5625 matches found
OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Hard-coded credentials vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains hard-coded credentials. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Improper access control vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains improper access control. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#79451345: Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...
JVN#21174546: Marp vulnerable to improper access control in JavaScript execution
Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Impact When reading specially crafted Markdown contents, local files may be accessed and leaked to an external...
JVN#85901441: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway
Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Non-documented developer's screen CWE-912 - CVE-2017-2234 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.4 CVSS v2|...
Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries
Overview Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this...
JVN#01775119: Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries
Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running...
Installer of Charamin OMP may insecurely load Dynamic Link Libraries
Overview The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#09293613: Installer of Charamin OMP may insecurely load Dynamic Link Libraries
The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...
[Simeji for Windows] installer may insecurely load Dynamic Link Libraries
Overview Simeji for Windows installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
HOME SPOT CUBE2 vulnerable to improper authentication in WebUI
Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains improper authentication in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
HOME SPOT CUBE2 vulnerable to OS command injection in WebUI
Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
HOME SPOT CUBE2 vulnerable to buffer overflow in WebUI
Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains buffer overflow in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
HOME SPOT CUBE2 vulnerable to OS command injection in clock settings
Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in clock settings. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Multiple I-O DATA network camera products vulnerable to cross-site request forgery
Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability CWE-352. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting
Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script ma...
JVN#65411235: Multiple I-O DATA network camera products vulnerable to cross-site request forgery
Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Apply the appropriate firmware update...
JVN#24348065: Multiple vulnerabilities in HOME SPOT CUBE2
HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains multiple vulnerabilities listed below. OS command injection in Clock Settings CWE-78 - CVE-2017-2183 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score...
JVN#73550134: WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting
The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...
WordPress plugin "WP Job Manager" fails to restrict access permissions
Overview The WordPress plugin "WP Job Manager" provided by Automattic Inc. fails to restrict access permissions. Katsunori Kumagai of Kumasan, LLC. reported this issue to IPA under Information Security Early Warning Partnership. Impact A remote unauthenticated attacker may upload an image file to...
JVN#56787058: WordPress plugin "WP Job Manager" fails to restrict access permissions
The WordPress plugin "WP Job Manager" provided by Automattic Inc. fails to restrict access permissions. Impact A remote unauthenticated attacker may upload an image file to the server. Solution Update the plugin Update the plugin according to the information provided by the developer. According t...
Source code security studying tool iCodeChecker vulnerable to cross-site scripting
Overview Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...
WordPress plugin "WP-Members" vulnerable to cross-site scripting
Overview The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on a logged in...
Open redirect vulnerability in WordPress plugin "WordPress Download Manager"
Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains an open redirect vulnerability CWE-601. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"
Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries
Overview Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#51355647: WordPress plugin "WP-Members" vulnerable to cross-site scripting
The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. Products Affected WP-Members...
JVN#94771799: Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries
Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Do not use Installer of QuickTime for Windows T...
JVN#25078144: Source code security studying tool iCodeChecker vulnerable to cross-site scripting
Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Source code security studying tool...
JVN#79738260: Multiple vulnerabilities in WordPress plugin "WordPress Download Manager"
The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2216 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
Overview Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Note that this vulnerability is different from JVN7551446...
Cybozu KUNAI for Android vulnerable to cross-site scripting
Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...
JVN#56588965: Cybozu KUNAI for Android vulnerable to cross-site scripting
Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#27198823: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Impact This vulnerability can be exploited when the following...
Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries
Overview "Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation"contains an issue with the DLL search path, which may lead to insecurely loading...
Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries
Overview Installer of Denshinouhin Check System for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale...
Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
Overview Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this...
JVN#34508179: Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries
"Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Li...
JVN#65154137: Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries
Installer of Denshinouhin Check System for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...
JVN#67305782: Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking t...
The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...
The installer of TKY2JGD provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Overview The installer of TKY2JGD TKY2JGD1379.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...
The installer of PatchJGD(Hyoko) provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Overview The installer of PatchJGDHyoko PatchJGDh101.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...
The installer of PatchJGD provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Overview The installer of PatchJGD PatchJGD101.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...
JVN#52691241: Multiple installers of the software provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Multiple installers of the software provided by Geospatial Information Authority of Japan GSI contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...
JVN#31236539: [Simeji for Windows(β)] installer may insecurely load Dynamic Link Libraries
Simeji for Windowsβ installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Do not use Simeji for...
AppCheck may insecurely invoke an executable file
Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...
JVN#99737748: AppCheck may insecurely invoke an executable file
AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...