20 matches found
EUVD-2015-3060
Malware in sbrugna...
Webservice-DIC yoyaku_v41 OS Command Injection Vulnerability
Webservice-DIC yoyakuv41 is a conference room reservation management software from Webservice-DIC. Webservice-DIC yoyakuv41 fails to properly filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary operating system...
Webservice-DIC yoyaku_v41 Input Validation Vulnerability
Webservice-DIC yoyakuv41 is a conference room reservation management software from Webservice-DIC. Webservice-DIC yoyakuv41 fails to properly filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting a special request to create arbitrary files...
CVE-2015-2979
Webservice-DIC yoyakuv41 allows remote attackers to execute arbitrary OS commands via unspecified vectors...
CVE-2015-2978
Webservice-DIC yoyakuv41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."...
CVE-2015-2977
Webservice-DIC yoyakuv41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors...
Authentication flaw
Webservice-DIC yoyakuv41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."...
Code injection
Webservice-DIC yoyakuv41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors...
CVE-2015-2978
Webservice-DIC yoyakuv41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."...
CVE-2015-2977
Webservice-DIC yoyaku_v41 (conference room reservation software) is affected by CVE-2015-2977. The vulnerability stems from insufficient input validation (CWE-20), enabling remote attackers to create arbitrary files, which may lead to arbitrary code execution on the server. Public sources in the ...
CVE-2015-2978
The CVE-2015-2978 case describes Webservice-DIC yoyaku_v41 as vulnerable to an authentication bypass (CWE-592), enabling remote attackers to bypass login and complete a conference-room reservation (described as an “unintentional reservation”). Affected product: yoyaku_v41. Root cause: inadequate ...
CVE-2015-2979
CVE-2015-2979 affects Webservice-DIC yoyaku_v41 (conference room reservation software). Concrete details from connected sources show an OS command injection (CWE-78) vulnerability that allows remote execution of arbitrary OS commands on the web server. Root cause described as improper input handl...
yoyaku_v41 vulnerable to authentication bypass
Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#17522792: yoyaku_v41 vulnerable to OS command injection
yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed with the privileges of the web server on the server where yoyakuv41 is running. Solution Do no...
JVN#52248864: yoyaku_v41 vulnerable to authentication bypass
yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Impact A remote attacker could bypass yoyakuv41's authentication, and make an unintentional reservation. Solution Do not use yoyakuv41...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Keigo Yamazaki of LAC Co.,...
JVN#05857667 Webservice-DIC yoyaku_v41 vulnerable to command injection
yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution...
JVN#80436657 Webservice-DIC yoyaku_v41 vulnerable to command injection
yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution Update the Software Update to the latest version...
Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
Overview Webservice-DIC shopv50 and shopv52 contain a cross-site scripting vulnerability. Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#79914432 Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
Webservice-DIC shopv50 and shopv52 are shopping cart software. shopv50 and shopv52 contain a cross-site scripting vulnerability. Impact This vulnerability can be exploited to conduct a cross-site scripting attack by an attacker. Solution Update the Software Administrators of the websites which us...