5625 matches found
JVN#23389212: Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries
Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the...
JVN#01611135: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Impact SSH access may become unavailable until the next reboot when receiving a specially crafted packet after a SSH...
JVN#25435092: Apache Struts vulnerable to cross-site scripting
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update t...
JVN#34145838: Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service DoS vulnerabilities listed below. Denial-of-service DoS vulnerability in FTP service CWE-400 - CVE-2023-41963 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|...
JVN#14706307: Multiple vulnerabilities in a-blog cms
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24374 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score: 3.5...
JVN#25850723: GU App for Android fails to restrict access permissions
GU App for Android provided by G.U. CO., LTD. contains an access restriction bypass issue CWE-939. The App launched by a Custom URL Scheme may lead an user to access an arbitrary URL. Impact A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, if t...
JVN#78254777: Installer of Overwolf may insecurely load Dynamic Link Libraries
Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Impact Arbitrary code may be...
JVN#86438134: Multiple cross-site scripting vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Version| Vector| Score ---|---|--- CVSS v3|...
JVN#41853173: OS command injection vulnerability in multiple Infoscience Corporation log management tools
Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value handling in...
JVN#67881316: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-0569 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVS...
JVN#67389262: Qt for Android vulnerable to OS command injection
Qt for Android provided by The Qt Company contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version of software according to the information provided by the developer. Apply the...
JVN#73141967: PWR-Q200 vulnerable to DNS cache poisoning attacks
PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port CWE-330. Impact The DNS responses spoofed by a remote attacker may result in any device on the LAN...
JVN#14658424: Cybozu Office fails to restrict access permissions
Cybozu Office provided by Cybozu, Inc. fails to restrict access permissions CWE-284 due to an issue in "Cabinet" function. Impact A user who can login to Cybozu Office may perform arbitrary operations to the folder where the user does not have acces with its privilege. Solution Update the Softwar...
JVN#63249051: WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal
The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability CWE-22 in the Examples page. Impact Arbitrary local files on the server may be accessed by a logged-in user. Solution Update the Software Update to the latest version according to the information provided by t...
JVN#56588965: Cybozu KUNAI for Android vulnerable to cross-site scripting
Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#24692261: hitSuji (rktSNS2) vulnetable to cross-site scripting
hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using hitSuji rktSNS2 0.2.2b Since the developer was unreachable,...
JVN#73568461: PHP for Windows vulnerable to OS command injection
PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Impact Specifying a specially crafted parameter in the escapeshellarg function may result in an arbitrary OS command being executed. Solution Apply the patch Apply the patch according to the...
JVN#02596643: 3DM (3ware Disk Manager) vulnerable to directory traversal
3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files. Solution Use 3DM2 The developer states that the development of 3DM is discontinued and there are no plans for 3DM to be modified. U...
JVN#33593387 KDDI sample CGI download program directory traversal vulnerability
A sample CGI download program is included with KDDI's EZFactory for downloading and saving data such as images and ringtones to EZweb compatible cellular phones. A directory traversal vulnerability exists in this program. Impact A remote anauthenticated attacker could access files on the server...
JVN#81442045: Multiple vulnerabilities in multiple Webmin products
Multiple Webmin products contain multiple vulnerabilities listed below. sysinfo.cgi is vulnerable to cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-36450 sessionlogin.cgi is vulnerable to cross-site scripting CWE-79...
JVN#86484824: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above. Impact A...
JVN#45473612: Multiple vulnerabilities in CentreCOM AR260S V2
CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#17482543: Multiple vulnerabilities in multiple ELECOM LAN routers
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2022-21173 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:C/I:C/A:C| Base...
JVN#64064138: ATOM - Smart life App vulnerable to improper server certificate verification
ATOM - Smart life App provided by ATOM tech Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update the application to the latest version...
JVN#43969166: Apache Struts 2 vulnerable to remote code execution (S2-061)
Apache Struts 2 provided by The Apache Software Foundation contains a remote code execution vulnerability due to improper input validation CWE-20. Impact A remote attacker may execute arbitrary code. Solution Update the software Update the software to the latest version according to the informati...
JVN#08386386: WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting
The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according t...
JVN#56132776: Multiple vulnerabilities in Jubatus
Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 5.6 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score: 6.8 Directory...
JVN#94056834: Installer of HIBUN Confidential File Viewer may insecurely load Dynamic Link Libraries and invoke executable files
Installer of HIBUN Confidential File Viewer provided by Hitachi Solutions, Ltd. contains an issue with the search path for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact Arbitrary code may be executed with the...
JVN#87760109: Nessus vulnerable to cross-site scripting
Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found and fixed in Ness...
JVN#27691264: Opera Mini / Opera Mobile for Android vulnerable in the WebView class
Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Impact If a user of the affected product uses another malicious Android application, information managed by the product may be disclosed. Solution...
JVN#28869536: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail CWE-231 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API CWE-201...
JVN#82074338: Multiple vulnerabilities in NEC Aterm series
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...
JVN#38343415: Multiple vulnerabilities in Aterm series
Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-3330 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.6 CVSS v2| AV:A/AC:M/Au:S/C:P/I:N/A:N| Base Score: 2.3...
JVN#97127032: WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a remote attacker. Solution Update the plugin Update the plugin according to the information provided by the developer...
JVN#42866574: Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Version| Vector| Score ---|---|--- CVSS v2| AV:N/AC:L/Au:N/C:C/I:C/A:C| Base Score:10.0 CVSS v3|...
JVN#94244575: Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the Self-Extracting files. Solution Update t...
JVN#28806943: Multiple vulnerabilities in Movable Type
Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. HTML attribute value injection vulnerability CWE-74 - CVE-2020-5574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N...
JVN#46471407: QQQ SYSTEMS vulnerable to cross-site scripting
QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Impact Due to...
JVN#83834277: Multiple vulnerabilities in FS010W
FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...
JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products
Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...
JVN#58909026: HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the user running HIBUN Confidential File...
JVN#27198823: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Impact This vulnerability can be exploited when the following...
JVN#89379547: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. Impact Processing a specially crafted request may result in the server's CPU resources to be exhausted. Solution Apply the update...
JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...
JVN#95727578: Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
Real-time Video Transmission Gear "IP series" provided by Fujitsu Limited uses a hard-coded credentials CWE-798 . The product's credentials for factory testing may be obtained by reverse engineering and others. Impact An attacker who log in to the web interface using the obtained credentials may...
JVN#95792402: WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting
WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" provided by Vektor,Inc. contain multiple cross-site scripting vulnerabilities CWE-79 listed below. Cross-site scripting vulnerability in Tag edit function - CVE-2023-27923 Version| Vector| Score ---|---|--- CVSS v3|...
JVN#57942445: EC-CUBE fails to restrict access permissions
EC-CUBE provided by EC-CUBE CO.,LTD. fails to restrict access permissions CWE-284 . Impact A remote attacker may obtain sensitive information. Solution Update the Softwere Update the software according to the information provided by the developer. The developer has released EC-CUBE 4.0.6-p1 that...
JVN#91691168: goo blog App fails to restrict custom URL schemes properly
goo blog App by NTT Resonant Incorporated provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-284 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
JVN#65733194: The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries
The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...
JVN#59779918: Apache Cordova Plugin camera vulnerable to information exposure
Apache Cordova Plugin camera is a plugin for Apache Cordova applications, which provides an API for taking pictures and for choosing images from the system image library. Vulnerable versions of Apache Cordova Plugin camera, when used in Android applications, use the external storage on the device...