JVNDB RSS Feed - 2016 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00DX Library vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000001.html
DX Library is an open source library for creating Windows application. DX Library contains a buffer overflow vulnerability due to a flaw in processing an inner function CL_vsprintf().
Tomoya Kitagawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000001http://jvn.jp/en/jp/JVN49476817/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1131https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1131https://www.ipa.go.jp/security/ciadr/vul/20160105-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dx_library_project:dx_library2016-06-08T18:06+09:002016-01-05T14:26+09:002016-06-08T18:06+09:00acmailer vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000002.html
acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability (CWE-78).
Kazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000002http://jvn.jp/en/jp/JVN50899877/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1142https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1142https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:seeds:acmailer2016-01-27T17:20+09:002016-01-15T13:57+09:002016-01-27T17:20+09:00H2O vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000003.html
H2O is an open source web server software. H2O contains an HTTP header injection vulnerability.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000003http://jvn.jp/en/jp/JVN45928828/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1133https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1133https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:h2o_project:h2o2016-01-27T17:33+09:002016-01-15T13:57+09:002016-01-27T17:33+09:00Shoplat App for iOS issue in the verification of SSL certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000004.html
Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.
ma.la reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000004http://jvn.jp/en/jp/JVN47951769/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1132https://nvd.nist.gov/vuln/detail/CVE-2016-1132https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdocomo:shoplat2017-05-23T13:57+09:002016-01-18T14:24+09:002017-05-23T13:57+09:00Multiple Buffalo network devices vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000005.html
Multiple network devices provided by BUFFALO INC. contain a cross-site request forgery vulnerability (CWE-352).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Masashi Sakai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000005http://jvn.jp/en/jp/JVN09268287/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1134https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1134https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:bhr-4grv2_firmwarecpe:/o:buffalo_inc:wex-300_firmwarecpe:/o:buffalo_inc:whr-1166dhp_firmwarecpe:/o:buffalo_inc:whr-300hp2_firmwarecpe:/o:buffalo_inc:whr-600d_firmwarecpe:/o:buffalo_inc:wmr-300_firmwarecpe:/o:buffalo_inc:wmr-433_firmwarecpe:/o:buffalo_inc:wsr-1166dhp_firmware2016-03-10T17:53+09:002016-01-22T14:36+09:002016-03-10T17:53+09:00Multiple Buffalo network devices vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000006.html
Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000006http://jvn.jp/en/jp/JVN49225722/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1135https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1135https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:bhr-4grv2_firmwarecpe:/o:buffalo_inc:wex-300_firmwarecpe:/o:buffalo_inc:whr-1166dhp_firmwarecpe:/o:buffalo_inc:whr-300hp2_firmwarecpe:/o:buffalo_inc:whr-600d_firmwarecpe:/o:buffalo_inc:wmr-300_firmwarecpe:/o:buffalo_inc:wmr-433_firmwarecpe:/o:buffalo_inc:wsr-1166dhp_firmware2016-03-10T17:53+09:002016-01-22T14:36+09:002016-03-10T17:53+09:00HOME SPOT CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000007.html
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site scripting vulnerability.
Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000007https://jvn.jp/en/jp/JVN54686544/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1136https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1136https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kddi:home_spot_cube2016-02-16T17:26+09:002016-01-27T14:40+09:002016-02-16T17:26+09:00HOME SPOT CUBE vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000008.html
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an open redirect vulnerability.
Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000008https://jvn.jp/en/jp/JVN54686544/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1137https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1137https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kddi:home_spot_cube2016-02-16T17:26+09:002016-01-27T14:40+09:002016-02-16T17:26+09:00HOME SPOT CUBE vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000009.html
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a HTTP header injection vulnerability.
Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000009https://jvn.jp/en/jp/JVN54686544/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1138https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1138https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kddi:home_spot_cube2016-02-16T17:26+09:002016-01-27T14:40+09:002016-02-16T17:26+09:00HOME SPOT CUBE vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000010.html
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site request forgery vulnerability.
Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000010https://jvn.jp/en/jp/JVN54686544/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1139https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1139https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kddi:home_spot_cube2016-02-16T17:26+09:002016-01-27T14:40+09:002016-02-16T17:26+09:00HOME SPOT CUBE vulnerable to clickjacking
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000011.html
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a clickjacking vulnerabilitiy.
Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000011http://jvn.jp/en/jp/JVN54686544/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1140https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1140https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kddi:home_spot_cube2016-02-16T17:26+09:002016-01-27T14:40+09:002016-02-16T17:26+09:00HOME SPOT CUBE vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000012.html
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an OS command injection vulnerability.
Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000012http://jvn.jp/en/jp/JVN54686544/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1141https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1141https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kddi:home_spot_cube2016-02-16T17:26+09:002016-01-27T14:40+09:002016-02-16T17:26+09:00EXPRESSCLUSTER X vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000015.html
EXPRESSCLUSTER X from NEC Corporation is software to provide high availability (HA) clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal.
Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000015https://jvn.jp/en/jp/JVN03050861/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1145http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1145https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nec:expresscluster_x2016-03-16T14:24+09:002016-01-29T13:45+09:002016-03-16T14:24+09:00Vine MV vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000016.html
Vine MV contains a cross-site scripting vulnerability (CWE-79).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000016https://jvn.jp/en/jp/JVN12165579/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1143https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1143https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:vine_mv_project:vine_mv2016-02-10T10:19+09:002016-01-29T13:50+09:002016-02-10T10:19+09:00JOB-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000017.html
JOB-CUBE provided by WEBSQUARE Co.,Ltd. is software to build websites. JOB-CUBE contains a cross-site scripting vulnerability (CWE-79).
Masamu Asato of National institute of Technology,Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000017https://jvn.jp/en/jp/JVN26921563/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1144http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1144https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:websquare:job_web_system2016-03-04T17:47+09:002016-01-29T14:06+09:002016-03-04T17:47+09:00Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000018.html
Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability (CWE-79).JVNDB-2016-000018https://jvn.jp/en/jp/JVN77012922/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:producer2016-02-15T09:56+09:002016-02-15T09:56+09:002016-02-15T09:56+09:00Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000019.html
Akerun - Smart Lock Robot App for iOS provided by Photosynth Inc. fails to verify SSL server certificates.
Kenta Suefusa, Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000019http://jvn.jp/en/jp/JVN22578691/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1148https://nvd.nist.gov/vuln/detail/CVE-2016-1148https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:akerun:smart_lock_robot2017-05-23T12:25+09:002016-02-12T15:59+09:002017-05-23T12:25+09:00Cybozu Office vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000020.html
Cybozu Office contains a denial-of-service (DoS) vulnerability due to an issue in "customapp".JVNDB-2016-000020http://jvn.jp/en/jp/JVN20246313/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8489https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1153http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8489http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1153https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2016-02-23T16:32+09:002016-02-15T15:43+09:002016-02-23T16:32+09:00Cybozu Office vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000021.html
Cybozu Office contains an information disclosure vulnerability in the mail function.
Note that this vulnerability is different from JVN#47296923.JVNDB-2016-000021http://jvn.jp/en/jp/JVN28042424/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8488http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8488https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2016-02-23T16:32+09:002016-02-15T15:44+09:002016-02-23T16:32+09:00Cybozu Office vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000022.html
Cybozu Office contains an information disclosure vulnerability.
Note that this vulnerability is different from JVN#28042424.JVNDB-2016-000022http://jvn.jp/en/jp/JVN47296923/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8487http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8487https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2016-02-23T16:32+09:002016-02-15T15:44+09:002016-02-23T16:32+09:00Cybozu Office access restriction bypass vulnerability
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000023.html
Cybozu Office contains an access restriction bypass vulnerability in multiple functions.JVNDB-2016-000023http://jvn.jp/en/jp/JVN48720230/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8484https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8485https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8486https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1152http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8484http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8485http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8486http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1152https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2016-02-23T16:32+09:002016-02-15T15:45+09:002016-02-23T16:32+09:00Cybozu Office vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000024.html
Cybozu Office contains a cross-site request forgery vulnerability (CWE-352) in multiple functions.JVNDB-2016-000024http://jvn.jp/en/jp/JVN64209269/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1151http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1151https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2016-02-23T16:32+09:002016-02-15T16:20+09:002016-02-23T16:32+09:00Cybozu Office vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000025.html
Cybozu Office contains an open redirect vulnerability in network functions.JVNDB-2016-000025http://jvn.jp/en/jp/JVN71428831/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8483http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8483https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2016-02-23T16:32+09:002016-02-15T16:20+09:002016-02-23T16:32+09:00Cybozu Office vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000026.html
Cybozu Office contains a cross-site scripting vulnerability (CWE-79) in multiple functions.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000026http://jvn.jp/en/jp/JVN69278491/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7795https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7796https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7797https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7798https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1149https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1150http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7795http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7796http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7797http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7798http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1149http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1150https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2016-06-06T15:00+09:002016-02-15T16:21+09:002016-06-06T15:00+09:00EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000027.html
EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability (CWE-89).
