7 matches found
Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution
Overview Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter b...
Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates
Overview Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates. Mizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates CWE-295. Reo Yoshida reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...
HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
Overview HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from JVN55516206. Yuji Tounai of NTT Communications...
Cybozu Office vulnerable to denial-of-service (DoS)
Overview Cybozu Office contains a denial-of-service DoS vulnerability. Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...
"Check available times" function in Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Check available times" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...
Photopt App fails to verify SSL server certificates
Overview Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Yuto Iso reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...
MailPoet Newsletters vulnerable to cross-site request forgery
Overview MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Yoshinori Matsumoto reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a use...