SetucoCMS vulnerable to code injection

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact Arbitrary code...

[SECURITY] Fedora 25 Update: irssi-0.8.20-1.fc25

Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained...

yoyaku_v41 vulnerable to OS command injection

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

yoyaku_v41 vulnerable to authentication bypass

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

WordPress theme flashy vulnerable to cross-site scripting

Overview flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user'...

i-HTTPD vulnerable to cross-site scripting

Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Note that this vulnerability is different from JVN89613370. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...

"File Upload BBS" of i-HTTPD vulnerable to remote command execution

Overview i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Yamagata of webappsec.jp reported...

BirdBlog vulnerable to cross-site scripting

Overview BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

Bump for Android vulnerable in handling of implicit intents

Overview Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...