5625 matches found
JVN#30281958: Arbitrary program execution vulnerability in TrendLink ActiveX control
TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted. Impact A remote attacker may create an arbitrary file on the system and as a...
FuelPHP vulnerable to remote code execution
Overview FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
File Explorer vulnerable to directory traversal
Overview File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Meridian vulnerable to cross-site scripting
Overview Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Kazuyuki Matsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#94791545: FuelPHP vulnerable to remote code execution
FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Impact When specially crafted input is processed, arbitrary files may be deleted or arbitrary code may be executed on the...
JVN#36028879: Meridian vulnerable to cross-site scripting
Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...
JVN#84335912: File Explorer vulnerable to directory traversal
File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileg...
Multifunctional MailForm Free vulnerable to cross-site scripting
Overview Multifunctional MailForm Free provided by PHP Kobo contains a cross-site scripting vulnerability. Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting. Impact By opening a specially crafted HTML document, an arbitrary...
JVN#41028866: Multifunctional MailForm Free vulnerable to cross-site scripting
Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting. Impact By opening a specially crafted HTML document, an arbitrary sctipt may be executed. Solution Update the software Update to the latest version according to the informatio...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update t...
Cybozu Garoon vulnerable to access restriction bypass
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update...
Cybozu Garoon 3 API access restriction bypass vulnerability
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest...
Cybozu Garoon CGI vulnerable to remote command execution
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
Seasar S2Struts vulnerable to ClassLoader manipulation
Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Cybozu, Inc...
JVN#31082531: Cybozu Garoon 3 API access restriction bypass vulnerability
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version...
JVN#94838679: Cybozu Garoon vulnerable to cross-site scritping
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Softwa...
JVN#97558950: Cybozu Garoon vulnerable to cross-site scritping
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...
JVN#75990997: Cybozu Garoon vulnerable to access restriction bypass
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to the lates...
JVN#42024228: Cybozu Garoon CGI vulnerable to remote command execution
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Impact An arbitrary command may be executed on the server where Cybozu Garoon resides. Solution Update the Software Update to the latest version according to the information...
JVN#80583739: Cybozu Garoon vulnerable to cross-site scritping
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...
JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation
Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...
Becky! Internet Mail vulnerable to buffer overflow
Overview Becky! Internet Mail contains a buffer overflow vulnerability. Becky! Internet Mail contains an issue in processing responses from a POP3 server, which may result in a buffer overflow vulnerability. Shingo HAYASHI of Cyber Defense Institute, Inc reported this vulnerability to IPA...
JVN#35376006: Becky! Internet Mail vulnerable to buffer overflow
Becky! Internet Mail contains an issue in processing responses from a POP3 server, which may result in a buffer overflow vulnerability. Impact By receiving a specially crafted response, an arbitrary code may be executed. Solution Update the Software Update to the latest version according to the...
SX-2000WG vulnerable to denial-of-service (DoS)
Overview SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service DoS. Note that this vulnerability is...
SX-2000WG vulnerable to denial-of-service (DoS)
Overview SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of TCP Option header, which may cause a denial-of-service DoS. Note that this vulnerabili...
RockDisk vulnerable to cross-site scripting
Overview RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...
JVN#35998716: SX-2000WG vulnerable to denial-of-service (DoS)
SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service DoS. Impact A remote attacker may cause the...
JVN#85571806: SX-2000WG vulnerable to denial-of-service (DoS)
SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of TCP Option header, which may cause a denial-of-service DoS. Impact A remote attacker may cause...
Web Kyukincho vulnerable to cross-site request forgery
Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution...
Web Kyukincho vulnerable to cross-site scripting
Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the...
JVN#36259412: Web Kyukincho vulnerable to cross-site request forgery
Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the...
JVN#80006084: Web Kyukincho vulnerable to cross-site scripting
Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest...
Login rebuilder vulnerable to cross-site request forgery
Overview Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...
Sophos Disk Encryption vulnerable to authentication bypass
Overview Sophos Disk Encryption contains an authentication bypass vulnerability. Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is...
JVN#63940326: Sophos Disk Encryption vulnerable to authentication bypass
Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC. Impact An...
JVN#05329568: Login rebuilder vulnerable to cross-site request forgery
Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information...
Webmin vulnerable to cross-site scripting
Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Webmin vulnerable to cross-site scripting
Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Usermin vulnerable to cross-site scripting
Overview Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Usermin vulnerable to OS command injection
Overview Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
JVN#49974594: Webmin vulnerable to cross-site scripting
Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser who is logged into Webmin. Solution Update the software Update to the latest version according to the information provided by th...
JVN#48805624: Usermin vulnerable to OS command injection
Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Impact When a user that is logged into Usermin performs a specific action, an arbitrary command may be executed. Solution Update the software Update to the latest version according to...
JVN#92737498: Usermin vulnerable to cross-site scripting
Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser who is logged into Usermin. Solution Update the software Update to the latest version according to the information...
JVN#02213197: Webmin vulnerable to cross-site scripting
Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. Impact An arbitrary script may be executed on a user's web browser who is logged into Webmin. Solution...
JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
Overview JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Akihisa Ishida reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allo...
JVN#10603428: JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...
TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation
Overview TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114...
050 plus for Android information management vulnerability
Overview 050 plus for Android contains an information management vulnerability. 050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product t...