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000027http://jvn.jp/en/jp/JVN31524757/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1154https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1154https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cuore:ec-cube_help_plugin2016-03-03T17:51+09:002016-02-19T14:42+09:002016-03-03T17:51+09:00Internet Explorer cross-domain policy bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000028.html
Internet Explorer contains a flaw that may allow an attacker to bypass cross-domain policies.
Yosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000028http://jvn.jp/en/jp/JVN78383854/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0069https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0069https://www.ipa.go.jp/security/ciadr/vul/20160210-ms.htmlhttps://www.jpcert.or.jp/english/at/2016/at160007.htmlhttp://www.npa.go.jp/cyberpolice/topics/?seq=17702https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:internet_explorer2016-02-23T11:23+09:002016-02-19T14:39+09:002016-02-23T11:23+09:00LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000029.html
LINE for Windows and LINE for Mac OS contain a denial-of-service (DoS) vulnerability due to an issue in displaying the Timeline.
Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000029https://jvn.jp/en/jp/JVN46044093/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1156https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1156https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:linecorp:line2016-03-10T17:39+09:002016-02-19T14:43+09:002016-03-10T17:39+09:00baserCMS vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000030.html
baserCMS is an open-source Contents Management System (CMS). baserCMS contains an OS command injection vulnerability (CWE-78).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000030http://jvn.jp/en/jp/JVN69854312/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7769http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7769https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2016-03-07T15:51+09:002016-02-19T14:39+09:002016-03-07T15:51+09:00Log-Chat vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000031.html
Log-Chat provided by Script* contains a stored cross-site scripting vulnerability (CWE-79).
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000031http://jvn.jp/en/jp/JVN93535632/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1157http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1157https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:log-chat_project:log-chat2016-02-25T15:10+09:002016-02-22T14:56+09:002016-02-25T15:10+09:00Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000032.html
Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability (CWE-352).
Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000032http://jvn.jp/en/jp/JVN59349382/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1158http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1158https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:corega:cg-wlbargmhcpe:/h:corega:cg-wlbargnl2016-03-16T13:46+09:002016-03-02T14:52+09:002016-03-16T13:46+09:00WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000034.html
"WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability.
Note that this vulnerability cannot be exploited on the default settings.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000034http://jvn.jp/en/jp/JVN86517621/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1160https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1160https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wp_favorite_posts_project:wp_favorite_posts2016-03-29T15:40+09:002016-03-24T12:28+09:002016-03-29T15:40+09:00Aterm WF800HP vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000035.html
Aterm WF800HP provided by NEC Corporation contains a cross-site request forgery vulnerability (CWE-352).
Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000035https://jvn.jp/en/jp/JVN07818796/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1168https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1168https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:nec:aterm_wf800hp_firmware2016-04-18T15:42+09:002016-03-30T14:49+09:002016-04-18T15:42+09:00Aterm WG300HP vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000036.html
Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability (CWE-352).
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000036https://jvn.jp/en/jp/JVN82020528/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1167https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1167https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:nec:aterm_wg300hp2016-04-18T15:41+09:002016-03-30T14:49+09:002016-04-18T15:41+09:00WisePoint contains issue in preventing clickjacking attacks
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000037.html
WisePoint contains an issue in the protection against clickjacking attacks on the management screen.
Hiroki Ikemoto of NTT SOFT SERVICE Corp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000037http://jvn.jp/en/jp/JVN28480773/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1177https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1177https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:falcon_system_consulting:wisepointcpe:/a:falcon_system_consulting:wisepoint_authenticator2016-04-07T12:05+09:002016-04-04T15:30+09:002016-04-07T12:05+09:00ActiveX control for EVA Animator vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000038.html
ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000038http://jvn.jp/en/jp/JVN41875357/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1176https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1176https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sharp:eva_animater2016-04-20T09:38+09:002016-04-04T15:30+09:002016-04-20T09:38+09:00AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000039.html
AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability (CWE-352).
Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000039http://jvn.jp/en/jp/JVN47164236/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1175https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1175https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sharp:aquos_hn-pp1502016-04-07T12:05+09:002016-04-04T15:30+09:002016-04-07T12:05+09:00baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000040.html
baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. (CWE-79)
Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000040http://jvn.jp/en/jp/JVN13288761/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1169https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1169https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:hiniarata_kyujin_plugin2016-04-08T16:51+09:002016-04-06T15:29+09:002016-04-08T16:51+09:00baserCMS plugin "Recruit Plugin" vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000041.html
baserCMS plugin "Recruit Plugin" contains a cross-site request forgery vulnerability. (CWE-352)
Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000041http://jvn.jp/en/jp/JVN13288761/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1170https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1170https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:hiniarata_kyujin_plugin2016-04-08T16:51+09:002016-04-06T15:29+09:002016-04-08T16:51+09:00baserCMS plugin "Menubook Plugin" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000042.html
baserCMS plugin "Menubook Plugin" contains a cross-site scripting vulnerability. (CWE-79)
Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000042http://jvn.jp/en/jp/JVN26627848/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1169https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1169https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:hiniarata_menubook_plugin2016-04-08T16:51+09:002016-04-06T15:29+09:002016-04-08T16:51+09:00baserCMS plugin "Menubook Plugin" vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000043.html
baserCMS plugin "Menubook Plugin" contains a cross-site request forgery vulnerability. (CWE-352)
Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000043http://jvn.jp/en/jp/JVN26627848/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1170https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1170https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:hiniarata_menubook_plugin2016-04-08T16:51+09:002016-04-06T15:29+09:002016-04-08T16:51+09:00baserCMS plugin "Casebook Plugin" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000044.html
baserCMS plugin "Casebook Plugin" contains a cross-site scripting vulnerability (CWE-79).
Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000044http://jvn.jp/en/jp/JVN55801246/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1169https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1169https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:casebook_plugin2016-04-08T16:51+09:002016-04-06T15:29+09:002016-04-08T16:51+09:00baserCMS plugin "Casebook Plugin" vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000045.html
baserCMS plugin "Casebook Plugin" contains a cross-site request forgery vulnerability (CWE-352).
Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000045http://jvn.jp/en/jp/JVN55801246/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1170https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1170https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:casebook_plugin2016-04-08T16:51+09:002016-04-06T15:29+09:002016-04-08T16:51+09:00a-blog cms vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000046http://jvn.jp/en/jp/JVN73166466/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1179https://nvd.nist.gov/vuln/detail/CVE-2016-1179https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:appleple:a-blog_cms2017-05-23T13:44+09:002016-05-16T14:48+09:002017-05-23T13:44+09:00a-blog cms vulnerable to session management
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a vulnerability in session management of the comment functionality.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000047http://jvn.jp/en/jp/JVN03975805/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1178https://nvd.nist.gov/vuln/detail/CVE-2016-1178https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:appleple:a-blog_cms2017-05-23T13:44+09:002016-05-16T14:48+09:002017-05-23T13:44+09:00EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000048.html
EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" provided by Cyber-Will Inc. contain a cross-site scripting vulnerability (CWE-79).
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000048http://jvn.jp/en/jp/JVN78482127/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1180https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1180https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cyber-will:social-buttoncpe:/a:cyber-will:social-button_premium2016-05-06T16:13+09:002016-04-08T12:31+09:002016-05-06T16:13+09:00Tokyo Star bank App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000049.html
Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates.
Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000049https://jvn.jp/en/jp/JVN00272277/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1184https://nvd.nist.gov/vuln/detail/CVE-2016-1184https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tokyostarbank:tokyo_star_bank2017-05-23T14:28+09:002016-04-13T14:30+09:002017-05-23T14:28+09:00Photopt App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000050.html
Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates.
Yuto Iso reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000050http://jvn.jp/en/jp/JVN11815655/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1198https://nvd.nist.gov/vuln/detail/CVE-2016-1198https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt:photopt2017-05-23T14:28+09:002016-04-19T13:44+09:002017-05-23T14:28+09:00EC-CUBE fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000051.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions.
