5625 matches found
Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads
Overview Joomla! plugin "AcyMailing" allows an unauthenticated user to upload arbitrary files CWE-434. qw3rTyTy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary PHP code may be executed. Solution...
JVN#56890693: Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads
Joomla! plugin "AcyMailing" allows an unauthenticated user to upload arbitrary files CWE-434. Impact Arbitrary PHP code may be executed. Solution Update the plugin Update the plugin according to the information provided by the developer. Products Affected AcyMailing versions prior to 6.9.2...
Multiple Yamaha network devices vulnerable to denial-of-service (DoS)
Overview Multiple network devices provided by Yamaha Corporation contain a denial-of-service DoS vulnerability. NIWA Naoya of Amano Lab, Dept. of Information and Computer Science, Faculty of Science and Technology, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port
Overview MELSOFT transmission port UDP/IP of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue CWE-400. When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does...
JVN#38732359: Multiple Yamaha network devices vulnerable to denial-of-service (DoS)
Multiple network devices provided by Yamaha Corporation contain a denial-of-service DoS vulnerability CWE-400 due to an issue in processing received packets. Impact A remote attacker may be able to cause a denial-of-service DoS condition. Solution Update the firmware Update to the latest version ...
WL-Enq (WEB Enquete) vulnerable to OS command injection
Overview WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was...
WL-Enq (WEB Enquete) vulnerable to cross-site scripting
Overview WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judg...
Keijiban Tsumiki vulnerable to OS command injection
Overview Keijiban Tsumiki provided by Mash room - Free CGI - is a CGI to provide Bulletin Board System BBS functions. Keijiban Tsumiki contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on Januar...
mailform vulnerable to cross-site scripting
Overview mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it...
mailform vulnerable to PHP code execution
Overview mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. During the meeting of Committee for authorizing the disclosure of unresolved...
Multiple vulnerabilities in Shihonkanri Plus GOOUT
Overview Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter...
Shihonkanri Plus GOOUT vulnerable to OS command injection
Overview Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains an OS command injection CWE-78 vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held...
CuteNews vulnerable to cross-site scripting
Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...
Cute News vulnerable to PHP code execution
Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...
JVN#77634892: mailform vulnerable to PHP code execution
mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. Impact Arbitrary PHP code may be executed on the server where the product is running. Solution...
JVN#85942151: mailform vulnerable to cross-site scripting
mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of an administrator who is accessing a website using mailform...
JVN#88277644: Keijiban Tsumiki vulenrable to OS command injection
Keijiban Tsumiki provided by Mash room - Free CGI - is a CGI to provide Bulletin Board System BBS functions. Keijiban Tsumiki contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Consider stop using Keijiban Tsumiki v1.15...
JVN#29095127: CuteNews vulnerable to cross-site scripting
Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user with a login privilege to the website that uses Cute News while accessing the website. Solution...
JVN#88033799: WL-Enq (WEB Enquete) vulnerable to cross-site scripting
WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses WL-Enq WEB Enquete. Solution...
JVN#27951364: WL-Enq (WEB Enquete) vulnerable to OS command injection
WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS commands with the administrative privilege. Solution Consider stop using WL-Enq 1.12 Sin...
JVN#32415420: Multiple vulnerabiliteis in Shihonkanri Plus GOOUT
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter. Directory...
JVN#58176087: Cute News vulnerable to PHP code execution
Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. Impact A user who can login to CuteNews may execute arbitrary PHP code. Solution Consider stop using Cute News 2.1.2 Since the developer was unreachable, existence of any...
JVN#63834780: Shihonkanri Plus GOOUT vulnerable to OS command injection
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains an OS command injection CWE-78 vulnerability. Impact A remote attacker may execute an arbitrary OS command. Solution Consider stop using Shihonkanri Plu...
Cross-site Scripting Vulnerability in JP1/Performance Management - Manager [Web Console]
Overview A Cross-site Scripting Vulnerability was found in JP1/Performance Management - Manager Web Console. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure an...
Improper LDAPS Certificate Validation in Hitachi Ops Center Common Services
Overview Improper certificate validation in Hitachi Ops Center Common Services. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Multiple vulnerabilities in OpenBlocks IoT VX2
Overview OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities. Masahiro Murashima and Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#19666251: Multiple vulnerabilities in OpenBlocks IoT VX2
OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5535 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| Base Score:...
