5625 matches found
OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
Improper access control vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains improper access control. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
HOME SPOT CUBE2 vulnerable to buffer overflow in WebUI
Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains buffer overflow in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
HOME SPOT CUBE2 vulnerable to OS command injection in clock settings
Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in clock settings. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Source code security studying tool iCodeChecker vulnerable to cross-site scripting
Overview Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...
Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries
Overview Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
Overview Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this...
The installer of PatchJGD(Hyoko) provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Overview The installer of PatchJGDHyoko PatchJGDh101.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...
AppCheck may insecurely invoke an executable file
Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...
Installer of SaAT Netizen may insecurely load Dynamic Link Libraries
Overview The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
RW-4040 driver installer may insecurely load Dynamic Link Libraries
Overview RW-4040 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reporte...
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability. Note that this vulnerability is different from JVN85512750. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported...
FlashAir do not set credential information in PhotoShare
Overview FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wirele...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The DNS forwarder, the PPP Access Concentrator L2TP and the MeasureiPerf server function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Internet Initiative Japan Inc. reported th...
Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
Overview Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN62392065. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
WN-G300R3 vulnerable to stack based buffer overflow
Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Vulnerability in JP1/Cm2/Network Node Manager i
Overview A vulnerability CVE-2016-4397 exists in JP1/Cm2/Network Node Manager i. Impact An attacker may have unspecified impact. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Cybozu KUNAI for Android information management vulnerability
Overview Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default. Cybozu KUNAI for Android contains an issu...
OneThird CMS vulnerable to cross-site scripting
Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Note that this vulnerability is different from JVN49408248. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication...
WBCE CMS vulnerable to cross-site scripting
Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains a cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
Nessus vulnerable to cross-site scripting
Overview Nessus contains a stored cross-site scripting CWE-79 vulnerability in handling .nessus files. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitra...
Arbitrary file upload vulnerability in GigaCC OFFICE
Overview GigaCC OFFICE provided by WAM!NET Japan K.K. contains a vulnerability where arbitrary files may be uploaded. WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated...
Mis-configuration of Apache Velocity template engine used to send emails in GigaCC OFFICE
Overview GigaCC OFFICE provided by WAM!NET Japan K.K. contains mis-configuration of Apache Velocity template engine which is used to send emails. WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and...
AttacheCase vulnerable to directory traversal
Overview AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Kazuki Furukawa reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Cybozu Garoon fails to restrict access permission in To-Dos of Space function
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in To-Dos of Space function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...
Cybozu Garoon fails to restrict access permission in the RSS settings
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the RSS settings. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...
Cybozu Garoon vulnerable to SQL injection
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability CWE-89 due to an issue in "MultiReport" function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...
Cybozu Garoon vulnerable to cross-site request forgery
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability CWE-352. Yasuda Yuya reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability CWE-79 due to an issue in "Messages" function of Cybozu Garoon Keitai. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
Mutiple SONY Videoconference Systems do not properly perform authentication
Overview Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device CWE-306. This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with...
ManageEngine Password Manager Pro vulnerable to cross-site request forgery
Overview ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability. ManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability CWE-352. CWE-352: Cross-Site Request Forgery CSRF...
WNC01WH vulnerable to directory traversal due to an issue in processing POST request
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
WNC01WH vulnerable to directory traversal due to an issue in processing commands
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing commands. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
WNC01WH vulnerable to stored cross-site scripting
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
WNC01WH vulnerable to cross-site request forgery
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a cross-site request forgery vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Multiple I-O DATA network camera products vulnerable to buffer overflow
Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Multiple I-O DATA network camera products vulnerable to OS command injection
Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
CG-WLR300NX vulnerable to cross-site request forgery
Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability CWE-352. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Multiple I-O DATA network camera products vulnerable to information disclosure
Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability CWE-200. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Command injection vulnerability in WFS-SR01
Overview WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its soluti...
The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT...
Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
Overview 7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this...
SQL injection vulnerability in WordPress plugin WP-OliveCart
Overview WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains an SQL injection vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under information...
Cross-site scripting vulnerability in WordPress plugin WP-OliveCart
Overview WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site scripting vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...
The installer of e-Tax Software may insecurely load Dynamic Link Libraries
Overview The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...
SetucoCMS vulnerable to denial-of-service (DoS)
Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains denial-of-service DoS vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact A remot...
SetucoCMS vulnerable to code injection
Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact Arbitrary code...
Cybozu Office vulnerable to Reflected File Download (RFD)
Overview Cybozu Office contains a Reflected File Download RFD vulnerability. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...
Cybozu Office vulnerable to denial-of-service (DoS)
Overview Cybozu Office contains a denial-of-service DoS vulnerability. Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...