16 matches found
WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability via wp-mail.php discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability
Sender’s Email Address Exposure vulnerability via wp-mail.php was discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in the WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...
WordPress Modern Events Calendar Lite plugin < 6.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tsutomu Aramaki Mitsui Bussan Secure Directions, Inc in WordPress Modern Events Calendar Lite plugin versions 6.3.0. Solution Fixed in version 6.3.0, but the plugin is closed. This plugin has been closed as of May 11, 2022...
AttacheCase may insecurely load Dynamic Link Libraries
Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...
WordPress Booking Package plugin <= 1.5.10 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Gen Sato Mitsui Bussan Secure Directions, Inc in WordPress Booking Package plugin versions = 1.5.10. Solution Update the WordPress Booking Package plugin to the latest available version at least 1.5.11...
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Impact Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like https://example.org is not in the portal. But the url https:example.org without slashes tricks our code and it is considered to be in the portal. When...
GROWI vulnerable to cross-site scripting
Overview GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
WordPress Simple Download Monitor plugin <= 3.8.8 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...
WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...
WordPress Simple Download Monitor plugin <= 3.8.8 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...
Simple Download Monitor < 3.8.9 - Unauthenticated Cross-Site Scripting
Gen Sato of Mitsui Bussan Secure Directions, discovered an unauthenticated Cross-Site Scripting issue...
Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
CakePHP 2.3.7 / 2.2.8 Local File Inclusion
CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...
ATOK for Android issue in the access permissions for the learning information file
Overview ATOK for Android provided by JUST Systems, contains an issue in the access permissions for the learning information file. ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings. Gaku...
WEB FORUM vulnerable to cross-site scripting
Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui...
Multiple Tor World CGI scripts vulnerable to arbitrary script execution
Overview Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to...