5609 matches found
Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
Gurunavi Apps fail to restrict access permissions
Overview Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access...
JVN#54025691: Gurunavi Apps fail to restrict access permissions
Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Impact A...
Information Disclosure Vulnerability in Cosminexus
Overview An Information Disclosure Vulnerability was found in Cosminexus. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Vulnerability in JP1/VERITAS
Overview A vulnerability exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
D-Link DAP-1880AC contains multiple vulnerabilities
Overview DAP-1880AC provided by D-Link Japan K.K. contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-20694 Improper privilege management CWE-269 - CVE-2021-20695 OS command injection CWE-78 - CVE-2021-20696 Missing authentication for critical function CWE-3...
Multiple vulnerabilities in multiple Aterm products
Overview Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 OS command injection via UPnP CWE-78 - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...
Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Overview Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Improper Validation of Integrity Check Value CWE-3...
JVN#67456944: Multiple vulnerabilities in multiple Aterm products
Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score...
JVN#29739718: Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Version| Vector| Score ---|---|--- CVSS v3|...
Archive collectively operation utility vulnerable to directory traversal
Overview Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. apple502j reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#73236007: Archive collectively operation utility vulnerable to directory traversal
Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. Impact By expanding a malicious ZIP archive, arbitrary files may be created or overwritten with the...
Multiple vulnerabilities in baserCMS
Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...
JVN#64869876: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...
rNote vulnerable to cross-site scripting
Overview rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an advisory for this...
Yomi-Search vulnerable to cross-site scripting
Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During the meeting of Committee for authorizing the disclosure of unresolv...
Yomi-Search vulnerable to cross-site scripting
Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...
Yomi-Search vulnerable to cross-site scripting
Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...
Click Ranker vulnerable to cross-site scripting
Overview Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January...
Kagemai vulnerable to cross-site request forgery
Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privileg...
Kagemai vulnerable to cross-site scripting
Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...
Kagemai vulnerable to cross-site scripting
Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...
MagazinegerZ vulnerable to cross-site scripting
Overview MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the...
JVN#12559271: Kagemai vulnerable to cross-site scripting
Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Consider sto...
JVN#93207949: Click Ranker vulnerable to cross-site scripting
Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Click...
JVN#97370614: MagazinegerZ vulnerable to cross-site scripting
MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...
JVN#68244135: rNote vulnerable to cross-site scripting
rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing an website that uses rNote. Solution Consider stop using rNote 0.9.7.5 Since the...
JVN#83042295: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...
JVN#37179202: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...
JVN#11438679: Kagemai vulnerable to cross-site request forgery
Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privilege views a...
JVN#42220311: Kagemai vulnerable to cross-site scripting
Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user who can...
JVN#94705238: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An arbitrary script may be executed on the web browser of the user who is...
UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
Overview Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinate...
JVN#12737530: UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. Impact An attacker may cause system down and reboot of the products by sending a specially crafted command. Solution Update the Software Update to the...
Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
Overview Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service DoS vulnerability. Masahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
JVN#37607293: Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service DoS vulnerability. Impact An attacker may cause the products to be terminated by sending a specially crafted command. In order to restart the products, the physical power button on the devices must be...
WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection
Overview WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to JPCERT/CC, and...
JVN#08191557: WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection
WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access Paid Membership Pro may obtain and/or alter the information stored in the database. Solution Update the plugin Update the plugin according to the information provided by the...
Multiple vulnerabilities in Cybozu Office
Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...
JVN#45797538: Multiple vulnerabilities in Cybozu Office
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...
M-System DL8 contains multiple vulnerabilities
Overview DL8 provided by M-System contains the following vulnerabilities: Denial-of-Service CWE-400 - CVE-2021-20675 Improper Access Control CWE-284 - CVE-2021-20676 CVE-2021-20675 Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC...
JVN#47497535: M-System DL8 contains multiple vulnerabilities
DL8 provided by M-System contains the following vulnerabilities: Denial-of-Service CWE-400 - CVE-2021-20675 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:N/I:N/A:C| Base Score: 6.8 Improper Access Control CWE-28...
Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
Overview Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Yuji Tounai of Mitsui Bussan Secure Directions, Inc...
JVN#18056666: Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Impact Arbitrary code may be executed with the privilege of the...
Multiple cross-site scripting vulnerabilities in GROWI
Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Stored cross-site scripting vulnerability in Admin Page CWE-79...
JVN#86438134: Multiple cross-site scripting vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Version| Vector| Score ---|---|--- CVSS v3|...
Multiple vulnerabilities in GROWI
Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 - CVE-2021-20667 Path Traversal CWE-22 - CVE-2021-20668 Path Traversal CWE-22 - CVE-2021-20669 Improper Access Control CWE-284 - CVE-2021-20670 Improper Input Validation CWE-...
Trend Micro Security (Consumer) vulnerable to code injection
Overview Trend Micro Security Consumer provided by Trend Micro Incorporated contains a code injection vulnerability CWE-94. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker who obtained administrative privileges may...
The installers of E START products may insecurely load Dynamic Link Libraries
Overview The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268...
JVN#68418039: The installers of E START products may insecurely load Dynamic Link Libraries
The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268. Impact...