JVN#68819526: "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates

"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

JVN#74547976: Fumy Teacher's Schedule Board vulnerable to cross-site scripting

Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest...

Vulnerability in the jBCrypt key stretching process

Overview jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Norito AGETSUMA reported this...

JVN#30135729: SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution

Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Impact Arbitrary code may be executed on the server. Solution Update the Software Update to the latest version according to the information provided by th...

AL-Mail32 vulnerable to denial-of-service (DoS)

Overview AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a denial-of-service DoS vulnerability due to a flaw in processing attachments. Yosuka HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

C-BOARD Moyuku vulnerable to arbitrary file creation

Overview C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a vulnerability that may allow a remote attacker to create arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Saurus CMS Community Edition vulnerable to cross-site scripting

Overview Saurus CMS Community Edition is open source software to manage and build websites. Saurus CMS Community Edition contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT Com Security reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...

PT-2015-08: Bypass Anti-Bruteforce Mechanism in Inductive Automation Ignition

The specialists of the Positive Research center have detected a Bypass Anti-Bruteforce Mechanism vulnerability in Inductive Automation Ignition. The mechanism of blocking bruteforce attacks could be bypassed with resetting session id parameter in HTTP request. The mechanism blocking bruteforce...

Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)

Overview Remote Service Manager contains a denial-of-service DoS vulnerability. Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Note...

Fumy News Clipper vulnerable to cross-site scripting

Overview Fumy News Clipper provided by Nishishi Factory contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

JVN#88559134: SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal

Download Log CGI provided by SYNCK GRAPHICA contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files on the server. Solution Update the Software Update to the latest version according to the informatio...

PT-2016-05: Arbitrary Code Execution in Advantech WebAccess

The specialists of the Positive Research center have detected an Arbitrary Code Execution vulnerability in Advantech WebAccess. A browser plug-in for Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code. How to fix Update your software up to the latest version Advisory...

DSA-3079-1 ppp - security update

Bulletin has no description...

WordPress <= 4.0.0 - Multiple Vulnerabilities #2

Because of multiple vulnerabilities in WordPress 4.0.0 and previous versions, the attackers can obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. Related records:...

SumaHo for Android fails to verify SSL/TLS server certificates

Overview SumaHo for Android fails to verify SSL/TLS server certificates. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an...

DSA-3052-1 wpa - security update

Bulletin has no description...

Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates

Overview Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN. JPCERT/CC coordinated with Yahoo Japan...

JVN#36205251: 365 Links series vulnerable to cross-site scripting

365 Links series provided by php365.com are link directory management tools. 365 Links series contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information...

Help Page in multiple Adobe products vulnerable to cross-site scripting

Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

WisePoint vulnerable to session fixation

Overview WisePoint provided by Falcon System Consulting, Inc. contains a session fixation vulnerability. Hiroki Ikemoto of NTT SOFT SERVICE Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker m...