5609 matches found
Multiple vulnerabilities in WZR-1750DHP2
Overview WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0554 Buffer Overflow CWE-119 - CVE-2018-0555 OS Command Injection CWE-78 - CVE-2018-0556 Taizoh...
JVN#72589538: LXR vulnerable to OS command injection
LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Impact On a server where the product is running, a remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#93397125: Multiple vulnerabilities in WZR-1750DHP2
WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0554 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...
iRemoconWiFi App for Android fails to verify SSL server certificates
Overview iRemoconWiFi App for Android provided by Glamo Inc. fails to verify SSL server certificates. Seigo Yamamoto of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attac...
JVN#43382653: iRemoconWiFi App for Android fails to verify SSL server certificates
iRemoconWiFi App for Android provided by Glamo Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by th...
The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries
Overview PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loadin...
JVN#39896275: The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries
PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic...
WebProxy vulnerable to directory traversal
Overview WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held...
TinyFTP Daemon vulnerable to buffer overflow
Overview TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that an...
ViX may insecurely load Dynamic Link Libraries
Overview ViX provided by KOKADA is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file CWE-427. During the meeting of Committee for authorizing the...
PHP 2chBBS vulnerable to cross-site scripting
Overview PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing...
ArsenoL vulnerable to cross-site scripting
Overview ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed wh...
QQQ SYSTEMS vulnerable to arbitrary command injection
Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that ...
QQQ SYSTEMS vulnerable to cross-site scripting
Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Note...
QQQ SYSTEMS vulnerable to cross-site scripting
Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on...
QQQ SYSTEMS vulnerable to cross-site scripting
Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on t...
JVN#64990648: QQQ SYSTEMS vulnerable to cross-site scripting
QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user's...
JVN#30864198: ArsenoL vulnerable to cross-site scripting
ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed when the...
JVN#96655441: QQQ SYSTEMS vulnerable to cross-site scripting
QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user...
JVN#87226910: WebProxy vulnerable to directory traversal
WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. Impact A remote attacker may create an arbitrary file on the server where the product is running. Solution...
JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection
QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. Impact An attacker may execute an arbitrary OS command with the web server's execution privilege. Solution Consider stop using QQQ SYTEMS 2.24 Sinc...
JVN#56764650: ViX may insecurely load Dynamic Link Libraries
ViX provided by K_OKADA is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file CWE-427. Impact Arbitrary code may be executed with the privileges of the...
JVN#48774168: PHP 2chBBS vulnerable to cross-site scripting
PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. Impact Due to this vulnerability, a victim being tricked...
JVN#92259864: TinyFTP Daemon vulnerable to buffer overflow
TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. Impact An attacker may be able to cause a denial-of-service DoS condition or execute arbitrary code. Solution Consider stop using Tiny FTP Daemon...
JVN#46471407: QQQ SYSTEMS vulnerable to cross-site scripting
QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Impact Due to...
Multiple vulnerabilities in CG-WGR1200
Overview CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Buffer Overflow CWE-78 - CVE-2017-10853 Authentication bypass CWE-306 - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure...
JVN#15201064: Multiple vulnerabilities in CG-WGR1200
CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
WordPress plugin "WP All Import" vulnerable to cross-site scripting
Overview The WordPress plugin "WP All Import" provided by Soflyy contains a reflected cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN33527174. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with...
WordPress plugin "WP All Import" vulnerable to cross-site scripting
Overview The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Note that this vulnerability is different from JVN60032768. Mardan Muhidin of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...
JVN#33527174: WordPress plugin "WP All Import" vulnerable to cross-site scripting
The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
JVN#60032768: WordPress plugin "WP All Import" vulnerable to cross-site scripting
The WordPress plugin "WP All Import" provided by Soflyy contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...
Installer of WinShot may insecurely load Dynamic Link Libraries
Overview Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Installer of JTrim may insecurely load Dynamic Link Libraries
Overview Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#01837169: Installer of WinShot may insecurely load Dynamic Link Libraries
Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format WinShot When using WinShot, download the...
JVN#71816327: Installer of JTrim may insecurely load Dynamic Link Libraries
Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format JTrim When using JTrim, download the ZIP fi...
Multiple vulnerabilities in Jubatus
Overview Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Directory traversal CWE-22 - CVE-2018-0525 Symantec Japan, Inc. Advisory Services Team reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#56132776: Multiple vulnerabilities in Jubatus
Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 5.6 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score: 6.8 Directory...
Multiple vulnerabilities in WXR-1900DHP2
Overview WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Buffer Overflow CWE-119 - CVE-2018-0522 OS Command Injection CWE-78 - CVE-2018-0523 Taizoh...
JVN#97144273: Multiple vulnerabilities in WXR-1900DHP2
WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...
Multiple vulnerabilities in FS010W
Overview FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Cross-site request forgery CWE-352 - CVE-2018-0520 Manabu Kobayashi reported these vulnerabilities to IPA. JPCERT/CC...
LINE for iOS fails to verify SSL server certificates
Overview LINE for iOS provided by LINE Corporation fails to verify SSL server certificates due to the vulnerability existed in the Third Party SDK which is incorporated in the application. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
JVN#83834277: Multiple vulnerabilities in FS010W
FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...
JVN#75453852: LINE for iOS fails to verify SSL server certificates
LINE for iOS provided by LINE Corporation fails to verify SSL server certificates due to the vulnerability existed in the Third Party SDK which is incorporated in the application. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. According to the...
Insecure DLL Loading issue in multiple Trend Micro products
Overview Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other...
JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products
Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...
XXE Vulnerability in Hitachi Device Manager
Overview An XXE XML External Entity Vulnerability was found in Hitachi Device Manager. This vulnerability only affects the Linux cluster environment. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section fo...
Multiple Vulnerabilities in Hitachi Command Suite
Overview Multiple vulnerabilities have been found in Hitachi Command Suite. Cross-site Scripting Open Redirect Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries
Overview Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...
Installer of "FLET'S Azukeru Backup Tool" may insecurely load Dynamic Link Libraries
Overview "FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to...
JVN#04564808: Installer of ”FLET'S Azukeru Backup Tool” may insecurely load Dynamic Link Libraries
"FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to insecurel...