5625 matches found
JVN#33214411: i-FILTER vulnerable to improper check for certificate revocation
i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation CWE-299 . Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the software and add settings Update the software to the latest version...
JVN#67396225: CSV+ vulnerable to cross-site scripting
CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Impact If a CSV file containing a tag is loaded and the link is clicked by the user of the software, an arbitrary script or OS command may be executed. Solution Update the Software Update...
JVN#68066589: WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting
WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Impact An arbitrary script may be executed on the web browser of the user who is accessing t...
JVN#20870477: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...
JVN#82619692: Access CX App fails to verify SSL server certificates
Access CX App provided by NISSAN SECURITIES CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...
JVN#86200862: Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries
7-ZIP32.DLL is an open source library for compressing and decompressing 7z and zip format files. It can also create self-extracting archive files. Self-extracting archive files created by 7-ZIP32.DLL contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...
JVN#87662835: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Impact If a user accesses a malicious web page, arbitrary code may be...
JVN#39008927: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in,...
JVN#81618356: CubeCart vulnerable to directory traversal
CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. Impact A local file on the server may be accessed by a remote attacker. Solution Update the Software Update to the latest version according ...
JVN#50197114: smalruby-editor vulnerable to OS command injection
smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...
JVN#19241292: Cybozu Remote Service Manager fails to verify client certificates
Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager fails to verify client certificates. Impact A user may access internal web systems that do not allow access from external network. A...
JVN#28151745: Sleipnir for Mac vulnerable to URL spoofing
Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Impact The displayed URL may be forged to conduct phishing attacks. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#05493467: Simple keitai chat vulnerable to cross-site scripting
Simple keitai chat provided by LEMON-S PHP contains reflected and stored cross-site scripting vulnerabilities CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Simple keitai chat Simple keitai chat is no longer being developed or maintained. It is...
JVN#10092452: Cybozu Office vulnerable to denial-of-service (DoS)
Cybozu Office contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS that consumes system resources. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cybozu...
JVN#11288252: Cybozu Office vulnerable to Reflected File Download (RFD)
Cybozu Office contains a Reflected File Download RFD vulnerability. Impact If a user accesess a malicious page while logged in, unintended files may be downloaded. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...
JVN#94816361: YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)
YoruFukurou NightOwl is a Twitter client application for OS X. YoruFukurou uses OS X API CTFramesetter to render text contents. CTFramesetter has a problem in processing a certain emoji character sequence, which may cause YoruFukurou to crash. This problem was verified on OS X v10.9 Mavericks. Th...
JVN#30260727: Sushiro App fails to verify SSL server certificates
Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...
JVN#95082904: WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the develope...
JVN#26921563: JOB-CUBE vulnerable to cross-site scripting
JOB-CUBE provided by WEBSQUARE Co.,Ltd. is software to build websites. JOB-CUBE contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the administrator's web browser. Solution Update the Software Update to the latest version according to the informati...
JVN#49225722: Multiple Buffalo network devices vulnerable to cross-site scripting
Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the firmware Update the firmware according to the information provided by the developer. Products Affecte...
JVN#51349622: CG-WLBARGS does not properly perform authentication
CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Impact An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed. Solution Apply a Workaroun...
JVN#70083512: Web Analytics Service vulnerable to cross-site scripting
The JavaScript module for using Web Analytics Service which was provided by NTT DATA Smart Sourcing Corporation contains a cross-site scripting vulnerability CWE-79 due to a flaw in escaping process. According to the developer, this script was distributed from 26 November, 2003 to 9 July, 2013...
JVN#29141986: Gurunavi App for iOS fails to verify SSL server certificates
Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#53973084: HTML::Scrubber vulnerable to cross-site scripting
HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Impact If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...
JVN#29053368: Yodobashi App for Android fails to verify SSL server certificates
Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information...
JVN#46674982: yoyaku_v41 vulnerable to arbitrary file creation
yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the serve...
JVN#09758120: Cacti vulnerable to cross-site scripting
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on th...
JVN#52478686: MilkyStep vulnerable to SQL injection
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...
JVN#20879350: MilkyStep vulnerable to cross-site scripting
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...
JVN#74547976: Fumy Teacher's Schedule Board vulnerable to cross-site scripting
Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest...
JVN#34790526: checkpw vulnerable to denial-of-service (DoS)
checkpw is a password authentication program. checkpw contains a denial-of-service DoS vulnerability due to a flaw in processing account names CWE-400. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update to the latest version according to the...
JVN#73261710: C-BOARD Moyuku vulnerable to arbitrary file creation
C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact A remote attacker creating arbitrary files may result in arbitrary code execution on the server. Solution Update the Software Update to the lates...
JVN#13566542: Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Note that this vulnerability was caused due to an incomplete fix of JVN10319260...
JVN#06302787: OS command injection vulnerability in multiple FUJITSU Android devices
Multiple FUJITSU Android devices contain an OS command injection vulnerability. Impact An attacker with local access may obtain root privileges and execute arbitrary OS commands. Solution Apply an Update Apply the appropriate update according to the information provided by the provider. Products...
JVN#04895240: SEIL Series routers vulnerable to denial-of-service (DoS)
The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Impact By receiving a specially crafted packet, the device may be...
JVN#14691234: Multiple Cybozu products vulnerable to buffer overflow
Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version according to the information provided by the developer...
JVN#66285408: Aflax vulnerable to cross-site scripting
Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Aflax According t...
JVN#48270605: Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...
JVN#85748534: PerlMailer vulnerable to cross-site scripting
PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
JVN#48805624: Usermin vulnerable to OS command injection
Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Impact When a user that is logged into Usermin performs a specific action, an arbitrary command may be executed. Solution Update the software Update to the latest version according to...
JVN#58029817: C-BOARD Moyuku vulnerable to cross-site scripting
C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Produc...
JVN#54650130: SOY CMS vulnerable to cross-site scripting
SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is an open source content management system CMS. SOY CMS contains a cross-site scripting vulnerability. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on the user's web browser. Solution App...
JVN#87797318: XooNIps vulnerable to cross-site scripting
XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...
JVN#17849447: EC-CUBE vulnerable to information alteration
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. Impact User's information may be altered by other user who visits the shopping site. Solution Apply the update or the patch Apply the update or the patch...
JVN#81706478: Cybozu Garoon Keitai vulnerable to authentication bypass
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may be bypasse...
JVN#06377589: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update or the patch Apply the update or the patch according to the...
JVN#11221613: EC-CUBE vulnerable to cross-site request forgery
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Apply the update or the patch Apply the upda...
JVN#12513975: TOWN (modified version) vulnerable to cross-site scripting
TOWN modified version provided by Tattyan's HP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...
JVN#07192063: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...
JVN#99813183: Galapagos Browser vulnerable in the WebView class
Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Do not use Galapagos...