5609 matches found
Junos OS vulnerable to cross-site scripting
Overview Junos OS contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...
JVN#07375820: Junos OS vulnerable to directory traversal
Junos OS contains a directory traversal vulnerability CWE-22. Impact Files on the server may be viewed or deleted by an authenticated J-web user. According to the developer, this issue does not affect system files that can be accessed only by root user. Solution Update the Software Update the...
JVN#21753370: Junos OS vulnerable to cross-site scripting
Junos OS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's J-Web screen. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Apply a Workaround Applying...
F-RevoCRM vulnerable to cross-site scripting
Overview F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying t...
JVN#97325754: F-RevoCRM vulnerable to cross-site scripting
F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying the...
Multiple Vulnerabilities in Hitachi Automation Director
Overview Multiple vulnerabilities have been found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
Overview Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. We would like to thank Piotr Madej ING Tech Poland for reporting the relevant issues. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory...
DoS Vulnerability in Hitachi Compute Systems Manager
Overview A DoS vulnerability was found in Hitachi Compute Systems Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Multiple vulnerabilities in a-blog cms
Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Script injection due to a flaw in processing cookie CWE-74 - CVE-2019-6034 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this...
JVN#10377257: Multiple vulnerabilities in a-blog cms
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3...
Android App "NTV News24" fails to verify SSL server certificates
Overview Android App "NTV News24" provided by Nippon Television Network Corporation fails to verify SSL server certificates CWE-295. Shinnosuke Tokusho of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA...
JVN#01236065: Android App "NTV News24" fails to verify SSL server certificates
Android App "NTV News24" provided by Nippon Television Network Corporation fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to th...
Multiple vulnerabilities in Cybozu Office
Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...
JVN#79854355: Multiple vulnerabilities in Cybozu Office
Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N| Base Score: 7.7 CVSS v2|...
Athenz vulnerable to open redirect
Overview Athenz provided by Verizon Media contains an open redirect vulnerability CWE-601. Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a specially crafted URL, the user may b...
Multiple vulnerabilities in "Custom Body Class"
Overview WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Cross-site Request Forgery CWE-352 - CVE-2019-6030 Shirai Masatake of Cryptography Laboratory,Department of Information and Communicati...
JVN#57070811: Athenz vulnerable to open redirect
Athenz provided by Verizon Media contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software to...
JVN#26847507: Multiple vulnerabilities in "Custom Body Class"
WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
Kinza vulnerable to cross-site scripting
Overview Kinza provided by Dayz Inc. contains a cross-site scripting vulnerability CWE-79. RyotaK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If CSP Content Security Policy on the affected product is...
JVN#63047298: Kinza vulnerable to cross-site scripting
Kinza provided by Dayz Inc. contains a cross-site scripting vulnerability CWE-79. Impact If CSP Content Security Policy on the affected product is disabled, an arbitrary script may be executed on the web browser of the user who uses RSS reader. Solution Update the Software Update to the latest...
Multiple MOTEX products vulnerable to privilege escalation
Overview LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki Mitch Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#49068796: Multiple MOTEX products vulnerable to privilege escalation
LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Impact An user who can login to the PC where the vulnerable product is installed may obtain unauthorized privileges and execute arbitrary code. Solution Update the Software Update to the latest versi...
STAMP Workbench installer may insecurely load Dynamic Link Libraries
Overview STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely...
WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery
Overview WordPress Plugin "WP Spell Check" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Takuya Yamaguchi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities...
JVN#19386781: STAMP Workbench installer may insecurely load Dynamic Link Libraries
STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading...
JVN#26838191: WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery
WordPress Plugin "WP Spell Check" provided by WP Spell Check contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...
Movable Type vulnerable to open redirect
Overview Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...
JVN#65280626: Movable Type vulnerable to open redirect
Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the...
Arbitrary File Deletion Vulnerability in Hitachi Command Suite
Overview An arbitrary file deletion vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
DoS Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
Overview A DoS vulnerability was found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
Information Disclosure Vulnerability in Hitachi Command Suite
Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Rakuma App vulnerable to authentication information disclosure
Overview Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#41566067: Rakuma App vulnerable to authentication information disclosure
Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Impact If a malicious application created by the third party with a purpose to attack a Rakuma user is installed in the Rakuma user's mobile device, it may obtain Rakuma user's...
Trend Micro OfficeScan vulnerable to directory traversal
Overview Trend Micro OfficeScan contains a directory traversal vulnerability CWE-22. If this vulnerability is exploited, an authenticated user on the administrative console of the affected product may upload an arbitrary zip file to the specific folder, then extract and execute it. Trend Micro...
Library Information Management System LIMEDIO vulnerable to open redirect
Overview Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability CWE-601. Takeshi Imai of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#45633549: Library Information Management System LIMEDIO vulnerable to open redirect
Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solutio...
PowerCMS vulnerable to open redirect
Overview PowerCMS provided by Alfasado Inc. contains an open redirect vulnerability CWE-601. Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...
JVN#34634458: PowerCMS vulnerable to open redirect
PowerCMS provided by Alfasado Inc. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software t...
Multiple Vulnerabilities in Hitachi Global Link Manager
Overview Multiple vulnerabilities have been found in Hitachi Global Link Manager. Cross-site Scripting DoS Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Overview A vulnerability CVE-2019-10092 exists in Cosminexus HTTP Server and Hitachi Web Server. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...
NetCommons3 vulnerable to cross-site scripting
Overview NetCommons3 provided by The NetCommons Project contains a cross-site scripting vulnerability CWE-79. Toshiki Sasazaki of Waseda University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...
JVN#74530672: NetCommons3 vulnerable to cross-site scripting
NetCommons3 provided by The NetCommons Project contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"
Overview WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 SQL Injection CWE-89 - CVE-2019-6012 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...
JVN#14776551: Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"
WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
Multiple OS command injection vulnerabilities in DBA-1510P
Overview DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in Command Line Interface CLI CWE-78 - CVE-2019-6013 OS command injection vulnerability in Web User Interface CWE-78 - CVE-2019-6014 Katsuhiko...
Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"
Overview EC-CUBE module "REMISE Payment module 2.11, 2.12 and 2.13" provided by REMISE Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2019-6016 Information disclosure CWE-200 - CVE-2019-6017 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported...
JVN#59436681: Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"
EC-CUBE module "REMISE Payment module 2.11, 2.12 and 2.13" provided by REMISE Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2019-6016 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#95875796: Multiple OS command injection vulnerabilities in DBA-1510P
DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in Command Line Interface CLI CWE-78 - CVE-2019-6013 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score...
FON routers may behave as an open resolver
Overview FON routers contain an issue where they may behave as open resolvers. A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver". FON routers contain an issue where they may behave as open resolvers. Hideyoshi Okazaki of ARTERI...
Multiple integer overflow vulnerabilities in LINE(Android)
Overview LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Integer overflow vulnerability in processing images - CVE-2019-6010 LINE Corporation...