5625 matches found
JVN#96165722: WordPress plugin "WP Booking System" vulnerable to cross-site scripting
The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin according to...
PrimeDrive Desktop Application Installer may insecurely load executable files
Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Eili Masami of...
JVN#16248227: PrimeDrive Desktop Application Installer may insecurely load executable files
PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Impact Arbitrary code may be...
The installer of SOY CMS vulnerable to cross-site scripting
Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this...
SOY CMS vulnerable to directory traversal
Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
JVN#51819749: SOY CMS vulnerable to directory traversal
SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. Impact An authenticated attacker may execute arbitrary PHP code on the server. Solution Updat...
JVN#51978169: The installer of SOY CMS vulnerable to cross-site scripting
SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Impact When a user accesses a malicious page that leads to where the SOY CMS...
The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Note that this...
Nessus vulnerable to cross-site scripting
Overview Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CWE-79 CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found a...
JVN#87760109: Nessus vulnerable to cross-site scripting
Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found and fixed in Ness...
JVN#39605485: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...
Installer of Vivaldi for Windows may insecurely load executable files
Overview The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#71572107: Installer of Vivaldi for Windows may insecurely load executable files
The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest...
WNC01WH vulnerable to OS command injection
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability CWE-78. Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...
JVN#48790793: WNC01WH vulnerable to OS command injection
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an authenticated attacker. Solution Update the Firmware Update to the latest version of firmware according to the information...
Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries
Overview Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...
WordPress plugin "Booking Calendar" vulnerable to cross-site scripting
Overview The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/C...
WordPress plugin "Booking Calendar" vulnerable to directory traversal
Overview The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A local file outside of th...
Hoozin Viewer vulnerable to buffer overflow
Overview Hoozin Viewer provided by ICON CORPORATION contains a buffer overflow vulnerability CWE-121. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page, arbitrary...
JVN#54762089: WordPress plugin "Booking Calendar" vulnerable to cross-site scripting
The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the Software Update to the latest...
JVN#18739672: WordPress plugin "Booking Calendar" vulnerable to directory traversal
The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability CWE-22. Impact A local file outside of the application on the server may be accessed by a remote attacker. Solution Update the Software Update to the latest version according to the...
JVN#93931029: Hoozin Viewer vulnerable to buffer overflow
Hoozin Viewer provided by ICON CORPORATION contains a buffer overflow vulnerability CWE-121. Impact If a user views a malicious page, arbitrary code may be executed. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...
JVN#54268888: Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries
Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the user running the application. Solution...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The DNS forwarder, the PPP Access Concentrator L2TP and the MeasureiPerf server function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Internet Initiative Japan Inc. reported th...
JVN#86171513: SEIL Series routers vulnerable to denial-of-service (DoS)
The DNS forwarder, the PPP Access Concentrator L2TP and the MeasureiPerf server function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Impact Receiving a specially crafted packet may...
NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
Overview ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for...
JVN#08740778: NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for SOAP...
Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
Overview Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...
WN-AC1167GR vulnerable to cross-site scripting
Overview WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#05340816: Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installe...
JVN#01537659: WN-AC1167GR vulnerable to cross-site scripting
WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Impact If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Firmware...
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN62392065. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Note that this vulnerability is different from JVN77253951. Gen Sato of Mitsui Bussan Secure...
JVN#62392065: WordPress plugin "WP Statistics" vulnerable to cross-site scripting
The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by th...
JVN#77253951: WordPress plugin "WP Statistics" vulnerable to cross-site scripting
The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the plugin Update the plugin accordi...
The API in Cybozu Office vulnerable to denial-of-service (DoS)
Overview The API in Cybozu Office contains a denial-of-service DoS vulnerability. Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. Impact A...
Cybozu Office fails to restrict access permission in the templates delete function in "customapp"
Overview Cybozu Office contains an access restriction flaw in the templates delete function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...
Cybozu Office fails to restrict access permission in the file export function in "customapp"
Overview Cybozu Office contains an access restriction flaw in the file export function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...
The design setting screen in Cybozu Office vulnerable to cross-site scripting
Overview The design setting screen in Cybozu Office contains a cross-site scripting vulnerability. Kazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...
ASSETBASE vulnerable to cross-site scripting
Overview ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#17535578: Multiple vulnerabilities in Cybozu Office
Cybozu Office contains multiple vulnerabilities listed below. Cross-site scripting in the design setting screen CWE-79 - CVE-2017-2114 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0...
JVN#82019695: ASSETBASE vulnerable to cross-site scripting
ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the Software Update to the latest...
CS-Cart Japanese Edition vulnerable to cross-site request forgery
Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery CWE-352 vulnerability. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
CS-Cart Japanese Edition fails to restrict access permissions
Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a reflected cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
CS-Cart Japanese Edition fails to restrict access permissions
Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Note that this vulnerability is different from JVN14396697. Hirota Kazuki of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/C...
WN-G300R3 vulnerable to stack based buffer overflow
Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
WN-G300R3 vulnerable to OS command injection
Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#81024552: Multiple vulnerabilities in WN-G300R3
WN-G300R3 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2141 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...
JVN#87770873: CS-Cart Japanese Edition vulnerable to cross-site request forgery
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery CWE-352 vulnerability. Impact If a consumer views a malicious page while logged in, an unintended item may be purchased. Solution Update the Software Update to the latest...