Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by jig.jp co., ltd.
JVNDB-2014-000108
Vulnerability from jvndb - Published: 2014-09-25 14:52 - Updated:2014-09-29 11:47Summary
jigbrowser+ for iOS same origin policy bypass
Details
jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy.
Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000108.html",
"dc:date": "2014-09-29T11:47+09:00",
"dcterms:issued": "2014-09-25T14:52+09:00",
"dcterms:modified": "2014-09-29T11:47+09:00",
"description": "jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy.\r\n\r\nToshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000108.html",
"sec:cpe": {
"#text": "cpe:/a:jig_jp_co:jigbrowser%2B",
"@product": "jigbrowser+",
"@vendor": "jig.jp co., ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000108",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN80531230/index.html",
"@id": "JVN#80531230",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5318",
"@id": "CVE-2014-5318",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5318",
"@id": "CVE-2014-5318",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "jigbrowser+ for iOS same origin policy bypass"
}
JVNDB-2013-000047
Vulnerability from jvndb - Published: 2013-05-29 15:32 - Updated:2013-05-29 15:32Summary
Content Provider in MovatwiTouch fails to restrict access permissions
Details
MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted.
Masata Nishida of Advanced Research Laboratory, SecureBrain Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000047.html",
"dc:date": "2013-05-29T15:32+09:00",
"dcterms:issued": "2013-05-29T15:32+09:00",
"dcterms:modified": "2013-05-29T15:32+09:00",
"description": "MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted.\r\n\r\nMasata Nishida of Advanced Research Laboratory, SecureBrain Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000047.html",
"sec:cpe": [
{
"#text": "cpe:/a:jig_jp_co:movatwitouch",
"@product": "MovatwiTouch",
"@vendor": "jig.jp co., ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:jig_jp_co:movatwitouch_paid",
"@product": "MovatwiTouch Paid Version",
"@vendor": "jig.jp co., ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000047",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN90289505/index.html",
"@id": "JVN#90289505",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2318",
"@id": "CVE-2013-2318",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2318",
"@id": "CVE-2013-2318",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Content Provider in MovatwiTouch fails to restrict access permissions"
}
JVNDB-2013-000036
Vulnerability from jvndb - Published: 2013-04-26 15:05 - Updated:2013-04-26 15:05Summary
jigbrowser+ for Android vulnerable to address bar spoofing
Details
jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed.
Keita Haga of keitahaga.com reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000036.html",
"dc:date": "2013-04-26T15:05+09:00",
"dcterms:issued": "2013-04-26T15:05+09:00",
"dcterms:modified": "2013-04-26T15:05+09:00",
"description": "jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed.\r\n\r\nKeita Haga of keitahaga.com reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000036.html",
"sec:cpe": {
"#text": "cpe:/a:jig_jp_co:jigbrowser%2B",
"@product": "jigbrowser+",
"@vendor": "jig.jp co., ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000036",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01313594/index.html",
"@id": "JVN#01313594",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2306",
"@id": "CVE-2013-2306",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2306",
"@id": "CVE-2013-2306",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "jigbrowser+ for Android vulnerable to address bar spoofing"
}
JVNDB-2012-000091
Vulnerability from jvndb - Published: 2012-09-28 12:20 - Updated:2012-09-28 12:20Summary
jigbrowser+ for Android vulnerable in the WebView class
Details
jigbrowser+ for Android contains a vulnerability in the WebView class.
jigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000091.html",
"dc:date": "2012-09-28T12:20+09:00",
"dcterms:issued": "2012-09-28T12:20+09:00",
"dcterms:modified": "2012-09-28T12:20+09:00",
"description": "jigbrowser+ for Android contains a vulnerability in the WebView class.\r\n\r\njigbrowser+ is a web browser for a smartphone. jigbrowser+ for Android contains a vulnerability in the WebView class.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000091.html",
"sec:cpe": {
"#text": "cpe:/a:jig_jp_co:jigbrowser%2B",
"@product": "jigbrowser+",
"@vendor": "jig.jp co., ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000091",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN86318665/index.html",
"@id": "JVN#86318665",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4017",
"@id": "CVE-2012-4017",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4017",
"@id": "CVE-2012-4017",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "jigbrowser+ for Android vulnerable in the WebView class"
}