5609 matches found
Access restriction bypass to delete DBM files in Cybozu Dezie
Overview Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to delete DBM Cybozu Dezie proprietary format files. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under th...
Access restriction bypass to download DBM files in Cybozu Dezie
Overview Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to download DBM Cybozu Dezie proprietary format files. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under...
JVN#16781735: Multiple access restriction bypass vulnerabilities in Cybozu Dezie
Cybozu Dezie contains multiple access restriction bypass vulnerabilities listed below. Access restriction bypass to download DBM files - CVE-2016-7832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Bas...
The Bank of Tokyo-Mitsubishi UFJ for Android vulnerable to SSL/TLS downgrade attack
Overview The Bank of Tokyo-Mitsubishi UFJ for Android may be exploited by SSL/TLS downgrade attack. The Bank of Tokyo-Mitsubishi UFJ for Android provided by The Bank of Tokyo-Mitsubishi UFJ, Ltd. tries to communicate with a server via TLS v1.2. However, when a response from the server indicates S...
Sleipnir for Mac vulnerable to URL spoofing
Overview Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#28151745: Sleipnir for Mac vulnerable to URL spoofing
Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Impact The displayed URL may be forged to conduct phishing attacks. Solution Update the Software Update to the latest version according to the information provided by the developer...
ManageEngine Password Manager Pro fails to restrict access permissions
Overview ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions. Impact A user may gain unauthorized access to other users' password entry history. Solution Update the Software This vulnerability has been addressed in Password Manager Pro 8.4.0 Build...
Keitai Kit for Movable Type vulnerable to OS command injection
Overview Keitai Kit for Movable Type contains an OS command injection vulnerability. Keitai Kit for Movable Type provided by ideaman's Inc. contains an OS command injection vulnerability CWE-78. CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...
Multiple SONY network cameras vulnerable to sensitive information disclosure
Overview Multiple SONY network cameras contain a sensitive information disclosure vulnerability. SEC Consult reported this vulnerability to Sony, and Sony reported this vulnerability to JPCERT/CC to notify the solution to users through JVN. JPCERT/CC and Sony coordinated for the publication of th...
ManageEngine Password Manager Pro vulnerable to cross-site request forgery
Overview ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability. ManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability CWE-352. CWE-352: Cross-Site Request Forgery CSRF...
SaAT Netizen fails to properly verify downloaded installation and update files
Overview SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified. The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process...
WNC01WH vulnerable to directory traversal due to an issue in processing POST request
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
WNC01WH vulnerable to directory traversal due to an issue in processing commands
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing commands. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
WNC01WH vulnerable to enabling debug option
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an enabling debug option vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...
WNC01WH vulnerable to stored cross-site scripting
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
WNC01WH vulnerable to cross-site request forgery
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a cross-site request forgery vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
WNC01WH vulnerable to denial-of-service (DoS)
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a denial-of-service DoS vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#40613060: Multiple vulnerabilities in WNC01WH
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains multiple vulnerabilities listed below. Denial-of-service DoS - CVE-2016-7821 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:H/Au:N/C:N/I:N/A:C| Base...
The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries
Overview The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
JVN#08868688: The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries
The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, an arbitrary code m...
Multiple I-O DATA network camera products vulnerable to buffer overflow
Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Multiple I-O DATA network camera products vulnerable to OS command injection
Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#25059363: Multiple I-O DATA network camera products multiple vulnerabilities
Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. OS Command injection CWE-78 - CVE-2016-7819 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...
kintone mobile for Android fails to verify SSL server certificates
Overview kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView. Note that this vulnerability is different from JVN91816422. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...
JVN#20252219: kintone mobile for Android fails to verify SSL server certificates
kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provid...
Simple keitai chat vulnerable to cross-site scripting
Overview Simple keitai chat provided by LEMON-S PHP contains reflected and stored cross-site scripting vulnerabilities CWE-79. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#05493467: Simple keitai chat vulnerable to cross-site scripting
Simple keitai chat provided by LEMON-S PHP contains reflected and stored cross-site scripting vulnerabilities CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Simple keitai chat Simple keitai chat is no longer being developed or maintained. It is...
DERAEMON-CMS vulnerable to cross-site scripting
Overview DERAEMON-CMS provided by TEAM DERAEMONS is a content management system CMS. install.php in DERAEMON-CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing of the parameters hostname, database and username. Satoshi Ogawa of Mitsui Bussan Secure Directions, In...
JVN#75396659: DERAEMON-CMS vulnerable to cross-site scripting
DERAEMON-CMS provided by TEAM DERAEMONS is a content management system CMS. install.php in DERAEMON-CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing of the parameters hostname, database and username. Impact An arbitrary script may be executed on the user's web...
CG-WLR300NX fails to restrict access permissions
Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
CG-WLR300NX vulnerable to cross-site scripting
Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
CG-WLR300NX vulnerable to cross-site request forgery
Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability CWE-352. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Multiple Corega wireless LAN routers vulnerable to cross-site scripting
Overview Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability CWE-79. Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Multiple I-O DATA network camera products vulnerable to information disclosure
Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability CWE-200. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#92237169: CG-WLR300NX vulnerable to cross-site scripting
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update to the latest version of firmware according to the information...
JVN#23823838: CG-WLR300NX vulnerable to cross-site request forgery
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest version of...
JVN#25060672: Multiple Corega wireless LAN routers vulnerable to cross-site scripting
Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Use CG-WLR300NX or CG-WFR600 CG-WLBARGMH and CG-WLBARGNL are no longer being supported, therefore fix for this vulnerability wil...
JVN#23549283: CG-WLR300NX fails to restrict access permissions
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Impact An attacker who can access the product may perform an arbitrary operation in the product while an administrator logs in. Solution Update the Firmware Update to the latest version ...
JVN#34103586: Multiple I-O DATA network camera products vulnerable to information disclosure
Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability CWE-200. Impact Information such as authentication credentials may be disclosed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware...
Vulnerabilitie in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM
Overview A Remote Command Execution Vulnerability was found in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM. Impact Remote attackers might exploit this vulnerability to execute arbitrary commands. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...
Access restriction bypass vulnerability in WFS-SR01
Overview WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of it...
Command injection vulnerability in WFS-SR01
Overview WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its soluti...
JVN#18228200: Multiple vulnerabilities in WFS-SR01
WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains multiple vulnerabilities in "Pocket Router Function" listed below. Command injection - CVE-2016-7806 Version| Vector| Score ---|---|--- CVSS v3|...
The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT...
mobiGate App fails to verify SSL server certificates
Overview mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to Nihon Unisys, Ltd., and Nihon Unisys, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
JVN#91002412: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...
JVN#27260483: mobiGate App fails to verify SSL server certificates
mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...
Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
Overview 7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this...
JVN#76780067: Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...
SQL injection vulnerability in WordPress plugin WP-OliveCart
Overview WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains an SQL injection vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under information...