Note that this vulnerability is different from JVN#11458774.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000051https://jvn.jp/en/jp/JVN47473944/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1199https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1199https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2016-05-31T17:41+09:002016-04-26T13:56+09:002016-05-31T17:41+09:00EC-CUBE fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000052.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions.
Note that this vulnerability is different from JVN#47473944.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000052http://jvn.jp/en/jp/JVN11458774/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1200https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1200https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2016-05-31T17:41+09:002016-04-26T13:56+09:002016-05-31T17:41+09:00EC-CUBE vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000053.html
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability (CWE-352).
LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000053https://jvn.jp/en/jp/JVN73776243/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1201https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1201https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ec-cube:ec-cube2016-05-31T17:40+09:002016-04-26T14:24+09:002016-05-31T17:40+09:00Electron may insecurely load Node modules
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000054.html
Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript.
Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron is used in applications such as Atom editor, Microsoft Visual Studio Code, etc..
Electron contains a flaw where the search path for loading Node modules is not restricted properly. This exists due to a flaw in the processing of the 'require' function. When this function is processed, all parent folders for the directory where the module exists is added to the search paths. If an attacker is able to place a malicious Node module in a resulting search path on the victim's system, this Node module will be loaded.
Yosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000054https://jvn.jp/en/jp/JVN00324715/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1202https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1202https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:electron:electron2016-06-01T15:56+09:002016-04-22T13:49+09:002016-06-01T15:56+09:00kintone mobile for Android information management vulnerability
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000055.html
kintone mobile for Android provided by Cybozu, Inc. contains an authentication information management vulnerability.
Kusano Kazuhiko and Gopinath reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000055https://jvn.jp/en/jp/JVN89026267/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1185https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1185https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kintone2016-06-01T16:21+09:002016-04-25T15:35+09:002016-06-01T16:21+09:00kintone mobile for Android fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html
kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates.
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000056https://jvn.jp/en/jp/JVN91816422/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1186https://nvd.nist.gov/vuln/detail/CVE-2016-1186https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kintone2017-05-23T14:28+09:002016-04-25T15:36+09:002017-05-23T14:28+09:00Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000057.html
EC-CUBE plugin "category_freearea_ addition_plugin" and "itemdetail_freearea_ addition_plugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability (CWE-79).
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000057https://jvn.jp/en/jp/JVN63384827/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1205https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1205https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:shiro8:category_freearea_additioncpe:/a:shiro8:itemdetail_freearea_addition2016-05-25T17:48+09:002016-04-26T14:18+09:002016-05-25T17:48+09:00Apache Cordova fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html
Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied.
Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms.
iOS applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied.
Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000058http://jvn.jp/en/jp/JVN35341085/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5207https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5207https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:cordova2016-06-02T17:49+09:002016-05-11T14:16+09:002016-06-02T17:49+09:00Apache Cordova vulnerable to arbitrary plugin execution
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html
Apache Cordova contains a vulnerability where arbitrary plugins may be executed.
Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms.
iOS applications built using Apache Cordova contain a vulnerability where arbitrary plugins may be executed.
Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000059http://jvn.jp/en/jp/JVN41772178/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5208https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5208https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:cordova2016-06-01T16:30+09:002016-05-11T14:16+09:002016-06-01T16:30+09:00Cybozu KUNAI App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html
Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates.
Kusano Kazuhiko reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000060http://jvn.jp/en/jp/JVN11994518/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1187https://nvd.nist.gov/vuln/detail/CVE-2016-1187https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kunai2017-05-23T16:23+09:002016-05-16T16:14+09:002017-05-23T16:23+09:00WN-GDN/R3 Series does not limit authentication attempts
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000061.html
WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts.
WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.
Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000061http://jvn.jp/en/jp/JVN25674893/index.htmlhttps://jvn.jp/vu/JVNVU723755/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1206https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1206https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:wn-gdn%2fr3cpe:/h:i-o_data_device:wn-gdn%2fr3-ccpe:/h:i-o_data_device:wn-gdn%2fr3-scpe:/h:i-o_data_device:wn-gdn%2fr3-u2016-06-01T16:52+09:002016-05-12T14:34+09:002016-06-01T16:52+09:00WN-G300R Series vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000062.html
WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability.
WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability (CWE-79).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000062http://jvn.jp/en/jp/JVN22978346/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1207https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1207https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:wn-g300r2_firmwarecpe:/o:i-o_data_device:wn-g300r3_firmwarecpe:/o:i-o_data_device:wn-g300r_firmware2016-06-01T16:48+09:002016-05-12T14:34+09:002016-06-01T16:48+09:00FileMaker server issue where PHP source code may be viewable
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000063.html
FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled.
Atsushi Matsuo of Emic Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000063http://jvn.jp/en/jp/JVN91638315/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1208https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1208https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:claris:filemaker_server2016-06-02T09:43+09:002016-05-13T14:27+09:002016-06-02T09:43+09:00WordPress plugin "Ninja Forms" vulnerable to PHP object injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000064.html
WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized.JVNDB-2016-000064http://jvn.jp/en/jp/JVN44657371/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1209https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1209http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilitieshttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ninjaforms:ninja_forms2016-06-01T17:00+09:002016-05-13T14:27+09:002016-06-01T17:00+09:00105 BANK App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000065.html
105 BANK App provided by THE HYAKUGO BANK, LTD. is a mobile app for internet banking. 105 BANK App fails to verify SSL server certificates.
Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000065http://jvn.jp/en/jp/JVN11877654/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1210https://nvd.nist.gov/vuln/detail/CVE-2016-1210https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:the_hyakugo_bank:105_bank2017-05-29T11:45+09:002016-05-18T15:26+09:002017-05-29T11:45+09:00Web Mailing List vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000066.html
Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability (CWE-79).
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000066http://jvn.jp/en/jp/JVN43076390/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1211https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1211https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:epoch:web_mailing_list2016-06-08T17:23+09:002016-05-19T13:37+09:002016-06-08T17:23+09:00Jetstar App for iOS fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000067.html
Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates.
Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000067https://jvn.jp/en/jp/JVN43529183/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1221https://nvd.nist.gov/vuln/detail/CVE-2016-1221https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jetstar:jetstar2017-05-29T11:45+09:002016-05-24T13:36+09:002017-05-29T11:45+09:00HumHub vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000068.html
HumHub is a software framework for developing a social networking service (SNS). HumHub contains a cross-site scripting vulnerability.
Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000068http://jvn.jp/en/jp/JVN56167268/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1229https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1229https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:humhub:humhub2016-06-08T17:23+09:002016-05-24T12:24+09:002016-06-08T17:23+09:00MP Form Mail CGI Professional Edition vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000069.html
MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability (CWE-22).
Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000069http://jvn.jp/en/jp/JVN42545812/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1212https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1212https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:futomis_cgi_cafe:mp_form_mail_cgi_professional2016-06-08T17:23+09:002016-05-20T14:22+09:002016-06-08T17:23+09:00php-contact-form vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000070.html
php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability (CWE-79).
Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000070http://jvn.jp/en/jp/JVN85112513/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1222https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1222https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kobe-beauty:php-contact-form2016-06-08T17:23+09:002016-05-24T12:27+09:002016-06-08T17:23+09:00WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000071.html
The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting (CWE-79) vulnerability.
Kenta Yamamoto of Cryptography Laboratory,Department of Information and Communication Engineering, Graduate School of Tokyo Denki University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000071http://jvn.jp/en/jp/JVN26026353/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4812https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4812https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:markdown_on_save_improved_project:markdown_on_save_improved2016-06-08T17:23+09:002016-05-25T14:37+09:002016-06-08T17:23+09:00WebARENA formmail vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000072.html
formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability (CWE-79).
OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000072http://jvn.jp/en/jp/JVN24143619/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1230https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1230https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:ntt_pc_communications_formmail2016-06-08T17:47+09:002016-05-27T13:54+09:002016-06-08T17:47+09:00Trend Micro Internet Security access restriction flaw
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000073.html
Trend Micro Internet Security provided by Trend Micro Incorporated contains an access restriction flaw.
According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000073https://jvn.jp/en/jp/JVN48789425/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1225https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1225https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:virus_baster_cloud2016-06-22T18:12+09:002016-06-02T16:18+09:002016-06-22T18:12+09:00Trend Micro enterprise products directory traversal vulnerability
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000074.html
Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability.
