5625 matches found
JVN#78482127: EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting
EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" provided by Cyber-Will Inc. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...
baserCMS plugin "Casebook Plugin" vulnerable to cross-site request forgery
Overview baserCMS plugin "Casebook Plugin" contains a cross-site request forgery vulnerability CWE-352. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
baserCMS plugin "Casebook Plugin" vulnerable to cross-site scripting
Overview baserCMS plugin "Casebook Plugin" contains a cross-site scripting vulnerability CWE-79. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
baserCMS plugin "Menubook Plugin" vulnerable to cross-site request forgery
Overview baserCMS plugin "Menubook Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
baserCMS plugin "Menubook Plugin" vulnerable to cross-site scripting
Overview baserCMS plugin "Menubook Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
baserCMS plugin "Recruit Plugin" vulnerable to cross-site request forgery
Overview baserCMS plugin "Recruit Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting
Overview baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#26627848: baserCMS plugin "Menubook Plugin" multiple vulnerabilities
baserCMS plugin "Menubook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...
JVN#13288761: baserCMS plugin "Recruit Plugin" multiple vulnerabilities
baserCMS plugin "Recruit Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forgery...
JVN#55801246: baserCMS plugin "Casebook Plugin" multiple vulnerabilities
baserCMS plugin "Casebook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...
WisePoint contains issue in preventing clickjacking attacks
Overview WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Hiroki Ikemoto of NTT SOFT SERVICE Corp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...
ActiveX control for EVA Animator vulnerable to buffer overflow
Overview ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
Overview AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...
JVN#28480773: WisePoint contains issue in preventing clickjacking attacks
WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information provided by...
JVN#47164236: AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, information such as settings may be altered unintentionaly. Solution Update the Firmware Update to the latest firmware version according ...
JVN#41875357: ActiveX control for EVA Animator vulnerable to buffer overflow
ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Impact If a user views a malicious page, arbitrary code may be executed. Solution Remove ActiveX control for EVA Animator The EVA Animator service ended and the related website for its service...
Aterm WF800HP vulnerable to cross-site request forgery
Overview Aterm WF800HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Aterm WG300HP vulnerable to cross-site request forgery
Overview Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#07818796: Aterm WF800HP vulnerable to cross-site request forgery
Aterm WF800HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest firmware version according to the information...
JVN#82020528: Aterm WG300HP vulnerable to cross-site request forgery
Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workaround may mitigate the affects of this...
WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
Overview "WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...
JVN#86517621: WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
"WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update to the...
Information Disclosure Vulnerability in Hitachi Compute Systems Manager
Overview An Information Disclosure Vulnerability was found in Hitachi Compute Systems Manager. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriat...
Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
Overview Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability CWE-352. Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#59349382: Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged into the management screen, various administrative functions may be performed. Solution Apply a workaround The following workaround...
Remote File Inclusion Vulnerability in Hitachi Command Suite
Overview A Remote File Inclusion Vulnerability was found in Hitachi Command Suite. Impact Malicious attacker might exploit this vulnerability to load external files into a browser. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...
Log-Chat vulnerable to cross-site scripting
Overview Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#93535632: Log-Chat vulnerable to cross-site scripting
Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Log-Ch...
LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)
Overview LINE for Windows and LINE for Mac OS contain a denial-of-service DoS vulnerability due to an issue in displaying the Timeline. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
Internet Explorer cross-domain policy bypass
Overview Internet Explorer contains a flaw that may allow an attacker to bypass cross-domain policies. Yosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a...
baserCMS vulnerable to OS command injection
Overview baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS...
JVN#78383854: Internet Explorer cross-domain policy bypass
Internet Explorer contains an information disclosure vulnerability due to a flaw in handling cross-domain policies. Impact When a specially crafted content is opened, cross-domain policies may be bypassed and then information of the URL that the user is accessing may be obtained by an attacker...
JVN#46044093: LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)
LINE for Windows and LINE for Mac OS contain a denial-of-service DoS vulnerability due to an issue in displaying the Timeline. Impact By displaying a specially crafted post in Timeline, the product may be abnormally terminated. Solution Update the software Update to the latest version according t...
JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the developer...
JVN#69854312: baserCMS vulnerable to OS command injection
baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed on the server by a logged in attacker. Solution Update the Software Update to the latest version according to the information...
Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...
Cybozu Office vulnerable to open redirect
Overview Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...
Cybozu Office vulnerable to cross-site request forgery
Overview Cybozu Office contains a cross-site request forgery vulnerability CWE-352 in multiple functions. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to the latest version according to the information provide...
Cybozu Office access restriction bypass vulnerability
Overview Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable...
Cybozu Office vulnerable to information disclosure
Overview Cybozu Office contains an information disclosure vulnerability. Note that this vulnerability is different from JVN28042424. Impact If a user views a malicious page while logged in, token used for cross-site request forgery CSRF protection may be disclosed. As a result, an attacker who...
Cybozu Office vulnerable to information disclosure
Overview Cybozu Office contains an information disclosure vulnerability in the mail function. Note that this vulnerability is different from JVN47296923. Impact When a specially crafted mail is opened, images files accessible by authenticated users may be obtained by a third-party. Solution Updat...
Cybozu Office vulnerable to denial-of-service (DoS)
Overview Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the...
Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting
Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...
JVN#20246313: Cybozu Office vulnerable to denial-of-service (DoS)
Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the information...
JVN#71428831: Cybozu Office vulnerable to open redirect
Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...
JVN#28042424: Cybozu Office vulnerable to information disclosure
Cybozu Office contains an information disclosure vulnerability in the mail function. Impact When a specially crafted mail is opened, images files accessible by authenticated users may be obtained by a third-party. Solution Update the Software Update to the latest version according to the...
JVN#47296923: Cybozu Office vulnerable to information disclosure
Cybozu Office contains an information disclosure vulnerability. Impact If a user views a malicious page while logged in, token used for cross-site request forgery CSRF protection may be disclosed. As a result, an attacker who obtains the CSRF token can perform further attacks. Solution Update the...
JVN#69278491: Cybozu Office vulnerable to cross-site scripting
Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cyboz...
JVN#48720230: Cybozu Office access restriction bypass vulnerability
Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable. Solution...