5625 matches found
Apache Struts 1 vulnerability that allows unintended remote operations against components on memory
Overview The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the...
JVN#74659077: TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter
The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB has a function to restrict access to contents with specified file extentions from browser requests. This function may be...
JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory
The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...
JVN#65044642: Apache Struts 1 vulnerable to input validation bypass
The Apache Struts 1 Validator contains a vulnerability where input validation configurations validation rules, error messages, etc. may be modified. This occurs when the following ActionForm including its subclasses are in the session scope. ValidatorForm ValidatorActionForm Impact Effects vary...
Trend Micro enterprise products HTTP header injection vulnerability
Overview Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC ...
Trend Micro Internet Security vulnerable to arbitrary script execution
Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability that may allow arbitrary script execution. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro...
Trend Micro enterprise products directory traversal vulnerability
Overview Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to...
Trend Micro Internet Security access restriction flaw
Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains an access restriction flaw. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro Incorporated reported this...
JVN#48789425: Trend Micro Internet Security multiple vulnerabilities
Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...
JVN#48847535: Trend Micro enterprise products multiple vulnerabilities
Multiple enterprise products provided by Trend Micro Incorporated contain the following vulnerabilities. Directory Traversal - CVE-2016-1223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2| AV:A/AC:L/Au:N/C:P/I:N/A:N| Base Score:...
Cybozu Garoon logging function vulnerable to directory traversal
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...
Cybozu Garoon function "MultiReport" vulnerable to access restriction bypass
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "MultiReport". Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution...
Cybozu Garoon function "Portlets" vulnerable to access restriction bypass
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "Portlets". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may create a portlet which does not belong any...
Cybozu Garoon fails to restrict access permissions
Overview Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function. Note that this vulnerability is different from JVN33879831. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN37121456. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN49285177. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this...
Cybozu Garoon fails to restrict access permissions
Overview Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information. Note that this vulnerability is different from JVN53542912. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through...
Cybozu Garoon vulnerable to open redirect
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC an...
Cybozu Garoon vulnerable to denial-of-service (DoS)
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. ixama reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated und...
Cybozu Garoon vulnerable to information disclosure
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...
Cybozu Garoon function "Files" vulnerable to directory traversal
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the function "Files". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...
Cybozu Garoon mail function vulnerable to access restriction bypass
Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A spoofed e-mail may be sent by a user. Solution Update the...
DMM.com Securities FX Apps for Android fail to verify SSL server certificates
Overview Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal
Overview kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#26298347: Cybozu Garoon vulnerable to denial-of-service (DoS)
Cybozu Garoon is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS that consumes system resources. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#37121456: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
JVN#49285177: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...
JVN#33879831: Cybozu Garoon fails to restrict access permissions
Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information. Impact A user may obtain other user's Address Book information. Solution Update the Software Update to the latest version according to the information provided by...
JVN#14749391: Multiple directory traversal vulnerabilities in Cybozu Garoon
Cybozu Garoon is a groupware. Cybozu Garoon contains following multiple directory traversal vulnerabilities. Directory traversal in the function "Files" - CVE-2016-1191 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2|...
JVN#13794955: Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal
kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Impact When the product is used in Windows, a remote attacker may obtain arbitrary files from the server...
JVN#40898764: DMM.com Securities FX Apps for Android fail to verify SSL server certificates
Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the informati...
JVN#25765762: Cybozu Garoon vulnerable to information disclosure
Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Impact By sending a specially crafted email, an attacker may be convinced that the user read the email. Solution Update the Software Update to the latest version according to the...
JVN#32218514: Cybozu Garoon vulnerable to open redirect
Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...
JVN#18975349: Multiple access restriction bypass vulnerabilities in Cybozu Garoon
Cybozu Garoon is a groupware. Cybozu Garoon contains multiple access restriction bypass vulnerabilities below. Operation restriction bypass in the mail function - CVE-2016-1188 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...
JVN#53542912: Cybozu Garoon fails to restrict access permissions
Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function. Impact An unintentional image file may be displayed on the mail view. As a result, an attacker may be convinced that the user read the email. Solution Update the Software Update to the latest...
WebARENA formmail vulnerable to cross-site scripting
Overview formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Multiple Buffalo wireless LAN routers vulnerable to directory traversal
Overview Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Multiple Buffalo wireless LAN routers vulnerable to information disclosure
Overview Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
Japan Connected-free Wi-Fi vulnerable to API execution
Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
H2O use-after-free vulnerability
Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership. Impact An...
JVN#81698369: Multiple Buffalo wireless LAN routers vulnerable to directory traversal
Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware update provided by the developer...
JVN#46888319: Japan Connected-free Wi-Fi vulnerable to API execution
Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Impact Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are granted in...
JVN#75813272: Multiple Buffalo wireless LAN routers vulnerable to information disclosure
Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Impact Information such as authentication credentials may be disclosed by an unauthenticated remote attacker. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Produc...
JVN#87859762: H2O use-after-free vulnerability
H2O is an open source web server software. H2O contains a use-after-free vulnerability. Impact An attacker may cause a denial-of-service DoS condition by sending a specially crafted packet. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#24143619: WebARENA formmail vulnerable to cross-site scripting
formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information...
NetCommons vulnerable to privilege escalation
Overview NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user wi...
JVN#00460236: NetCommons vulnerable to privilege escalation
NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Impact A user with secretariat privileges "CLERK" may create a user with system administrator privileges "SYSTEMADMIN". Solution Update the Software Update the software according to the information provid...
WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
Overview The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Kenta Yamamoto of Cryptography Laboratory,Department of Information and Communication Engineering, Graduate School of Tokyo Denki University reported this vulnerability to IPA...
JVN#26026353: WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. While the...
Cross-site Scripting Vulnerability in Hitachi Tuning Manager
Overview A cross-site scripting vulnerability was found in Hitachi Tuning Manager. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...