5625 matches found
JVN#61543834 EC-CUBE cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected EC-CUBE v1.0.0 and earlier For more information, refer to the vendor's website...
JVN#42386607: Assimp vulnerable to heap-based buffer overflow
PlyLoader.cpp of Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Impact An attacker may execute arbitrary code by importing a specially crafted file into the product. Solution Update the Software Update the software to the latest version...
JVN#22182715: Redmine DMSF Plugin vulnerable to path traversal
Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability CWE-22. Impact When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server within the privilege of the Redmine process. Solution...
JVN#70640802: "ABEMA" App for Android fails to restrict access permissions
"ABEMA" App for Android provided by AbemaTV, Inc. fails to restrict access permissions CWE-926 that allows another app installed on the user's device to access an arbitrary URL on "ABEMA" App via Intent. Impact An arbitrary website may be displayed on the app, and as a result, the user may become...
JVN#35928117: Protection mechanism failure in RevoWorks
RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. enable users to execute web browsers in the sandboxed environment isolated from the client's local environment. In the products, file exchange between the sandboxed environment and local environment is prohibited in...
JVN#77736613: Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
"Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposu...
JVN#37857022: Improper restriction of XML external entity references (XXE) in Applicant Programme
Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the latest...
JVN#00971105: WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting
WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" provided by TMS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in the WordPress where the product is installed. Solution...
JVN#60211811: Redmine vulnerable to cross-site scripting
Redmine contains a cross-site scripting vulnerability CWE-79 caused by improper Textile processing. Impact An arbitrary script may be executed on the web browser of the user using the product. Solution Update the Software Update the software to the latest version according to the information...
JVN#44721267: Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries
Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the lates...
JVN#16690037: Multiple cross-site scripting vulnerabilities in php_mailform
phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base...
JVN#78980598: Apache ActiveMQ vulnerable to cross-site scripting
Apache ActiveMQ provided by the Apache Software Foundation is a middleware that implements Java Message Service. Apache ActiveMQ contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update t...
JVN#72559412: ManageEngine ServiceDesk Plus uses an insecure method for cookie generation
ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus uses an insecure method for generating cookies. Impact If an attacker obtains a user's cookie, the password contained in the cookie can be easily guessed. Solution Update the software...
JVN#24409899: CG-WLBARAGM vulnerable to denial-of-service (DoS)
CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service DoS vulnerability. Impact An unauthenticated remote attacker may cause the product to reboot. Solution Apply a Workaround The following workarounds may mitigate the affects of this vulnerability...
JVN#25674893: WN-GDN/R3 Series does not limit authentication attempts
WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perform a brute...
JVN#89965717: WL-330NUL vulnerable to cross-site scripting
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update the firmware to the latest version according to the...
JVN#34780384: Kirby vulnerable to arbitrary file creation
Kirby is a content management system CMS. Kirby contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact An arbitrary file created by a logged in attacker may result in arbitrary PHP code being executed on the server. Solution Update the Software Update to the...
JVN#58020495: Research Artisan Lite vulnerable to cross-site scripting
Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Impact There are two attack scenarios. 1. If a user views a malicious web page, an arbitrary script may be executed on the...
JVN#67520407: EasyCTF vulnerable to arbitrary file creation
EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-22. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the server. Solution Update the...
JVN#71903938: bBlog vulnerable to cross-site request forgery
bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to stop using...
JVN#97281747: WordPress theme flashy vulnerable to cross-site scripting
flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use flashy flashy is no longer being developed or maintained. It is recommended to stop using flashy. Products Affected flas...
JVN#77294617: AL-Mail32 vulnerable to directory traversal
AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a directory traversal vulnerability due to a flaw in processing attachments. Impact Processing an attachment with a specially crafted file name may result in creation of an arbitrary file or an overwrite of...
JVN#61637002: Dotclear vulnerable to cross-site scripting
Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Impact If a user views a crafted page while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the infomration...
JVN#92737498: Usermin vulnerable to cross-site scripting
Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser who is logged into Usermin. Solution Update the software Update to the latest version according to the information...
JVN#55438786: Content Provider in CamiApp for Android fails to restrict access permissions
The Content Provider in CamiApp for Android provided by KOKUYO S&T Co.,Ltd. contains an issue where access permissions are not restricted. Impact If a user of the affected product uses another malicious Android application, information stored in the database may be obtained or altered. Solution...
