "@id": "CVE-2013-2318",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2318",
          "@id": "CVE-2013-2318",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Content Provider in MovatwiTouch fails to restrict access permissions"
    }

    JVNDB-2013-000036

    Vulnerability from jvndb - Published: 2013-04-26 15:05 - Updated:2013-04-26 15:05
    Severity
    N/A (UNKNOWN) - -
    Summary
    jigbrowser+ for Android vulnerable to address bar spoofing
    Details
    jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000036.html",
      "dc:date": "2013-04-26T15:05+09:00",
      "dcterms:issued": "2013-04-26T15:05+09:00",
      "dcterms:modified": "2013-04-26T15:05+09:00",
      "description": "jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000036.html",
      "sec:cpe": {
        "#text": "cpe:/a:jig_jp_co:jigbrowser%2B",
        "@product": "jigbrowser+",
        "@vendor": "jig.jp co., ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000036",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN01313594/index.html",
          "@id": "JVN#01313594",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2306",
          "@id": "CVE-2013-2306",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2306",
          "@id": "CVE-2013-2306",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "jigbrowser+ for Android vulnerable to address bar spoofing"
    }

    JVNDB-2012-000091

    Vulnerability from jvndb - Published: 2012-09-28 12:20 - Updated:2012-09-28 12:20
    Severity
    N/A (UNKNOWN) - -
    Summary
    jigbrowser+ for Android vulnerable in the WebView class
    Details
    jigbrowser+ for Android contains a vulnerability in the WebView class. jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000091.html",
      "dc:date": "2012-09-28T12:20+09:00",
      "dcterms:issued": "2012-09-28T12:20+09:00",
      "dcterms:modified": "2012-09-28T12:20+09:00",
      "description": "jigbrowser+ for Android contains a vulnerability in the WebView class.\r\n\r\njigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000091.html",
      "sec:cpe": {
        "#text": "cpe:/a:jig_jp_co:jigbrowser%2B",
        "@product": "jigbrowser+",
        "@vendor": "jig.jp co., ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2012-000091",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN86318665/index.html",
          "@id": "JVN#86318665",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4017",
          "@id": "CVE-2012-4017",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4017",
          "@id": "CVE-2012-4017",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "jigbrowser+ for Android vulnerable in the WebView class"
    }