5625 matches found
JVN#71263107: Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points
Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-1400 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#49704918: mod_auth_openidc vulnerable to denial-of-service (DoS)
modauthopenidc provided by ZmartZone is an OpenID Connect's Relying Party module for Apache HTTP Server. This module contains a denial-of-service DoS vulnerability CWE-400. Impact A remote attacker may cause a denial-of-service DoS condition. Solution Update the software Update to the latest...
Multiple vulnerabilities in KonaWiki2
Overview KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below. SQL Injection CWE-89 - CVE-2021-20720 Unrestricted upload of file with dangerous type CWE-434 - CVE-2021-20721 apple502j reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
RFNTPS vulnerable to OS command injection
Overview RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Tomoomi Iwata of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#13076220: RFNTPS vulnerable to OS command injection
RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Impact A user on the same LAN who can access the product may execute an arbitrary OS command with root privilege. Solution Update the Firmware Updat...
JVN#34232719: Multiple vulnerabilities in KonaWiki2
KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below. SQL Injection CWE-89 - CVE-2021-20720 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Unrestricted upload...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild...
JVN#97554111: EC-CUBE vulnerable to cross-site scripting
EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild. Impact If a...
Multiple Buffalo network devices contain hidden functionality
Overview Multiple network devices provided by BUFFALO INC. contain hidden functionality CWE-912 that allows an attacker to enable the debug option. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact A network-adjacent attacker...
Multiple vulnerabilities in Buffalo broadband routers
Overview Multiple broadband routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Disclosure of sensitive information to an unauthorized user CWE-200 - CVE-2021-3511 Improper access control CWE-284 - CVE-2021-3512 Chuya Hayakawa of 00One, Inc. reported this vulnerability...
WordPress plugin "WP Fastest Cache" vulnerable to directory traversal
Overview WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was report...
Hot Pepper Gourmet App fails to restrict access permissions
Overview Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execut...
JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions
Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...
JVN#35240327: WordPress plugin "WP Fastest Cache" vulnerable to directory traversal
WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a user with an administrative privilege. Solution Update the plugin Update the plugin according to the information provided by the...
yappa-ng vulnerable to cross-site scripting
Overview yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During...
JVN#55833077: yappa-ng vulnerable to cross-site scripting
yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An...
Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
Gurunavi Apps fail to restrict access permissions
Overview Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access...
JVN#54025691: Gurunavi Apps fail to restrict access permissions
Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Impact A...
Information Disclosure Vulnerability in Cosminexus
Overview An Information Disclosure Vulnerability was found in Cosminexus. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Vulnerability in JP1/VERITAS
Overview A vulnerability exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
D-Link DAP-1880AC contains multiple vulnerabilities
Overview DAP-1880AC provided by D-Link Japan K.K. contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-20694 Improper privilege management CWE-269 - CVE-2021-20695 OS command injection CWE-78 - CVE-2021-20696 Missing authentication for critical function CWE-3...
Multiple vulnerabilities in multiple Aterm products
Overview Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 OS command injection via UPnP CWE-78 - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...
Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Overview Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Improper Validation of Integrity Check Value CWE-3...
JVN#29739718: Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Version| Vector| Score ---|---|--- CVSS v3|...
JVN#67456944: Multiple vulnerabilities in multiple Aterm products
Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score...
Archive collectively operation utility vulnerable to directory traversal
Overview Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. apple502j reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#73236007: Archive collectively operation utility vulnerable to directory traversal
Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. Impact By expanding a malicious ZIP archive, arbitrary files may be created or overwritten with the...
Multiple vulnerabilities in baserCMS
Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...
JVN#64869876: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...
rNote vulnerable to cross-site scripting
Overview rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an advisory for this...
Yomi-Search vulnerable to cross-site scripting
Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During the meeting of Committee for authorizing the disclosure of unresolv...
Yomi-Search vulnerable to cross-site scripting
Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...
Yomi-Search vulnerable to cross-site scripting
Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...
Click Ranker vulnerable to cross-site scripting
Overview Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January...
Kagemai vulnerable to cross-site request forgery
Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privileg...
Kagemai vulnerable to cross-site scripting
Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...
Kagemai vulnerable to cross-site scripting
Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...
MagazinegerZ vulnerable to cross-site scripting
Overview MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the...
JVN#68244135: rNote vulnerable to cross-site scripting
rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing an website that uses rNote. Solution Consider stop using rNote 0.9.7.5 Since the...
JVN#83042295: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...
JVN#37179202: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...
JVN#94705238: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An arbitrary script may be executed on the web browser of the user who is...
JVN#93207949: Click Ranker vulnerable to cross-site scripting
Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Click...
JVN#12559271: Kagemai vulnerable to cross-site scripting
Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Consider sto...
JVN#11438679: Kagemai vulnerable to cross-site request forgery
Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privilege views a...
JVN#42220311: Kagemai vulnerable to cross-site scripting
Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user who can...
JVN#97370614: MagazinegerZ vulnerable to cross-site scripting
MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...
UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
Overview Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinate...
JVN#12737530: UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. Impact An attacker may cause system down and reboot of the products by sending a specially crafted command. Solution Update the Software Update to the...