5625 matches found
Multiple directory traversal vulnerabilities in Cybozu Office
Overview Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below. Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request CWE-22 - CVE-2018-0703 Directory traversal vulnerability due to a flaw in processing parameter...
Cybozu Mailwise vulnerable to directory traversal
Overview Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of it...
WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting
Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Yuta Kitaoka of TokyoDenkiUniversity Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor
Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...
Web Isolation vulnerable to cross-site scripting
Overview Web Isolation provided by Symantec Corporation contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provide...
LINE MUSIC for Android fails to verify SSL server certificates
Overview LINE MUSIC for Android provided by LINE MUSIC CORPORATION fails to verify SSL server certificates CWE-295. LINE MUSIC CORPORATION reported this vulnerability to JPCERT/CC to notify users of respective solutions through JVN. Impact A man-in-the-middle attack may allow an attacker to...
WL-330NUL vulnerable to cross-site request forgery
Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability CWE-352. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Movable Type plugin MTAppjQuery vulnerable to PHP code execution
Overview MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file CWE-434, which may lead to arbitrary PHP...
Multiple vulnerabilities in Aterm W300P
Overview Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 Buffer Overflow CWE-119 - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this...
Multiple OS command injection vulnerabilities in Aterm WG1200HP
Overview Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities CWE-78. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
DHC Online Shop App for Android fails to verify SSL server certificates
Overview DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Sho Ueshima and Tsuyoshi Ogawa of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
Installer of Glary Utilities may insecurely load Dynamic Link Libraries
Overview Installer of Glary Utilities provided by Glarysoft Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
Local File Inclusion vulnerability in Zenphoto
Overview Zenphoto is a content management system CMS. Zenphoto contains a Local File Inclusion vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Sensitive information may be obtained or...
Multiple vulnerabilities in Pixelpost
Overview Pixelpost provided by Pixelpost.org contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0604 Cross-site scripting CWE-79 - CVE-2018-0605 SQL injection CWE-89 - CVE-2018-0606 ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the...
The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file
Overview The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file...
Multiple vulnerabilities in Cybozu Office
Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Information disclosure in the application "Message" when viewing an external image CWE-200 - CVE-2018-0526 Stored cross-site scripting in "E-mail Details Screen" of the application "E-mail" CWE-79 -...
Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries
Overview Multiple Windows applications and installers provided by Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory where applications and/or installers reside CWE-427. Microsoft states that the root cause of thi...
The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries
Overview The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer CWE-427. Microsoft states that the root cause of this vulnerability is "Applicatio...
KINEPASS App fails to verify SSL server certificates
Overview KINEPASS App provided by T-JOY CO.,LTD fails to verify SSL server certificates. Seigo Yamamoto of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow a...
IIJ SmartKey App for Android vulnerable to authentication bypass
Overview IIJ SmartKey App for Android contains an authentication bypass vulnerability. IIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication two-factor authentication for a website from an Android device. IIJ SmartKey App fo...
Access Control Vulnerability in Hitachi Infrastructure Analytics Advisor
Overview An Access Control Vulnerability was found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...
WordPress plugin "Events Manager" vulnerable to cross-site scripting
Overview The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC...
Hatena Bookmark App for iOS contains an address bar spoofing vulnerability
Overview Hatena Bookmark App for iOS provided by Hatena Co., Ltd. contains a vulnerability where the address bar displays a different URL than the URL that is being accessed. Kenichiro Wakitani reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
TinyFTP Daemon vulnerable to buffer overflow
Overview TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that an...
ViX may insecurely load Dynamic Link Libraries
Overview ViX provided by KOKADA is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file CWE-427. During the meeting of Committee for authorizing the...
Multiple vulnerabilities in CG-WGR1200
Overview CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Buffer Overflow CWE-78 - CVE-2017-10853 Authentication bypass CWE-306 - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure...
Installer of WinShot may insecurely load Dynamic Link Libraries
Overview Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Installer of JTrim may insecurely load Dynamic Link Libraries
Overview Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Installer of "FLET'S Azukeru Backup Tool" may insecurely load Dynamic Link Libraries
Overview "FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to...
Cross-site Scripting Vulnerability in Fujitsu NetCOBOL
Overview A cross-site scripting vulnerability was found in MeFt/Web Service manager function in Fujitsu NetCOBOL. Impact By creating a malicious webpage that exploits this vulnerability, an attacker could execute arbitrary code on the user's computer used to access the malicious webpage. Solution...
Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor
Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Cross-site Scripting Access Control For Access Control, Hitachi Data Center Analytics v8.0.0, v8.0.2, v8.1.0, and v8.1.3 will be affected. Impact Regarding the impact of the vulnerability, please refer ...
Information Disclosure Vulnerability in Hitachi Global Link Manager
Overview An Information Disclosure Vulnerability was found in Hitachi Global Link Manager. Impact Information might be disclosed. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
Overview HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from JVN58909026. Eili Masami of Tachibana Lab. report...
HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
Overview HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from JVN55516206. Yuji Tounai of NTT Communications...
Wi-Fi STATION L-02F fails to restrict access permissions
Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC...
Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD
Overview Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Improper access restriction CWE-425 - CVE-2017-10833 Directory traversal CWE-22 - CVE-2017-10834 Arbitrary PHP...
Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries
Overview Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. The tool is provided as a ZIP archive. It is assumed that a user extracts the too...
RBB SPEED TEST App fails to verify SSL server certificates
Overview RBB SPEED TEST App provided by IID, Inc. fails to verify SSL server certificates. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...
WordPress plugin "Popup Maker" vulnerable to cross-site scripting
Overview The WordPress plugin "Popup Maker" provided by Popup Maker contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary scri...
Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
Overview Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated...
HOME SPOT CUBE2 vulnerable to improper authentication in WebUI
Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains improper authentication in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
Overview Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Note that this vulnerability is different from JVN7551446...
The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN20870477...
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN80238098...
Installer of SaAT Personal may insecurely load Dynamic Link Libraries
Overview The installer of SaAT Personal provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. report...
PrimeDrive Desktop Application Installer may insecurely load executable files
Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Eili Masami of...
NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
Overview ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for...
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Note that this vulnerability is different from JVN77253951. Gen Sato of Mitsui Bussan Secure...