5609 matches found
JVN#56297719: JBoss RichFaces vulnerable to remote Java code execution
JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Impact When a specially crafted input is processed, arbitrary Java code may be executed on the application...
Seasar S2Struts vulnerable to input validation bypass
Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for developing Java web applications. Seasar S2Struts is vulnerable to an issue contained in the Apache Struts 1 Validator, because S2Struts 1.2.x uses Apache Struts 1.2.x, and S2Struts 1.3.x uses Apache Struts...
JVN#91383083: Seasar S2Struts vulnerable to input validation bypass
The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...
Lhaplus vulnerable to remote code execution
Overview Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Decompressing a speciall...
Lhaplus vulnerable to directory traversal
Overview Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. akirayou of Nico-TECH reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#02527990: Lhaplus vulnerable to directory traversal
Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact Decompressing a file with a specially crafted file name may result in a creation of an arbitrary file or an overwrite of an...
JVN#12329472: Lhaplus vulnerable to remote code execution
Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability. Impact Decompressing a specially crafted file name may result in an arbitrary code execution. Solution Update the Software Update to the latest version according to the information provid...
bBlog vulnerable to cross-site request forgery
Overview bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to...
JVN#71903938: bBlog vulnerable to cross-site request forgery
bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to stop using...
"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates
Overview "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates. Yasuyuki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attack...
JVN#68819526: "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates
"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...
Maruo Editor vulnerable to buffer overflow
Overview Maruo Editor provided by Saitoh Kikaku contains a buffer overflow vulnerability due to a flaw in processing a specially crafted .hmbook file CWE-119. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#58784309: Maruo Editor vulnerable to buffer overflow
Maruo Editor provided by Saitoh Kikaku contains a buffer overflow vulnerability due to a flaw in processing a specially crafted .hmbook file CWE-119. Impact By processing a specially crafted .hmbook file, arbitrary code may be executed. Solution Update the Software Update to the latest version...
All in One SEO Pack information management vulnerability
Overview All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected,...
JVN#75615300: All in One SEO Pack information management vulnerability
All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected, therefore som...
Android OS may behave as an open resolver
Overview A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Yasuhiro Orange Morishita of Japan...
JVN#81094176: Android OS may behave as an open resolver
A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Impact The Android device may be used in a DNS...
WordPress theme flashy vulnerable to cross-site scripting
Overview flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user'...
Fumy Teacher's Schedule Board vulnerable to cross-site scripting
Overview Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#74547976: Fumy Teacher's Schedule Board vulnerable to cross-site scripting
Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest...
JVN#97281747: WordPress theme flashy vulnerable to cross-site scripting
flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use flashy flashy is no longer being developed or maintained. It is recommended to stop using flashy. Products Affected flas...
The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass
Overview The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB is vulnerable to an issue contained in the Apache Struts 1 Validator, since it uses Apache Struts 1.2.9. The...
JVN#86448949: The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass
The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...
LINE vulnerable to script injection
Overview LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...
MP Form Mail CGI eCommerce edition vulnerable to code injection
Overview MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
JVN#41281927: LINE vulnerable to script injection
LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...
JVN#39175666: MP Form Mail CGI eCommerce edition vulnerable to code injection
MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Impact Arbitrary Perl code may be executed on the server where it resides. Solution Update the software Update to...
eXtplorer vulnerable to cross-site scripting
Overview eXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT COM Security reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
JVN#97099798: eXtplorer vulnerable to cross-site scripting
eXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
All In One WP Security & Firewall vulnerable to cross-site request forgery
Overview All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the...
All In One WP Security & Firewall vulnerable to SQL injection
Overview All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability CWE-89. oooooooq reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#30832515: All In One WP Security & Firewall vulnerable to SQL injection
All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability CWE-89. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Update...
JVN#87204433: All In One WP Security & Firewall vulnerable to cross-site request forgery
All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the product may ...
Maroyaka Relay Novel vulnerable to cross-site scripting
Overview Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Maroyaka Image Album vulnerable to cross-site scripting
Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Maroyaka Simple Board vulnerable to cross-site scripting
Overview Maroyaka Simple Board provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Simple Board contains a persistent cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
JVN#09871547: Maroyaka Image Album vulnerable to cross-site scripting
Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...
JVN#63687798: Maroyaka Simple Board vulnerable to cross-site scripting
Maroyaka Simple Board provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Simple Board contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting
Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass
Overview Google Captcha reCAPTCHA by BestWebSoft is a plugin for WordPress. Google Captcha reCAPTCHA by BestWebSoft contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an...
BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass
Overview Captcha provided by BestWebSoft is a plugin for WordPress. Captcha contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an administrative interface without...
JVN#93727681: BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass
Captcha provided by BestWebSoft is a plugin for WordPress. Captcha contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an administrative interface without authentication...
JVN#55063777: Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass
Google Captcha reCAPTCHA by BestWebSoft is a plugin for WordPress. Google Captcha reCAPTCHA by BestWebSoft contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an...
Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer
Overview A cross-site scripting vulnerability was found in the online help of Hitachi IT Operations Analyzer. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasur...
Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director
Overview A cross-site scripting vulnerability was found in the online help of JP1/IT Desktop Management - Manager and Hitachi IT Operations Director. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information...
Multiple Cross-site Scripting Vulnerabilities in Hitachi Compute Systems Manager
Overview Multiple cross-site scripting vulnerabilities were found in Hitachi Compute Systems Manager. Impact Remote users can exploit multiple cross-site scripting vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasu...
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing SSTP packets. Impact Receiving a specially crafted SSTP packet may result in the device becoming unresponsive...
Vulnerability in the jBCrypt key stretching process
Overview jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Norito AGETSUMA reported this...
KENT-WEB Clip Board vulnerability where arbitary files may be deleted
Overview Clip Board provided by KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. KENT-WEB Clip Board contains a vulnerability that may allow a remote attacker to delete arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...
Joyful Note vulnerability in handling files
Overview Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...