GRANDIT vulnerable to session management
Overview GRANDIT provided by GRANDIT CORPORATION contains a vulnerability in session management CWE-639. Kazuki Mitobe of FUJISOFT INCORPORATED reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user who can...
JVN#73472345: GRANDIT vulnerable to session management
GRANDIT provided by GRANDIT CORPORATION contains a vulnerability in session management CWE-639. Impact A user who can access to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution Apply the Patch Apply the appropriate patch according to th...
Improper Authentication Vulnerability in RICOH printers
Overview Multiple RICOH printers contain Improper Authentication Vulnerability CWE-287. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impac...
Improper Access Control Vulnerability in RICOH printers
Overview Multiple RICOH printers contain Improper Access Control CWE-284. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who c...
Privilege escalation vulnerability in multiple RICOH printer drivers
Overview Multiple RICOH printer drivers contain a privilege escalation vulnerability. RICOH COMPANY, LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Name of company/Organization coordinated under the Information Security Early Warning...
Cross-site Request Forgery Vulnerability in RICOH printers
Overview Multiple RICOH printers contain Cross-site Request Forgery CWE-352. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact If a user...
Information Disclosure Vulnerability in RICOH printers
Overview Multiple RICOH printers contain Information Disclosure CWE-200. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who ca...
JVN#52962201: Multiple vulnerabilities in RICOH printers
Multiple RICOH printers contain multiple vulnerabilities listed below. Information Disclosure CWE-200 - CVE-CVE-2019-14301 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 6.5 CVSS v2| AV:A/AC:L/Au:N/C:P/I:N/A:N| Base Score: 3.3 Improper Access...
JVN#15697526: Privilege escalation vulnerability in multiple RICOH printer drivers
Multiple RICOH printer drivers contain a privilege escalation vulnerability. Impact If a user who can login to the computer where the affected printer driver is installed uses the specially crafted printer driver, that may result in administrative privileges being taken by privilege escalation...
Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS
Overview Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in UPnP function CWE-78 - CVE-2020-5524 OS command injection vulnerability in management screen CWE-78 -...
Multiple vulnerabilities in Aterm WG2600HS
Overview Aterm WG2600HS provided by NEC Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2020-5533 OS command injection CWE-78 - CVE-2020-5534 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...
JVN#49410695: Multiple vulnerabilities in Aterm WG2600HS
Aterm WG2600HS provided by NEC Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2020-5533 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 OS...
JVN#25766797: Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS
Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in UPnP function CWE-78 - CVE-2020-5524 Version| Vector| Score ---|---|--- CVSS v3|...
WordPress Plugin "Easy Property Listings" vulnerable to cross-site request forgery
Overview WordPress Plugin "Easy Property Listings" provided by Merv Barrett contains a cross-site request forgery vulnerability CWE-352. Rei Nakahara of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to the...
Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000
Overview MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called "URGENT/11" in TCP/IP function IPnet of VxWorks, a real-time OS distributed by Wind River. Q24DHCCPU-V and Q24DHCCPU-VG Buffer...
JVN#89259622: WordPress Plugin "Easy Property Listings" vulnerable to cross-site request forgery
WordPress Plugin "Easy Property Listings" provided by Merv Barrett contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the informatio...
Security information for Hitachi Disk Array Systems
Overview A cross site scripting vulnerability exists in the SVPStorage Navigator of the Hitachi disk array system. Impact Regerding the impact df the vulnerablilty, please refer to the ventor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...
ilbo App vulnerable to authentication bypass
Overview ilbo App provided by EXTRUN Ltd. contains an authentication bypass vulnerability CWE-287. Impact A user who can login to ilbo App may view the images which were recorded by the other user's ilbo device. Solution Update the Application Update to the latest version according to the...
Multiple Trend Micro products vulnerable to denial-of-service (DoS)
Overview Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service DoS vulnerability CWE-400. BlackWingCat of Pink Flying Whale reported this...
JVN#02921757: Multiple Trend Micro products vulnerable to denial-of-service (DoS)
Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service DoS vulnerability CWE-400. Impact An attacker may disable Premium Security 2019 for...
JVN#35496038: ilbo App vulnerable to authentication bypass
ilbo App provided by EXTRUN Ltd. contains an authentication bypass vulnerability CWE-287. Impact A user who can login to ilbo App may view the images which were recorded by the other user's ilbo device. Solution Update the Application Update to the latest version according to the information...
HtmlUnit vulenerable to arbitrary code execution
Overview HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine. Mozilla Rhino engine offers a feature to make Java objects available from JavaScript. HtmlUnit initializes Rhino engine...