HP ThinUpdate vulnerable to improper server certificate verification

Overview HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification CWE-295. Narumi Hirai of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

JVN#70502982: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update the software to the latest version according to the information...

JVN#00712821: Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference XXE vulnerability CWE-611. Impact By reading a specially crafted XML file, arbitrary files which meet a certain condition may be...

AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...

JVN#14706307: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24374 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score: 3.5...

JVN#35906450: Multiple vulnerabilities in acmailer

acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

JVN#37376131: Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)

ORCAOnline Receipt Computer Advantage provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below. OS command injectionCWE-78 - CVE-2018-0643 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L| Base Score: 4.1 CVSS v2|...

CS-Cart Japanese Edition vulnerable to cross-site request forgery

Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery CWE-352 vulnerability. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

WordPress Uk Cookie plugin <= 1.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by nauty.me04 in WordPress Uk Cookie plugin versions = 1.0 Solution Update the WordPress Uk Cookie plugin to the latest available version at least 1.1...

Blogn vulnerable to cross-site scripting

Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...