According to the developer, exploiting the vulnerability requires access to the LAN environment of the user.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000074https://jvn.jp/en/jp/JVN48847535/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1223https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:business_securitycpe:/a:trendmicro:business_security_servicescpe:/a:trendmicro:virus_baster_corporate_edition2016-06-22T17:56+09:002016-06-02T16:18+09:002016-06-22T17:56+09:00NetCommons vulnerable to privilege escalation
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000075.html
NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability.
Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000075http://jvn.jp/en/jp/JVN00460236/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4813https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4813https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:netcommons:netcommons2016-06-23T15:13+09:002016-05-26T14:30+09:002016-06-23T15:13+09:00Japan Connected-free Wi-Fi vulnerable to API execution
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000076.html
Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker.
Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000076https://jvn.jp/en/jp/JVN46888319/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4811https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4811https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt-bp:japan_connected-free_wi-fi2016-06-23T17:38+09:002016-05-27T13:51+09:002016-06-23T17:38+09:00Cybozu Garoon mail function vulnerable to access restriction bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000077.html
Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the mail function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.JVNDB-2016-000077https://jvn.jp/en/jp/JVN18975349/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1188https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1188https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-28T17:01+09:002016-05-30T16:18+09:002016-06-28T17:01+09:00Cybozu Garoon function "Files" vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000078.html
Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the function "Files".
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000078https://jvn.jp/en/jp/JVN14749391/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1191https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1191https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-23T17:40+09:002016-05-30T16:18+09:002016-06-23T17:40+09:00Cybozu Garoon vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000079.html
Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000079http://jvn.jp/en/jp/JVN25765762/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1193https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1193https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-28T17:01+09:002016-05-30T16:18+09:002016-06-28T17:01+09:00Cybozu Garoon vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html
Cybozu Garoon is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability.
ixama reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000080http://jvn.jp/en/jp/JVN26298347/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1194https://nvd.nist.gov/vuln/detail/CVE-2016-1194https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T16:23+09:002016-05-30T16:18+09:002017-05-23T16:23+09:00Cybozu Garoon vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000081.html
Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability.
Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000081http://jvn.jp/en/jp/JVN32218514/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1195https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1195https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-23T17:06+09:002016-05-30T16:18+09:002016-06-23T17:06+09:00Cybozu Garoon fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000082.html
Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information.
Note that this vulnerability is different from JVN#53542912.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000082https://jvn.jp/en/jp/JVN33879831/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1196https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1196https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-23T17:35+09:002016-05-30T16:18+09:002016-06-23T17:35+09:00Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000083.html
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#49285177.
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000083https://jvn.jp/en/jp/JVN37121456/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1197https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1197https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-23T17:05+09:002016-05-30T16:18+09:002016-06-23T17:05+09:00Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000084.html
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#37121456.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000084https://jvn.jp/en/jp/JVN49285177/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7775https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7775https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-23T17:09+09:002016-05-30T16:18+09:002016-06-23T17:09+09:00Cybozu Garoon fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000085.html
Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function.
Note that this vulnerability is different from JVN#33879831.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000085https://jvn.jp/en/jp/JVN53542912/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7776https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7776https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-23T17:43+09:002016-05-30T16:18+09:002016-06-23T17:43+09:00Multiple Buffalo wireless LAN routers vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000086.html
Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability (CWE-22).
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000086http://jvn.jp/en/jp/JVN81698369/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4815https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4815https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wzr-600dhp3_firmwarecpe:/o:buffalo_inc:wzr-s600dhp_firmware2016-06-27T14:58+09:002016-05-27T13:53+09:002016-06-27T14:58+09:00Multiple Buffalo wireless LAN routers vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000087.html
Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000087http://jvn.jp/en/jp/JVN75813272/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4816https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4816https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wzr-600dhp3_firmwarecpe:/o:buffalo_inc:wzr-s600dhp_firmware2016-06-27T14:59+09:002016-05-27T13:53+09:002016-06-27T14:59+09:00Trend Micro Internet Security vulnerable to arbitrary script execution
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000088.html
Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability that may allow arbitrary script execution.
