5625 matches found
JVN#84959128: FANUC i Series CNC vulnerable to denial-of-service (DoS)
Fanuc i Series CNC provided by FANUC CORPORATION contains a denial-of-service DoS CWE-400 vulnerability. Impact A remote attacker may cause a denial-of-service DoS condition and access to the other devices may be blocked. Solution Update the software or apply the patch The developer states that t...
JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products
Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...
JVN#34207650: Multiple cross-site scripting vulnerabilities in Webmin
Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
JVN#25059363: Multiple I-O DATA network camera products multiple vulnerabilities
Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. OS Command injection CWE-78 - CVE-2016-7819 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...
JVN#54686544: HOME SPOT CUBE multiple vulnerabilities
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains multiple vulnerabilities listed below. Cross-site scripting - CVE-2016-1136 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...
JVN#20671901: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Impact Recieiving a specially crafted packet for a public key authentication request may cause the server to hang and SSH access to be unavailab...
JVN#86832361 Microsoft Windows denial of service (DoS) vulnerability
Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Impact A remote attacker could possibly cause a denial of service DoS by sending specially crafted IPv6 packets. Solution Update the software Update to the latest version...
JVN#46892984: Multiple vulnerabilities in Rakuten Casa
Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. Use of Hard-coded Credentials CWE-798 - CVE-2022-29525 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 5.9 CVSS v2| AV:N/AC:M/Au:N/C:C/I:N/A:N| Base...
JVN#72801744: UNIVERGE WA Series vulnerable to OS command injection
Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability CWE-78. Impact If an attacker who can access the product sends specific character strings or a special...
JVN#33453839: Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference XXE vulnerabilities listed below. Improper restriction of XML external entity reference XXE CWE-611 - CVE-2021-20838 Resource exhaustion in the PDF convert...
JVN#63066062: WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Impact A user with the administrative privilege may unintentionally execute a script on his/her web browser. Solution Update the plugin Update the plugin according to the...
JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions
Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...
JVN#20040004: The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file
The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file CWE-427...
JVN#79301396: Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries
Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update the plug-...
JVN#99312352: WordPress plugin "MTS Simple Booking C" vulnerable to cross-site scripting
The WordPress plugin "MTS Simple Booking C" provided by MT Systems Co., Ltd. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin accordi...
JVN#23546631: Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries
Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the use...
JVN#77412145: SONY Portable Wireless Server WG-C10 fails to restrict access permissions
Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions CWE-284. Impact An authenticated attacker may obtain or alter information stored in the external storage connected to product. Solution Apply a Workaround The following workarounds may mitigate the...
JVN#81024552: Multiple vulnerabilities in WN-G300R3
WN-G300R3 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2141 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...
JVN#70380788: BASP21 vulnerable to mail header injection
BASP21 provided by B21Soft, Inc. contains a mail header injection vulnerability. Impact The header of an email created by BASP21 to be sent from a web application mail form may be altered by an unauthenticated remote attacker. As a result, an unintended email may be sent or a denial-of-service Do...
JVN#07148816: Multiple access restriction bypass vulnerabilities in Cybozu Office
Cybozu Office contains multiple access restriction bypass vulnerabilities below. Access restriction bypass in the "Project" function - CVE-2016-4867 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base...
JVN#31517714: Kingsoft Internet Security 2011 vulnerable to denial-of-service
Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Impact An attacker that can login to the system with the software running may cause a denial-of-service DoS. Solution Update the Software Update to the latest version...
JVN#28846531: Multiple vulnerabilities in JustSystems products
Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use after free CWE-416 - CVE-2023-34366 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 3.3 CVSS v2| AV:L/AC:M/Au:N/C:N/I:N/A:P| Base Score:...
JVN#28412757: Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT
Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2023-31196 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...
JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed as the...
JVN#67108459: EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery
EC-CUBE plugin "Mail Magazine Management Plugin" provided by EC-CUBE CO.,LTD. contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in to EC-CUBE which the plugin is installed, Mail Magazine Templates...
JVN#72788165: Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"
WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-0180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...
JVN#54794245: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
JVN#93207949: Click Ranker vulnerable to cross-site scripting
Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Click...
JVN#10100024: Management software for NEC Storage disk array system vulnerable to improper server certificate verification
Management software for NEC Storage disk array system provided by NEC Corporation is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication or alter the communication. Solution Update the...
JVN#31425618: Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"
WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#92265618: LINE for Windows may insecurely load Dynamic Link Libraries
LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code...
JVN#85531148: WordPress plugin "Events Manager" vulnerable to cross-site scripting
The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
JVN#26255241: The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries
The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact...
JVN#78501037: Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection
A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Impact An attacker who...
JVN#16136413: Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries
PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with t...
JVN#55489964: Multiple vulnerabilities in Apache Brooklyn
Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains the following vulnerabilities. It is known that proof-of-concept code to exploit these vulnerabilties exist. Cross-site Scripting Vulnerabilities CWE-79 - CVE-2017-3165 Version| Vector|...
JVN#80157683: SetucoCMS multiple vulnerabilities
SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains multiple vulnerabilities listed below. Cross-site request forgery - CVE-2016-4891 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
JVN#48039501: Shutter vulnerable to SQL injection
Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Uninstall the Software...
JVN#02331156 HP System Management Homepage vulnerable to cross-site scripting
HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is different from JVN19240523. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the...
JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard. The developer ha...
JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2
WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...
JVN#65388002: WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin accordin...
JVN#55833077: yappa-ng vulnerable to cross-site scripting
yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An...
JVN#97370614: MagazinegerZ vulnerable to cross-site scripting
MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...
JVN#94169589: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS v2|...
JVN#46258789: Multiple vulnerabilities in CyberMail
CyberMail contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5540 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Open Redirect CWE-601 -...
JVN#01040170: WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting
The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by...
JVN#39896275: The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries
PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic...
JVN#01312667: Multiple vulnerabilities in I-O DATA WN-AX1167GR
WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#01775119: Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries
Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running...