16 matches found
EUVD-2018-1433
Malware in sbrugna...
EUVD-2018-1434
Malware in sbrugna...
yayoi-dai.com Improper Access Control vulnerability OBB-3817056
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2018-0623
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and...
Design/Logic Flaw
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and...
Design/Logic Flaw
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and...
CVE-2018-0624
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and...
CVE-2018-0623
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and...
CVE-2018-0624
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and...
CVE-2018-0624
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and...
CVE-2018-0623
CVE-2018-0623 corresponds to a DLL search path (CWE-427) vulnerability in multiple Yayoi 17 Series products from Yayoi Co., Ltd. The flaw arises from insecure handling of DLL loading (msjet49.dll) in the affected applications, allowing an attacker to gain privileges via a Trojan horse DLL placed ...
CVE-2018-0623
Untrusted search path vulnerability in Multiple Yayoi 17 Series products Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and...
CVE-2018-0624
CVE-2018-0624 is an untrusted search path vulnerability in multiple Yayoi 17 Series products (loading ykkapi.dll) that could let an attacker gain privileges via a Trojan DLL in an unspecified directory. Connected docs reference CVE-2018-0824 in unrelated loader activity (UnmarshalPwn/ShadowPad/Co...
DLL planting vulnerability in multiple Yayoi 17 Series products
Overview Multiple Yayoi 17 Series products provided by Yayoi Co., Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinate...
JVN#06813756: DLL planting vulnerability in multiple Yayoi 17 Series products
Multiple Yayoi 17 Series products provided by Yayoi Co., Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the running application. Solution Update the Software Apply the...
JVN#43615794 Yayoi Kaikei improper handling of credential information
Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can obtain the customer number and the phone number to impersonate the user on...