JVN#02017463: Norman Security Suite vulnerable to privilege escalation
Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability. Impact An attacker with access to the target machine may obtain escalated privileges and execute arbitrary code. Solution Apply an Update Apply the update according to the...
JVN#07354844: Safari information disclosure vulnerability
Safari contains an information disclosure vulnerability caused the by the improper handling of XML files. Impact When opening a specially crafted XML file as a local file, the contents of another local file may be disclosed. Solution Update the software Update to the latest version according to t...
JVN#40498018: WordPress vulnerable to arbitrary PHP code execution
WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...
JVN#80081509: Nikki vulnerable to directory traversal
Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by...
JVN#96839637: La Fonera+ vulnerable to denial-of-service (DoS)
La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service DoS vulnerability. Impact An attacker who can communicate with La Fonera+ directly may cause a denial-of-service DoS. Solution Update the firmware Update to the latest firmware version according to the...
JVN#20982938: Multiple Things CGI products vulnerable to cross-site scripting
BBS and BBS Thread provided by Things are bulletin board software. BBS and BBS Thread contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided...
JVN#19173793: Ichitaro series vulnerable to arbitrary code execution
The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...
JVN#82752978: Lhaplus may insecurely load dynamic libraries
Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain DLL's when files are extracted. Lhaplus contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with...
JVN#06874657 OpenPNE authentication bypass vulnerability
OpenPNE is an open source SNS Social Networking Service software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range limitation function that may lead to an authentication bypass...
JVN#01245481 Redmine vulnerable to cross-site scripting
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...
JVN#84899898 MP Form Mail CGI vulnerability allows third party to gain administrative privileges
MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of MP Form Mail CGI...
JVN#16767117 Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras
The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables. Impact A remote attacker cou...
JVN#67334580 hisa_cart information disclosure vulnerability
hisacart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisacart contains a vulnerability allowing the disclosure of users' information. Impact A remote attacker could obtain information of registered users. Solution Update the Software An update is being distributed to...
JVN#27417220 mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...
JVN#33706820 Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting
Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the...
JVN#19795972: FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability
Impact The third party could view the contents of self-decoding files and obtain the passwords used for the encryption of the files. Solution Products Affected All version levels of FENCE-Pro excluding V5 V5L01 Systemwalker Desktop Encryption: V12.0L10, V12.0L10A, V12.0L10B, V12.0L20, V13.0.0 For...
JVN#74294680 Winny buffer overflow vulnerability
Impact If a remote attacker sends a malicious packet, Winny will crash. It is publicly reported that arbitrary code may be executed with the privilege running Winny. Solution Products Affected Winny 2.0 b7.1 and earlier As of May 25, 2006, exploit information is publicly available. Currently we a...
JVN#67001206 Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
Impact A malicious script may be executed on the user's web browser. Furthermore, a combination of the vulnerabilities can be exploited to create a new user with administrative privileges when a FreeStyleWiki administrator logs into it with administrative privileges and views a Wiki page which is...
GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow
Overview GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability. Stack-based buffer overflow in pop3wallpasswd command CWE-121 - CVE-2026-32661 This can be exploited only when the product is configured to run pop3wallpasswd with grdnwww user privilege T...
JVN#82536398: Multiple vulnerabilities in Quick Agent
Quick Agent provided by SIOS Technology, Inc. is a Windows application for the following Ricoh MFPs' multifunction printers scan solutions. Quick Scan Easy FAX Speedoc Smart eco FAX Quick Agent contains multiple vulnerabilities listed below. Path traversal vulnerability in the file upload functio...
JVN#39026557: Multiple vulnerabilities in PowerCMS
PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-29993 The product improperly processes HTTP headers. Dependency on vulnerable third-party component CWE-1395 jQuery Validation...
JVN#23528780: "Yahoo! JAPAN" App vulnerable to cross-site scripting
"Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the WebView of "Yahoo! JAPAN" App via other app installed on the user's device. Solution Update the application Update the application to the latest...
JVN#18715935: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
JVN#42527152: "FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
"FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly CWE-703. When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the...
JVN#62111727: Pleasanter vulnerable to cross-site scripting
Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software or apply the patch Update the software to the latest version according to the information provided by...