10 matches found
CVE-2025-11252
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not...
Command Execution Vulnerability in Green Alliance WAF of Beijing Shenzhou Green Alliance Technology Co., Ltd (CNVD-2024-07088)
Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. Ltd. Green Alliance WAF has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands...
Command Execution Vulnerability in 4A Unified Security Control Platform of Beijing Qixingchen Information Security Technology Co.
Beijing Qixingchen Information Security Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the 4A Unified Security Control Platform of Beijing Qixingchen Information Security...
Beijing Dawei Zhichuang Technology Co., Ltd.'s Intellectual Property Management System Has Logical Flaws and Vulnerabilities
Beijing Dawei Zhichuang Technology Co., Ltd. is a company whose business scope includes technology development, technology promotion, technology transfer, technology consulting and technology service in the field of computer software, hardware and electronic products. There is a logic flaw...
JVN#25078144: Source code security studying tool iCodeChecker vulnerable to cross-site scripting
Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Source code security studying tool...
JVN#20870477: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...
Information-Technology Promotion Agency Empirical Project Monitor - eXtended Cross-Site Scripting Vulnerability (CNVD-2017-07737)
Information-Technology Promotion Agency Empirical Project Monitor - eXtended is a project progress monitoring software for the Information-Technology Promotion Agency in Japan. eXtended is a project progress monitoring software for the Information-Technology Promotion Agency in Japan. A cross-sit...
JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...
Security guide for website operators vulnerable to OS command injection
Overview Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. This vulnerability was reported by IPA to notify users of its solution through JVN. JPCERT/CC a...
JVN#71666779: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact If a user accesses a malicious web page, arbitrary code may b...