6 matches found
Cleartext transmission issue in TONE store App to TONE store
Overview TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Kodai Karakawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
Unlimited Sitemap Generator vulnerable to cross-site request forgery
Overview Unlimited Sitemap Generator provided by XML-Sitemaps contains a cross-site request forgery vulnerability CWE-352. Kanta Nishitani of Ierae Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
Multiple Hikari Denwa routers vulnerable to cross-site request forgery
Overview Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability CWE-352. Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...
PHP for Windows vulnerable to OS command injection
Overview PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Specifying a specially craft...
ATOK for Android issue in the access permissions for the learning information file
Overview ATOK for Android provided by JUST Systems, contains an issue in the access permissions for the learning information file. ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings. Gaku...
Active! mail 6 vulnerable to HTTP header injection
Overview Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability. Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA...