Refine your search
4 vulnerabilities found for Aipo by Aimluck,Inc
jvndb-2011-000063
Vulnerability from jvndb
Published
2011-08-16 16:44
Modified
2011-08-16 16:44
Summary
Aipo vulnerable to SQL injection
Details
Aipo contains a SQL injection vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability.
Tsuyoshi Yamaguchi of Digiplate, inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000063.html",
"dc:date": "2011-08-16T16:44+09:00",
"dcterms:issued": "2011-08-16T16:44+09:00",
"dcterms:modified": "2011-08-16T16:44+09:00",
"description": "Aipo contains a SQL injection vulnerability.\r\n\r\nAipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability.\r\n\r\nTsuyoshi Yamaguchi of Digiplate, inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000063.html",
"sec:cpe": [
{
"#text": "cpe:/a:aimluck:aipo",
"@product": "Aipo",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
},
{
"#text": "cpe:/a:aimluck:aipo_asp",
"@product": "Aipo ASP",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000063",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN31506102/index.html",
"@id": "JVN#31506102",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1342",
"@id": "CVE-2011-1342",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1342",
"@id": "CVE-2011-1342",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Aipo vulnerable to SQL injection"
}
jvndb-2011-000062
Vulnerability from jvndb
Published
2011-08-16 16:41
Modified
2011-08-16 16:41
Summary
Aipo vulnerable to cross-site request forgery
Details
Aipo contains a cross-site request forgery vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000062.html",
"dc:date": "2011-08-16T16:41+09:00",
"dcterms:issued": "2011-08-16T16:41+09:00",
"dcterms:modified": "2011-08-16T16:41+09:00",
"description": "Aipo contains a cross-site request forgery vulnerability.\r\n\r\nAipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability.\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000062.html",
"sec:cpe": [
{
"#text": "cpe:/a:aimluck:aipo",
"@product": "Aipo",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
},
{
"#text": "cpe:/a:aimluck:aipo_asp",
"@product": "Aipo ASP",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000062",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN72854072/index.html",
"@id": "JVN#72854072",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1341",
"@id": "CVE-2011-1341",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1341",
"@id": "CVE-2011-1341",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Aipo vulnerable to cross-site request forgery"
}
jvndb-2011-000003
Vulnerability from jvndb
Published
2011-01-13 11:53
Modified
2011-01-13 11:53
Summary
Aipo vulnerable to SQL injection
Details
Aipo contains SQL injection vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000003.html",
"dc:date": "2011-01-13T11:53+09:00",
"dcterms:issued": "2011-01-13T11:53+09:00",
"dcterms:modified": "2011-01-13T11:53+09:00",
"description": "Aipo contains SQL injection vulnerability.\r\n\r\nAipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000003.html",
"sec:cpe": [
{
"#text": "cpe:/a:aimluck:aipo",
"@product": "Aipo",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
},
{
"#text": "cpe:/a:aimluck:aipo_asp",
"@product": "Aipo ASP",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000003",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50704770/index.html",
"@id": "JVN#50704770",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3924",
"@id": "CVE-2010-3924",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3924",
"@id": "CVE-2010-3924",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42860",
"@id": "SA42860",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/45755",
"@id": "45755",
"@source": "BID"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Aipo vulnerable to SQL injection"
}
jvndb-2007-000729
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Aipo session fixation vulnerability
Details
Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability.
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000729.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability.\r\n\r\nAipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000729.html",
"sec:cpe": [
{
"#text": "cpe:/a:aimluck:aipo",
"@product": "Aipo",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
},
{
"#text": "cpe:/a:aimluck:aipo_asp",
"@product": "Aipo ASP",
"@vendor": "Aimluck,Inc",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000729",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN70075625/index.html",
"@id": "JVN#70075625",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5154",
"@id": "CVE-2007-5154",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5154",
"@id": "CVE-2007-5154",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27004/",
"@id": "SA27004",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25843",
"@id": "25843",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36850",
"@id": "36850",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-362",
"@title": "Race Condition(CWE-362)"
}
],
"title": "Aipo session fixation vulnerability"
}