FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

Overview FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Encrypted files in self-decryption forma...

JVN#42031953: FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Version| Vector| Score ---|---|--- CVSS v3|...

Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Overview Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#02852421: Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the...

Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries

Overview Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated...

JVN#81676004: Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries

Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries

Overview File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

JVN#29939155: Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries

File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

Microsoft IME may insecurely load Dynamic Link Libraries

Overview Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not...

Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries

Overview Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Self-extracting archive files created by Lhaz or Lhaz+ insecurely load Dynamic Link Libraries CWE-427 ...

JVN#21369452: Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries

Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS...

JVN#21627267: Microsoft IME may insecurely load Dynamic Link Libraries

Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not exist by...

WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal

Overview The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability CWE-22 in the Examples page. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary local files o...

JVN#63249051: WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal

The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability CWE-22 in the Examples page. Impact Arbitrary local files on the server may be accessed by a logged-in user. Solution Update the Software Update to the latest version according to the information provided by t...

Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries

Overview Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and BlackWingCat of Pink...

Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries

Overview The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting

Overview The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

MFC-J960DWN vulnerable to cross-site request forgery

Overview MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#39819446: WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting

The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

JVN#20409270: Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries

The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege o...

JVN#95996423: MFC-J960DWN vulnerable to cross-site request forgery

MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, unintended operations such as changing settings of the device may be performed. Solution Apply a Workaroun...

JVN#82120115: Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries

Installer of Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be executed on the logged-in user's web browser. Solution Upda...

Cybozu Garoon vulnerable to session fixation

Overview Cybozu Garoon provided by Cybozu, Inc. contains a session fixation. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A remote unauthenticated attacker may perform unintended operation with the logged-in user's privilege. Solution...

Cybozu Garoon fails to restrict access permission

Overview Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction. Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact When a logged-in user accesses ...

Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries

Overview The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability...

JVN#06337557: Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries

The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the us...

JVN#43534286: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper access restriction CWE-284 - CVE-2017-2144 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:P| Base Score: 4.0...

Cross-site Scripting Vulnerability in multiple Hitachi products

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor...

Multiple Vulnerabilities in Hitachi IT Operations Director and JP1/IT Desktop Management

Overview A cross-site scripting and an XML external entity XXE vulnerability have been found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager. Impact An attacker may conduct a cross-site scripting attack and a XML external entity XXE...

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview A vulnerability CVE-2016-8743 exists in Cosminexus HTTP Server and Hitachi Web Server. Impact An attacker may have unspecified impact. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries

Overview Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications...

Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries

Overview Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and Eili Masami of Tachibana Lab. reported this...

JVN#45134765: Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries

Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...

JVN#23389212: Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries

Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the...

Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Overview Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. BlackWingCat of Pink Flying Whale reported this vulnerability to IPA...

Non-documented developer's screen in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains non-documented developer's screen. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Hard-coded credentials vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains hard-coded credentials. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Improper access control vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains improper access control. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

JVN#21174546: Marp vulnerable to improper access control in JavaScript execution

Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Impact When reading specially crafted Markdown contents, local files may be accessed and leaked to an external...

JVN#79451345: Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

JVN#85901441: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Non-documented developer's screen CWE-912 - CVE-2017-2234 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.4 CVSS v2|...

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Overview Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this...

JVN#01775119: Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running...

Installer of Charamin OMP may insecurely load Dynamic Link Libraries

Overview The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#09293613: Installer of Charamin OMP may insecurely load Dynamic Link Libraries

The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

[Simeji for Windows] installer may insecurely load Dynamic Link Libraries

Overview Simeji for Windows installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

HOME SPOT CUBE2 vulnerable to improper authentication in WebUI

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains improper authentication in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...