18 matches found
EUVD-2017-11415
Malware in sbrugna...
EUVD-2023-31284
Malicious code in bioql PyPI...
CVE-2023-27527
Shinseiyo Sogo Soft 7.9A and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...
CVE-2023-27527
Shinseiyo Sogo Soft 7.9A and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...
CVE-2023-27527
Shinseiyo Sogo Soft 7.9A and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...
Xxe
Shinseiyo Sogo Soft 7.9A and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...
CVE-2023-27527
CVE-2023-27527 affects Shinseiyo Sogo Soft (7.9A) and earlier, where XML external entity (XXE) processing improperly restricts external entities. A crafted XML file can allow an attacker to access arbitrary files on the PC. The issue is rooted in XXE handling in the software and is documented acr...
CVE-2023-27527
Shinseiyo Sogo Soft 7.9A and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...
CVE-2023-27527
Shinseiyo Sogo Soft 7.9A and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...
Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
Overview Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
JVN#73178249: Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Update the Software Update the software to the latest...
Shinseiyo Sogo Soft 代码问题漏洞
Shinseiyo Sogo Soft is a software used by Japan's Ministry of Justice to process legal documents and information. A security vulnerability exists in Shinseiyo Sogo Soft version 7.9A and prior versions, which arises from incorrectly restricting XML external entity references...
Shinseiyo Sogo Soft Untrustworthy Search Path Vulnerability
Shinseiyo Sogo Soft is an online registration application system released by the Japanese Ministry of Justice.Installer is one of the installation programs. An untrusted search path vulnerability exists in the installer in Shinseiyo Sogo Soft 4.8A and earlier versions. An attacker can exploit thi...
CVE-2017-2232
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft 4.8A and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2232
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft 4.8A and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Design/Logic Flaw
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft 4.8A and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2232
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft 4.8A and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2232
The CVE-2017-2232 issue affects the Installer of Shinseiyo Sogo Soft (4.8A) and earlier. The vulnerability is an untrusted search path (CWE-427) in the installer that can allow an attacker to cause arbitrary code execution by placing a Trojan horse DLL in an untrusted directory, gaining privilege...