Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over ...

Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure

Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure Update via developers website...

JVN#01119243: API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions

JR East Japan train operation information push notification App for Android provided by East Japan Railway Company fails to restrict access permissions CWE-284. The application is no longer available/supported, and its service was ended in 2019 march 23. Impact A remote attacker may obtain or alt...

Facebook hacked in Zero-Day Attack

Facebook operator of the largest social network with more than 1 billion members, said on Friday it had been the target of an unidentified hacker group, but that no user information was compromised during the attack. The attack occurred when a handful of the company's employees visited a...

JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass

e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...

JVN#87239473: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...

JVN#55714408: Multiple Yamaha routers vulnerable to denial-of-service (DoS)

Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Impact A remote attacker may cause a denial-of-service DoS. Solution Update the firmware Update to the latest version of firmware according to the information provided by th...

JVN#01948274: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...

JVN#86832361 Microsoft Windows denial of service (DoS) vulnerability

Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Impact A remote attacker could possibly cause a denial of service DoS by sending specially crafted IPv6 packets. Solution Update the software Update to the latest version...

JVN#60419863 Geeklog Forum Plugin vulnerable to cross-site scripting

Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the...

JVN#38893575 PC2M cross-site scripting vulnerability

PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...

JVN#82610488 Lhaplus buffer overflow vulnerability

Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...

JVN#33218020 Feed2JS cross-site scripting vulnerability

Feed2JS Feed to JavaScript is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the user's web browser. Solution Update the Software Apply the latest updates...

JVN#70734805 Lhaplus buffer overflow vulnerability

Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, arbitrary code could be executed with the privilege of the user. Impact Arbitrary code could be executed with the...

JVN#82276964 Tuigwaa cross-site scripting vulnerability

Tuigwaa from the Tuigwaa Project is open source software to develop web applications. Tuigwaa contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. For mo...

JVN#44532794 rktSNS cross-site scripting vulnerability

rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the update provided by the developer. For more...

JVN#02729869 pnamazu cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...