5627 matches found
JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting
EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...
JVN#05288621: EasyMail vulnerable to cross-site scripting
EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the software Update the software to the latest version accordin...
JVN#55675303: Digital Arts m-FILTER vulnerable to improper authentication
m-FILTER provided by Digital Arts Inc. is an emaill security product. m-FILTER contains an improper authentication vulnerability CWE-287 when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. Digital Arts Inc. states that attacks exploiting th...
JVN#29657972: TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input
tdpServer of TP-Link RE300 V1 improperly processes its input, possibly resulting to crash CWE-228. Impact An attacker may be able to cause a denial-of-service DoS condition of the product's OneMesh function. Solution Update the software Update the software to the latest version according to the...
JVN#32625020: LiteCart vulnerable to cross-site scripting
LiteCart contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update the software Update the software to the latest version according to the information provided by...
JVN#14134801: baserCMS vulnerable to cross-site scripting
baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the developer...
JVN#73742314: RT-AC68U vulnerable to cross-site scripting
RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...
JVN#36048131: Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability CWE-78. Impact An attacke...
JVN#92422409: The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the...
JVN#75514460: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. ...
JVN#12281353: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability CWE-79 due to an issue in "Messages" function of Cybozu Garoon Keitai. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
JVN#13218253: Cybozu Garoon vulnerable to information disclosure
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability CWE-200. Impact Cybozu Garoon uses HTTPS communication, therefore an attacker can not eavesdrop on communication under normal operations. However, if a user conducts a specific...
JVN#17980240: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability CWE-89 due to an issue in "MultiReport" function. Impact A user may execute arbitrary SQL commands. Solution Update the Software Update to the latest version according to the information...
JVN#71462075: Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting
Splunk Enterprise and Splunk Lite contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser by an attacker who can log-in to the system as an administrator. Solution Update the Software Update to the latest version according t...
JVN#48789425: Trend Micro Internet Security multiple vulnerabilities
Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...
JVN#37121456: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
JVN#49285177: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
JVN#41772178: Apache Cordova vulnerable to arbitrary plugin execution
Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where arbitrary plugins may be executed. Impact Accessing a specially crafted URL may result in...
JVN#11458774: EC-CUBE fails to restrict access permissions
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Impact A logged in attacker may bypass access restrictions, or delete access restriction settings. Solution Apply the update or the patch Apply the update or the pat...
JVN#13288761: baserCMS plugin "Recruit Plugin" multiple vulnerabilities
baserCMS plugin "Recruit Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forgery...
JVN#59349382: Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged into the management screen, various administrative functions may be performed. Solution Apply a workaround The following workaround...
JVN#93535632: Log-Chat vulnerable to cross-site scripting
Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Log-Ch...
JVN#22578691: Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates
Akerun - Smart Lock Robot App for iOS provided by Photosynth Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information...
JVN#50899877: acmailer vulnerable to OS command injection
acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability CWE-78. Impact An authenticated attacker may execute an arbitrary OS command on the server. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
JVN#64625488: applican vulnerable to script injection
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. Impact When a user accesses a specially crafted URL through an application built using applican, an...
JVN#79633796: baserCMS vulnerable to SQL injection
baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements CWE-89. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version...
JVN#00015036: OpenDocMan vulnerable to cross-site scripting
OpenDocMan is a document management system DMS. OpenDocMan contains a cross-site scripting vulnerability due to a processing flaw in the "redirection" parameter. Impact An arbitrary script may be executed on the user's Mozilla Firefox. Solution Update the software Update to the latest version...
JVN#96439865: EasyCTF vulnerable to session management
EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability in session management CWE-639. Impact A remote attacker without login credentials may log in. As a result, information may be disclosed. Solution Update the Software Update to the latest version...
JVN#14522790: Smartphone Passbook fails to verify SSL server certificates
Smartphone Passbook provided by Ogaki Kyoritsu bank Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...
JVN#87910097: i-HTTPD vulnerable to cross-site scripting
i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained. It is...
JVN#61593104: ARROWS Me F-11D vulnerability where arbitrary areas may be accessed
ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed. Impact An attacker with local access may obtain or alter contents in the flash memory of the device. Solution Apply an Update Apply the update according to the information provided by the provider...
JVN#84335912: File Explorer vulnerable to directory traversal
File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileg...
JVN#10603428: JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...
JVN#44392991: Security File Manager vulnerable to directory traversal
Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...
JVN#19740283: Cybozu Live for Android vulnerable in the WebView class
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Impact When there is a malicious file in the user's Android device,...
JVN#05132866: Multiple Cisco products vulnerable to denial-of-service (DoS)
The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected ...
JVN#75585394: NEC Universal RAID Utility fails to restrict access permissions
NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. Impact A remote unauthenticated attacker may conduct arbitrary operations against the HDD on the vulunerable RAID system. Solution Update...
JVN#99192898: Multiple GREE Android applications vulnerable in the WebView class
Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Updat...
JVN#60887968: Movable Type Plugin MailForm vulnerable to cross-site scripting
MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the fixed version according to the information provided by the developer. Products Affected...
Etomite vulnerable to cross-site scripting
Overview Etomite contains a cross-site scripting vulnerability. Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
JVN#58019849: GTK+ may insecurely load dynamic libraries
GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact In an application that uses GTK+, arbitrary code may be executed with the privilege of that application. Solution Solution for...
JVN#80877328: Multiple Cybozu products vulnerable to cross-site scripting
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to...
JVN#30881447: SquirrelMail vulnerable to cross-site request forgery
SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Impact A remote attacker may send an arbitrary email or change the settings...
JVN#46026251: Safari address bar spoofing vulnerability
Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed...
JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass
Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product. Impact A remote attacker may view or modify information stored b...
JVN#13011682 SEIL/X Series and SEIL/B1 denial of service vulnerability
SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the NAT function, which may lead to a denial of service DoS vulnerability. Impact When processing a specially crafted packet, a remote attacker may cause a denial of service. Solution Update the...
JVN#08369659 Movable Type access restriction bypass vulnerability
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. Impact A remote attacker may send unsolicited email to arbitrary addresses or view information stored in Movable Type. Solution Update the Software Update to the...
JVN#18405927 Multiple Cybozu products vulnerable to cross-site request forgery
Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged onto the Cybozu web interface, the user's schedules and other configuration settings may be altered. Solution Update the Software Apply the latest updates provided...
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts that can be exploited to cause a buffer overflow. Impact An attacker with an established,...
JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...