NTT DATA INTRAMART intra-mart Accel Platform 代码问题漏洞

NTT DATA INTRAMART intra-mart Accel Platform is a digital transformation system development platform owned by NTT DATA INTRAMART in Japan. There are code vulnerabilities within the NTT DATA INTRAMART intra-mart Accel Platform; these vulnerabilities stem from insecure deserialization issues, which...

EUVD-2016-2285

Malware in sbrugna...

EUVD-2015-7685

Malware in sbrugna...

EUVD-2014-2043

Malware in sbrugna...

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

catalys.portal.nttdataservices.com Cross Site Scripting vulnerability OBB-3366364

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Constraint Bypass in Spring Security

Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...

Data Center Security Privilege Escalation

Summary Symantec has released an update to address an issue that was discovered in the Data Center Security Manager component. Affected Products Data Center Security Manager Component --- CVE | Affected Versions | Remediation CVE-2020-5832 | Prior to 6.8.2 aka 6.8 MP2 | Upgrade 6.8.2 aka 6.8 MP2...

Android App "MyPallete" vulnerable to improper server certificate verification

Overview Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification CWE-295 and to improper host-matching validation CWE-297. Dai Nakamura of...

JVN#28845872: Android App "MyPallete" vulnerable to improper server certificate verification

Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification CWE-295 and to improper host-matching validation CWE-297. Impact A man-in-the-midd...

Design/Logic Flaw

NTT Data TERASOLUNA Server Framework for JavaWEB 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname...

CVE-2016-1183

The CVE-2016-1183 entry affects TERASOLUNA Server Framework for Java(WEB) versions 2.0.0.1 through 2.0.6.1. According to the connected sources, a vulnerability exists in the file-extension restriction mechanism of the framework, allowing a remote attacker to bypass the filter via a specially craf...

CVE-2016-1183

NTT Data TERASOLUNA Server Framework for JavaWEB 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname...

JVN#74659077: TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter

The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB has a function to restrict access to contents with specified file extentions from browser requests. This function may be...

CVE-2015-7786

Cross-site scripting XSS vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-7786

Cross-site scripting XSS vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-7786

CVE-2015-7786: Cross-site scripting in the NTT DATA Smart Sourcing JavaScript module used by Web Analytics Service (distributed 2003-11-26 to 2013-07-09). The vulnerability allows an attacker to inject arbitrary script/HTML via unspecified vectors. Affected component is the Web Analytics Service ...

JVN#70083512: Web Analytics Service vulnerable to cross-site scripting

The JavaScript module for using Web Analytics Service which was provided by NTT DATA Smart Sourcing Corporation contains a cross-site scripting vulnerability CWE-79 due to a flaw in escaping process. According to the developer, this script was distributed from 26 November, 2003 to 9 July, 2013...

JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114. Therefor...