5625 matches found
JVN#63023305: InBody App vulnerable to information disclosure
InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody Ap...
JVN#87403477: Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries
Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitra...
JVN#99737748: AppCheck may insecurely invoke an executable file
AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...
JVN#20870477: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...
JVN#50197114: smalruby-editor vulnerable to OS command injection
smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...
JVN#28151745: Sleipnir for Mac vulnerable to URL spoofing
Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Impact The displayed URL may be forged to conduct phishing attacks. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet pass-thru Mode...
JVN#42262137: simple chat vulnerable to cross-site scripting
simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected simple...
JVN#02576342: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Impact When a user opens a specially crafted email, an attacker can notice that the user read the email. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#13582657: WordPress plugin "Nofollow Links" vulnerable to cross-site scripting
The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution Update the plugin Update the plugin according to the information...
JVN#43529183: Jetstar App for iOS fails to verify SSL server certificates
Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update to the latest version according to the information provided ...
JVN#85359294: WL-330NUL vulnerable to denial-of-service (DoS)
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service DoS vulnerability. Impact An attacker who can access the product may be able to cause a denial-of-service DoS. Solution Update the Firmware Update the firmware to the latest version...
JVN#69462495: WL-330NUL information management vulnerability
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. Impact An attacker that can access the product may obtain the WPA2-PSK passphrase. Solution Update the Firmware Update the firmware to the latest version according to th...
JVN#35845584: Frame high-speed chat vulnerable to cross-site scripting
Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...
JVN#71088919: applican vulnerable to script injection
applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Impact When an application built using applican processes a specially crafted SSID, an arbitrary scri...
JVN#53973084: HTML::Scrubber vulnerable to cross-site scripting
HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Impact If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...
JVN#33179297: Enisys Gw vulnerable to arbitrary file creation
Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact An arbitrary file created by a logged in attacker may result in arbitrary code being executed on the server. Solution...
JVN#13456571: Dojo Toolkit vulnerable to cross-site scripting
Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by t...
JVN#04855224: baserCMS fails to restrict access permissions
baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system. Impact User information may be changed to arbitrary values by a logged in attacker...
JVN#67586379: Reversi vulnerable to URL whitelist bypass
Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to be...
JVN#09758120: Cacti vulnerable to cross-site scripting
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on th...
JVN#05559185: MilkyStep vulnerable to OS command injection
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the Software Update to the latest version according to the...
JVN#20879350: MilkyStep vulnerable to cross-site scripting
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...
JVN#52478686: MilkyStep vulnerable to SQL injection
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...
JVN#07538357: EasyCTF vulnerable to cross-site scripting
EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...
JVN#64455813: Squid input validation vulnerability
Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client. Impact If a HTTP response with a specially crafted header is processed, it may result in a HTTP response splitting...
JVN#09289074: WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be...
JVN#14691234: Multiple Cybozu products vulnerable to buffer overflow
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#65559247: OpenAM vulnerable to denial-of-service (DoS)
OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Impact When an OpenAM system is running "site" configuration with multiple instances, an authenticated attacker may be able...
JVN#97558950: Cybozu Garoon vulnerable to cross-site scritping
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...
JVN#75990997: Cybozu Garoon vulnerable to access restriction bypass
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to the lates...
JVN#48805624: Usermin vulnerable to OS command injection
Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Impact When a user that is logged into Usermin performs a specific action, an arbitrary command may be executed. Solution Update the software Update to the latest version according to...
JVN#58029817: C-BOARD Moyuku vulnerable to cross-site scripting
C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Produc...
JVN#87797318: XooNIps vulnerable to cross-site scripting
XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...
JVN#49384502: SimZip (Simple Zip Viewer) vulnerable to directory traversal
SimZip Simple Zip Viewer provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application...
JVN#12513975: TOWN (modified version) vulnerable to cross-site scripting
TOWN modified version provided by Tattyan's HP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...
JVN#74608669: RockDisk vulnerable to cross-site scripting
RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update provided by the developer. Products...
JVN#85804149: CLIP-MAIL vulnerable to cross-site scripting
CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...
JVN#53622030: Orchard vulnerable to cross-site scripting
Orchard is a content management system CMS. Orchard contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software or apply a patch Update to the latest version or apply the appropriate patch according to the...
JVN#99813183: Galapagos Browser vulnerable in the WebView class
Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Do not use Galapagos...
JVN#41022517: VxWorks Web Server vulnerable to denial-of-service (DoS)
The VxWorks Web Server contains a denial-of-service DoS vulnerability. Impact When a user accesses the VxWorks Web Server using a specially crafted URL, the server may crash. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affect...
JVN#07629635: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Impact A user with the "logging" permission may obtain information managed by the product. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in...
JVN#36993373: SmallPICT vulnerable to cross-site scripting
SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...
JVN#31860555: twicca fails to restrict access permissions
twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...
JVN#76515037: PukiWiki Plus! vulnerable to cross-site scripting
PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...
JVN#48839888: Nikki vulnerable to OS command injection
Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of the web server. Solution Update the software Update to the latest version according to the...
JVN#76662040: Clipboard contents alteration vulnerability in Grani
Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard ma...
JVN#60969543 HL-SiteManager vulnerable to SQL injection
HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Do not use HL-SiteManager As patches will not be provided, users are...
JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...