5625 matches found
JVN#45134765: Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries
Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...
JVN#96321933: Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM
DENSHI NYUSATSU CORE SYSTEM provided by Japan Construction Information Center contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2022-41993 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...
JVN#27951364: WL-Enq (WEB Enquete) vulnerable to OS command injection
WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS commands with the administrative privilege. Solution Consider stop using WL-Enq 1.12 Sin...
JVN#26847507: Multiple vulnerabilities in "Custom Body Class"
WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
JVN#33677949: Installer of Mapping Tool may insecurely load Dynamic Link Libraries
Installer of Mapping Tool provided by Japan Atomic Energy Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...
JVN#84182676: Multiple vulnerabilities in H2O
H2O is an open source web server software. H2O contains multiple vulnerabilities listed below. A Denial-of-service DoS due to a flaw in processing HTTP/1 header CWE-20 - CVE-2017-10868 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS...
JVN#11601216: Installer of "Security Kinou Mihariban" may insecurely load Dynamic Link Libraries
Installer of "Security Kinou Mihariban" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...
JVN#63012325: The installer of e-Tax Software may insecurely load Dynamic Link Libraries
The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, arbitrary co...
JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection
Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...
JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service
Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...
JVN#12737530: UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. Impact An attacker may cause system down and reboot of the products by sending a specially crafted command. Solution Update the Software Update to the...
JVN#17127920: Smart TV Box fails to restrict access permissions
Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if...
JVN#58010349: WordPress plugin "spam-byebye" vulnerable to cross-site scripting
The WordPress plugin "spam-byebye" contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who can access the setup page of the affected plugin. Solution Update the plugin Update the plugin according to the...
JVN#25385698: Cybozu Garoon access restriction bypass vulnerability
Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability CWE-284. Impact An attacker who can access the product may bypass authentication of Single sign-on function and view the information which is available only for sign-on users. Solution...
JVN#89767228: Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners
Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2018-0688 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N|...
JVN#15201064: Multiple vulnerabilities in CG-WGR1200
CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)
GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interface via port 8001. The administrative web interface uses a version of the Apache HTTP server which...
JVN#21298724: Hitachi Virtual File Platform vulnerable to OS command injection
Hitachi Virtual File Platform provided by Hitachi contains an OS command injection vulnerability CWE-78 due to a flaw in processing parameters of the HTTP requests. Impact A remote attacker who can log in to the product may execute an arbitrary OS command with root privilege. Solution Update the...
JVN#53910556: Multiple cross-site scripting vulnerabilities in multiple PHP Factory products
Multiple products provided by PHP Factory contain multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability CWE-79 - CVE-2021-20723 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.7 CVSS v2|...
JVN#71263107: Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points
Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-1400 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#98115035: Android App "ELECOM File Manager" vulnerable to directory traversal
Android App "ELECOM File Manager" provided by ELECOM CO.,LTD. contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting the compressed files. Impact A remote attacker may create an arbitrary file or overwrite an existing file in a directo...
JVN#77634892: mailform vulnerable to PHP code execution
mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. Impact Arbitrary PHP code may be executed on the server where the product is running. Solution...
JVN#98975951: Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting
Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the developer...
JVN#98295787: Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1
Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below. Improper Access Restriction CWE-284 - CVE-2017-10900 Version| Vector| Score ---|---|--- CVSS v3|...
JVN#51176027: Python SimpleHTTPServer vulnerable to cross-site scripting
The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. According to the developer, this issue exists only when using Internet Explorer 7. Solution Update the software Update to the latest version...
JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE
Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...
JVN#38034268: あすけん App for Android fails to restrict custom URL schemes properly
あすけん App for Android by asken Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an arbitra...
JVN#35906450: Multiple vulnerabilities in acmailer
acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...
JVN#52962201: Multiple vulnerabilities in RICOH printers
Multiple RICOH printers contain multiple vulnerabilities listed below. Information Disclosure CWE-200 - CVE-CVE-2019-14301 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 6.5 CVSS v2| AV:A/AC:L/Au:N/C:P/I:N/A:N| Base Score: 3.3 Improper Access...
JVN#49068796: Multiple MOTEX products vulnerable to privilege escalation
LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Impact An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. Solution Update the Software Update to the latest versi...
JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting
The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
JVN#45494523: MQTT.js issue in handling PUBLISH packets
MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Impact Receiving a large number of packets from an MQTT broker may result in a denial-of-service DoS condition. Solution Update MQTT.js and rebuild the application Developers of...
JVN#79546124: OpenAM (Open Source Edition) vulnerable to authentication bypass
OpenAM Open Source Edition contains an authentication bypass vulnerability. Impact A user may bypass login authentication and access contents for which permissions are not granted. Solution Apply the Patch Patch for this vulnerabiity has been released by Open Source Solution Technology Corporatio...
JVN#21627267: Microsoft IME may insecurely load Dynamic Link Libraries
Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not exist by...
JVN#95457785: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Improper...
JVN#90729322: Hibernate ORM vulnerable to SQL injection
Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produce...
JVN#73472345: GRANDIT vulnerable to session management
GRANDIT provided by GRANDIT CORPORATION contains a vulnerability in session management CWE-639. Impact A user who can access to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution Apply the Patch Apply the appropriate patch according to th...
JVN#02921757: Multiple Trend Micro products vulnerable to denial-of-service (DoS)
Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service DoS vulnerability CWE-400. Impact An attacker may disable Premium Security 2019 for...
JVN#18420340: Multiple vulnerabilities in BOOK WALKER for Windows/Mac
BOOK WALKER for Windows/Mac provided by BOOK WALKER Co.,Ltd. are applications to view e-books. Installer of BOOK WALKER for Windows contains a vulnerabirity, which may lead to insecurely loading Dynamic Link Libraries. Also BOOK WALKER for Windows/Mac contain a vulnerability which may lead to...
JVN#23367475: Wi-Fi STATION L-02F vulnerable to buffer overflow
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability CWE-121. Impact Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege. Solution Apply an Upda...
JVN#36303528: Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries
The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be...
JVN#14926025: Installer of ”Flets Install Tool” may insecurely load Dynamic Link Libraries
Installer of "Flets Install Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installe...
JVN#65273415: Android OS issue where it is affected by the CRIME attack
The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of the unencrypted data. When this function is enabled on both the client and server, it results in a vulnerability where plaintext HTTP...
JVN#96561229: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance. Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below. OS command injection in the web console CWE-78 - CVE-2022-29516 Version| Vector| Score...
JVN#34364599: Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery
Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the firmware According to the developer, the fixed firmware for this...
JVN#85942151: mailform vulnerable to cross-site scripting
mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of an administrator who is accessing a website using mailform...
JVN#32155106: Multiple vulnerabilities in i-FILTER
i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...
JVN#92220486: The installer of PhishWall Client Internet Explorer edition may insecurely load Dynamic Link Libraries
PhishWall Client Internet Explorer edition provided by SecureBrain Corporation is anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer edition contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...
JVN#01161596: Safari vulnerable to script injection
Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output...
JVN#97243511: Installer of ”Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries
Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...