5627 matches found
JVN#87895771: Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption
Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact A logged-in user may consume huge storage space, resulting to a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the information...
JVN#60037444: Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...
JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification
Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to alter the data received by the affected products. Solution Update the software Update the software to the latest version according to the...
JVN#19826500: PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption
PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Impact A user who can physically access the products may obtain the stored passwords. Solution Stop using the products The developer states that the products are no longer...
JVN#40725650: Multiple vulnerabilities in XOOPS module "XooNIps"
XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injectionCWE-89 - CVE-2020-5624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Cross-site Scripting CWE-79 -...
JVN#55657988: SHIRASAGI vulnerable to open redirect
SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the...
JVN#33901663: RT-AC87U vulnerable to cross-site scripting
RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...
JVN#04564808: Installer of ”FLET'S Azukeru Backup Tool” may insecurely load Dynamic Link Libraries
"FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to insecurel...
JVN#81820501: FlashAir do not set credential information in PhotoShare
FlashAirTM by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAirTM PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAirTM default to the wireless...
JVN#54268888: Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries
Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the user running the application. Solution...
JVN#83568336: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the "Messages" function. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest version according to t...
JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks
Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...
JVN#39594409: DMM Movie Player App fails to verify SSL server certificates
DMM Movie Player App provided by DMM.com Labo Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...
JVN#63384827: Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting
EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the...
JVN#00272277: Tokyo Star bank App fails to verify SSL server certificates
Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided...
JVN#78383854: Internet Explorer cross-domain policy bypass
Internet Explorer contains an information disclosure vulnerability due to a flaw in handling cross-domain policies. Impact When a specially crafted content is opened, cross-domain policies may be bypassed and then information of the URL that the user is accessing may be obtained by an attacker...
JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection
BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability CWE-89. Impact A logged in attacker may execute SQL statements. According to the developer, this vulnerability affects availability of the server that EC-CUBE resides, bu...
JVN#73346595: applican vulnerable to URL whitelist bypass
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the access...
JVN#77193915: Twit BBS vulnerable to cross-site scripting
Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Twit BBS Twit BBS is no longer being developed or...
JVN#97971874: Welcart vulnerable to cross-site scripting
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Impact If a user views a malicious page while logged into WordPress with this plugin...
JVN#17480391: shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting
shiromukuu1GUESTBOOK from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukuu1GUESTBOOK contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...
JVN#94592501: Multiple I-O DATA IP Cameras vulnerable to authentication bypass
Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability. Impact An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. Solution Apply an update Update...
JVN#31082531: Cybozu Garoon 3 API access restriction bypass vulnerability
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version...
JVN#10724763: SEIL Series routers vulnerable to denial-of-service (DoS)
The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC may be...
JVN#51285738: tetra filer vulnerable to directory traversal
tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...
JVN#25280162: WordPress vulnerable to cross-site scripting
WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected...
JVN#85812843: FileMaker Pro fails to verify SSL server certificates
FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Upgrade the software Upgrade to the latest...
JVN#52492830: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Impact Receiving a specially crafted pty request packet may cause SSH access to be unavailable until the next reboot. Solution Apply a patch Apply the appropriate...
JVN#99681273: myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting
myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest product released on Feb.16, 2012 or a fixed myu-s according to the...
JVN#50701493: Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service
Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus formerly WebShield SMTP contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS. Solution Do not use Email...
JVN#03015214: KUNAI Browser for Remote Service beta vulnerable in the WebView class
KUNAI Browser for Remote Service beta is an Android browser software for using Cybozu. KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious fi...
JVN#92038939: mixi for Android information management vulnerability
mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Impact If a user of the affected product uses a malicious Android application, friends' comments may be...
JVN#88643450: Sleipnir Mobile for Android vulnerable in the WebView class
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
JVN#73162541: OTRS vulnerable to OS command injection
OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of OTRS on the server where it is installed. Solution Update the software Update to the latest version according...
JVN#09115481: Cross-site scripting vulnerability in multiple Rocomotion products
Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. This issue h...
JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed
When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. As a result, users that do not have permission to access that folder can gain access to that folder. Impact A user that does not have permission to...
JVN#50133036: Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server
Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into the Oracle iPlanet Web Server management console, an arbitrary instance may be...
JVN#66077895 Virus Security and Virus Security ZERO denial of service (DoS) vulnerability
Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service DoS vulnerability as they do not properly handle malicious compressed files when scanning. Impact The software may not function aft...
JVN#66673020: Multiple vulnerabilities in Defense Platform Home Edition
Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Base Score 8.8 CVE-2025-20094 Execution with unnecessary privileges CWE-250...
JVN#50132400: Multiple vulnerabilities in WordPress Plugin "Forminator"
WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2024-28890 SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H...
JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"
WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-34423 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#82749078: Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management
Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2024-21824 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base...
JVN#10921428: Lemon8 App fails to restrict access permissions
Lemon8 by ByteDance K.K. provides the function to access a requested URL using Custom URL Scheme/DeepLink. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an arbitrar...
JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...
JVN#17625382: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001
Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-36381 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P|...
JVN#93667442: Gitlab vulnerable to server-side request forgery
Gitlab contains a server-side request forgery vulnerability CWE-918 through the Project Import feature. Impact The vulnerability allows an attacker to make arbitrary HTTP/HTTPS or git requests inside a GitLab instance's network. Solution Update the software Update the software to the latest versi...
JVN#13878856: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification
Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the...
JVN#89524240: MarkText vulnerable to cross-site scripting
MarkText is a Markdown editor. MarkText contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the PC of the user using the product. Solution Update the Software Update the software to the latest version according to the information provided by the...
JVN#81376414: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/Au:S/C:C/I:C/A:C| Base Score: 9.0...
JVN#60553023: ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)
ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service DoS vulnerability CWE-404. Impact If it is exploited, an attacker may cause a denial-of-service DoS to stop the applications and all daemons of t...