JVN#48211537: Party Track SDK for iOS fails to verify server certificates

Party Track SDK for iOS provided by Adways Inc. fails to verify server certificates in encrypted HTTPS communications. According to the developer, in addition to communications by the SDK, communications by the application using NSURLConnection also fail to verify server certificates. Impact A...

Pref Shimane CMS vulnerable to SQL injection

Overview Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A logged in...

phpRechnung vulnerable to SQL injection

Overview phpRechnung is a web-based accounting software. list.php of phpRechnung contains an SQL injection CWE-89 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An authenticated...

Dojo Toolkit vulnerable to cross-site scripting

Overview Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

JVN#13456571: Dojo Toolkit vulnerable to cross-site scripting

Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by t...

JVN#02671769: phpRechnung vulnerable to SQL injection

phpRechnung is a web-based accounting software. list.php of phpRechnung contains an SQL injection CWE-89 vulnerability. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest version according to the information...

JVN#84982142: Pref Shimane CMS vulnerable to SQL injection

Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version according to the information provided by the...

Multiple PHP code execution vulnerabilitles in Cybozu Garoon

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities. CyVDB-863 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, CyVDB-867 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code CVE-2015-5646...

Cybozu Garoon vulnerable to LDAP injection

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability. Impact A malicious user authorized to administer uesrs in certain groups may obtain information from the authentication server or may...

JVN#21025396: Multiple PHP code execution vulnerabilitles in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities. CyVDB-863 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, CyVDB-867 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code CVE-2015-5646 CyVDB-86...

JVN#38369032: Cybozu Garoon vulnerable to LDAP injection

Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability. Impact A malicious user authorized to administer uesrs in certain groups may obtain information from the authentication server or may perform a...

gollum vulnerable to file exposure

Overview gollum is a wiki system that uses git repositories. gollum contains a vulnerability which may allow an attacker to view arbitrary files on the server. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Dotclear vulnerable to cross-site scripting

Overview Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a...

JVN#65668004: Dotclear vulnerable to cross-site scripting

Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Impact If a user views a specially crafted page while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

JVN#27548431: gollum vulnerable to file exposure

gollum is a wiki system that uses git repositories. gollum contains a vulnerability which may allow an attacker to view arbitrary files on the server. Impact A remote attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

AjaXplorer vulnerable to directory traversal

Overview AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Python for Windows may insecurely load dynamic libraries

Overview Python for Windows contains an issue with the DLL search path, which may lead to insecurely loading a DLL called readline.pyd. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

Canary Labs Trend Web Server vulnerable to buffer overflow

Overview Trend Web Server provided by Canary Labs is a solution used for data visualization. Trend Web Server contains a buffer overflow CWE-119 vulnerability. Kuang-Chun Hung reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warni...

JVN#49503705: Python for Windows may insecurely load dynamic libraries

Python for Windows contains an issue with the DLL search path, which may lead to insecurely loading a DLL called readline.pyd. Impact Arbitray code may be executed with the privileges of python.exe. Solution Apply a workaround Applying the following workaround will mitigate the effects of this...

JVN#27462572: AjaXplorer vulnerable to directory traversal

AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact An authenticated attacker may view files on the server. Solution Use Pydio The developer states that the development of AjaXplorer has been discontinued and there are no...

JVN#07676450: Canary Labs Trend Web Server vulnerable to buffer overflow

Trend Web Server provided by Canary Labs is a solution used for data visualization. Trend Web Server contains a buffer overflow CWE-119 vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code when sending a specially crafted TCP packet. Solution Stop...

MATCHA SNS access restriction bypass vulnerability

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains an access restriction bypass vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user without...

MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

MATCHA INVOICE vulnerable to code injection

Overview MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with...

MATCHA INVOICE vulnerable to SQL injection

Overview MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains multiple SQL injection CWE-89 vulnerabilities. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

baserCMS vulnerable to SQL injection

Overview baserCMS contains an SQL injection vulnerability. baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements CWE-89. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated...

baserCMS fails to restrict access permissions

Overview baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#79633796: baserCMS vulnerable to SQL injection

baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements CWE-89. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version...

JVN#85118545: MATCHA SNS access restriction bypass vulnerability

MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains an access restriction bypass vulnerability. Impact A user without administrative privileges may obtain administrative privileges. Solution Update the Software Update to the latest version according to the information...

JVN#18232032: MATCHA INVOICE vulnerable to SQL injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains multiple SQL injection CWE-89 vulnerabilities. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest...

JVN#04855224: baserCMS fails to restrict access permissions

baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system. Impact User information may be changed to arbitrary values by a logged in attacker...

JVN#66984217: MATCHA INVOICE vulnerable to code injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute...

JVN#08535069: MATCHA SNS vulnerable to code injection

MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute arbitrary PHP code on the server where...

niconico App for iOS fails to verify SSL server certificates

Overview niconico App for iOS provided by DWANGO Co., Ltd. fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attack...

Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

Overview cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

JVN#21612597: Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

JVN#20355129: niconico App for iOS fails to verify SSL server certificates

niconico App for iOS provided by DWANGO Co., Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

H2O vulnerable to directory traversal

Overview H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Yusuke OSUMI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#65602714: H2O vulnerable to directory traversal

H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Impact A remote attacker may obtain arbitrary files on the server if "file.dir" directive is specified. Solution Update the Software Update to the...

Photon vulnerable to URL whitelist bypass

Overview Photon provided by Newphoria Corporation Inc. is an application for Android built using "applican". Photon contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this...

Reversi vulnerable to URL whitelist bypass

Overview Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported...

Koritore vulnerable to URL whitelist bypass

Overview Koritore provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Koritore contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reporte...

MEGAPHONE MUSIC vulnerable to URL whitelist bypass

Overview MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprou...

Auction Camera vulnerable to URL whitelist bypass

Overview Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout...

applican vulnerable to URL whitelist bypass

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the...

JVN#73346595: applican vulnerable to URL whitelist bypass

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the access...

JVN#19948778: Photon vulnerable to URL whitelist bypass

Photon provided by Newphoria Corporation Inc. is an application for Android built using "applican". Photon contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to be executed if th...

JVN#67586379: Reversi vulnerable to URL whitelist bypass

Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to be...

JVN#83862346: MEGAPHONE MUSIC vulnerable to URL whitelist bypass

MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an...

JVN#71815309: Auction Camera vulnerable to URL whitelist bypass

Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an...