5625 matches found
JVN#21103639: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field. Impact Contents of an email may be obtained by a user that does not have privileges to access that original email. Solution Update the Software Update to the latest version according to the...
JVN#25280162: WordPress vulnerable to cross-site scripting
WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected...
JVN#51305555: Lotus Domino vulnerable to denial-of-service (DoS)
Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Impact A remote attacker may cause the Domino service to crash. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
JVN#83907168: Multiple KYOCERA mobile devices may reboot during email reception
Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email. Impact When receiving an invalid email, the device will always reboot,...
JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...
JVN#88643450: Sleipnir Mobile for Android vulnerable in the WebView class
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...
JVN#33171616: WEB PATIO vulnerable to cross-site scripting
WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...
JVN#15646988: WordPress plugin WassUp vulnerable to cross-site scripting
WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...
JVN#10745573: Janetter vulnerable to information disclosure
Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, session information used to communicate with Twitter may be disclosed. Solution Update the software...
JVN#88991166: SEIL Series routers vulnerable to buffer overflow
The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 proce...
JVN#84393059: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...
JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed
When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. As a result, users that do not have permission to access that folder can gain access to that folder. Impact A user that does not have permission to...
JVN#82465391: e-Pares vulnerable to cross-site request forgery
e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into e-Pares, facility reservation data may be altered. Solution Update the Software Update to the latest...
JVN#90872372 WebSAM DeploymentManager vulnerable to denial of service
WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for DPM" installed, a remote attacker may shut down or restart the operating...
JVN#93827000 Tree BBS from Let's PHP! vulnerable to cross-site scripting
Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by t...
JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access...
Multiple vulnerabilities in BUFFALO Wi-Fi routers
Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...
JVN#82749078: Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management
Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2024-21824 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base...
JVN#03447226: "Skylark" App fails to restrict custom URL schemes properly
"Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939, CVE-2023-40530, CVE-2024-54014 which may be exploited to direct the App to access any sites. Impact An...
JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...
JVN#23766146: Passage Drive vulnerable to insufficient data verification
Passage Drive provided by Yokogawa Rental & Lease Corporation contains an insufficient data verification vulnerability for interprocess communication CWE-20. Impact By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the...
JVN#58266015: Multiple vulnerabilities in multiple MEIKYO ELECTRIC products
Multiple MEIKYO ELECTRIC products provided by MEIKYO ELECTRIC CO.,LTD. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-27632 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2|...
JVN#81376414: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/Au:S/C:C/I:C/A:C| Base Score: 9.0...
JVN#75444925: Multiple vulnerabilities in EC-CUBE 2 series
EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Improper access control in Management screen CWE-284 - CVE-2021-20841 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...
JVN#89054582: WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery
WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Upda...
JVN#73559859: Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries
Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...
JVN#74554973: Installer of LhaForge may insecurely load Dynamic Link Libraries
LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution U...
JVN#55294532: WordPress plugin "YOP Poll" vulnerable to cross-site scripting
The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the web browser of a user accessing the poll generated by the application. Solution Update the plugin Update the plugin according to the information provided ...
JVN#71666779: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact If a user accesses a malicious web page, arbitrary code may b...
JVN#23823838: CG-WLR300NX vulnerable to cross-site request forgery
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest version of...
JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the developer...
JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities
BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. Impact Decompressing a...
JVN#13313061: TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery
e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If the administrator views a malicious page while logged into the...
JVN#63194482: IrfanView vulnerable to buffer overflow
IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Impact When processing a specially crafted file contained in a folder named using multi-byte...
JVN#28436508: Juniper ScreenOS vulnerable to denial-of-service (DoS)
ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Impact When processing a malicious packet, the device may hang. Solution Enable the "Ping of Death Screen" Enable the "Ping of Death Screen" setting according to the information provided by the developer...
JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting
Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...
JVN#00065218: JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability. Impact Users without administrative privileges may obtain administrative privileges. Solution Update the software Update to the latest version according to the...
JVN#63428218: Cybozu Live for Android vulnerable to arbitrary Java method execution
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Impact When opening a specially crafted website, an attacker...
JVN#48108258: HP ProCurve 1700 series switches vulnerable to cross-site request forgery
ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, product settings may be changed. Solution Update the software Update to the latest version according to the information provided b...
JVN#31817913: Yahoo! Browser vulnerable to address bar spoofing
Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update...
JVN#52492830: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Impact Receiving a specially crafted pty request packet may cause SSH access to be unavailable until the next reboot. Solution Apply a patch Apply the appropriate...
JVN#36339873: dopvSTAR* vulnerable to cross-site scripting
dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Modify the JavaScript Modify the JavaScript that enables to log accesses, according to...
JVN#23568423: Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...
JVN#33861625: Iwate Portal Bar vulnerable to arbitrary script execution
Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An...
JVN#41657660: Safari for iOS vulnerable to cross-site scripting
Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Impact Opening a maliciously crafted file may lead to an arbitrary script being executed on the user's web browser. Solution Update...
JVN#89764731: WEB FORUM vulnerable to cross-site scripting
WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according ...
JVN#62275332: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Products Affected Internet...
JVN#62527913 Directory traversal vulnerability in multiple Cisco Systems products
Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services. Impact A remote attacker could view or alter files on the target server. Solution Update the software Update to the latest version of CiscoWorks Common Services according the...
JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection
Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...
JVN#66828183 MODx cross-site request forgery vulnerability
MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Impact A remote attacker may modify contents managed by MODx if the user views a malicious web page while logged in to MODx. Solution Update the software and change the configuration Apply the...