JVN#27702217: Ameba for Android contains an issue where it fails to verify SSL server certificates

Ameba for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the develope...

WordPress Auld Theme - Remote Code Execution

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

WordPress Metro Theme - File Upload Arbitrary Code Execution

A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress Metro theme. Solution Update the theme...

WordPress Local Places Theme - Remote Code Execution

Because of this vulnerability, the attackers can execute arbitrary commands via unspecified vectors. Solution Update the theme...

WordPress Caulk Theme - Full Path Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...

WordPress Drawar Theme - Remote Code Execution

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

JVN#22534185: ServerView Operations Manager vulnerable to cross-site scripting

ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

WordPress Pinshop Theme - File Upload Arbitrary Code Execution

A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress Pinshop theme. Solution Update the theme...

PerlMailer vulnerable to cross-site scripting

Overview PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...

Multifunctional MailForm Free vulnerable to cross-site scripting

Overview Multifunctional MailForm Free provided by PHP Kobo contains a cross-site scripting vulnerability. Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting. Impact By opening a specially crafted HTML document, an arbitrary...

Cybozu Garoon 3 API access restriction bypass vulnerability

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest...

JVN#80006084: Web Kyukincho vulnerable to cross-site scripting

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest...

Webmin vulnerable to cross-site scripting

Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#61247051: OpenSSL improper handling of Change Cipher Spec message

OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key material during the initial SSL/TLS handshake CWE-325. Impact SSL/TLS communication between the...

Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities

104 vulnerabilities in quarterly Critical Patch Update...

AndExplorer vulnerable to directory traversal

Overview AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

PT-2014-17: Weak encryption of account data in Wonderware Information Server

The specialists of the Positive Research center have detected a Weak encryption of account data vulnerability in Wonderware Information Server. Encryption of WIS is insufficient. This vulnerability could allow elevation of privileges if an attacker decrypts the credentials. The system would need ...

PT-2014-44: Heap-based buffer overflow in Honeywell EPKS

The specialists of the Positive Research center have detected a Heap-based buffer overflow vulnerability in Honeywell EPKS. Heap-based buffer overflow was discovered in function svcdataio from dualonsrv.exe module which could lead to possible remote code execution or denial of service How to fix...

PT-2014-35: Stack-based buffer overflow in Honeywell EPKS

The specialists of the Positive Research center have detected a Stack-based buffer overflow vulnerability in Honeywell EPKS. Stack-based buffer overflow was discovered in function hscsconf which could lead possible remote code execution or denial of service. How to fix Update your sofware up to t...

JVN#24730765: Blackboard Vista/CE vulnerable to cross-site scripting

Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...