According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000088https://jvn.jp/en/jp/JVN48789425/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1226https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1226https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:virus_baster_cloud2016-06-22T18:08+09:002016-06-02T16:18+09:002016-06-22T18:08+09:00Trend Micro enterprise products HTTP header injection vulnerability
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000089.html
Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability.
According to the developer, exploiting the vulnerability requires access to the LAN environment of the user.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000089https://jvn.jp/en/jp/JVN48847535/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1224https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1224https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:business_securitycpe:/a:trendmicro:business_security_services2016-06-22T17:58+09:002016-06-02T16:18+09:002016-06-22T17:58+09:00Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000090.html
kml2jsonp.php contained in source code of Old_GSI_Maps prior to January, 2015 provided by the Geospatial Information Authority of Japan (GSI) contains a directory traversal vulnerability (CWE-22).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000090https://jvn.jp/en/jp/JVN13794955/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4814https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4814https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gsi:old_gsi_maps2016-06-23T15:13+09:002016-05-30T14:07+09:002016-06-23T15:13+09:00H2O use-after-free vulnerability
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000091.html
H2O is an open source web server software. H2O contains a use-after-free vulnerability.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000091https://jvn.jp/en/jp/JVN87859762/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4817https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4817https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:h2o_project:h2o2016-06-23T17:23+09:002016-05-27T13:46+09:002016-06-23T17:23+09:00DMM.com Securities FX Apps for Android fail to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000092.html
Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates.
Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000092https://jvn.jp/en/jp/JVN40898764/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4818https://nvd.nist.gov/vuln/detail/CVE-2016-4818https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dmm:dmmfx_demo_tradecpe:/a:dmm:dmmfx_tradecpe:/a:dmm:gaitamejapan_fx_trade2017-05-23T14:28+09:002016-05-30T14:21+09:002017-05-23T14:28+09:00Cybozu Garoon function "Portlets" vulnerable to access restriction bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000093.html
Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "Portlets".
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.JVNDB-2016-000093http://jvn.jp/en/jp/JVN18975349/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1189https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1189https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-28T17:01+09:002016-05-30T16:18+09:002016-06-28T17:01+09:00Cybozu Garoon function "MultiReport" vulnerable to access restriction bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000094.html
Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "MultiReport".
Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.JVNDB-2016-000094https://jvn.jp/en/jp/JVN18975349/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1190https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1190https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-28T17:01+09:002016-05-30T16:18+09:002016-06-28T17:01+09:00Cybozu Garoon logging function vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000095.html
Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000095http://jvn.jp/en/jp/JVN14749391/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1192https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1192https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2016-06-23T17:49+09:002016-05-30T16:18+09:002016-06-23T17:49+09:00Apache Struts 1 vulnerability that allows unintended remote operations against components on memory
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000096.html
The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met:
Condition 1:
When the following ActionForm (including its subclasses) are in the session scope, and multiple threads that process the same session can access the same ActionForm instance
* ActionForm (not including claesses that implement DynaBean interface, such as DynaActionForm and its subclasses)
* ValidatingActionForm
* ValidatorForm
* ValidatorActionForm
Condition 2:
Can process multi-part requests
(This condition applies whether or not the web application uses multi-part forms)JVNDB-2016-000096https://jvn.jp/en/jp/JVN03188560/index.htmlhttp://jvn.jp/en/vu/JVNVU91417143/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1181https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2017-02-20T15:42+09:002016-06-07T16:26+09:002017-02-20T15:42+09:00Apache Struts 1 vulnerable to input validation bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000097.html
The Apache Struts 1 Validator contains a vulnerability where input validation configurations (validation rules, error messages, etc.) may be modified.
This occurs when the following ActionForm (including its subclasses) are in the session scope.
* ValidatorForm
* ValidatorActionFormJVNDB-2016-000097https://jvn.jp/en/jp/JVN65044642/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1182https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2016-12-05T16:59+09:002016-06-07T16:26+09:002016-12-05T16:59+09:00TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000098.html
The TERASOLUNA Server Framework for Java(WEB) provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for Java(WEB) has a function to restrict access to contents with specified file extentions from browser requests. This function may be bypassed when a specially crafted path is received.
NTT Data Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NTT Data Corporation coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000098http://jvn.jp/en/jp/JVN74659077/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1183https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1183https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdata:terasoluna_server_framework_for_java_web2016-06-27T11:32+09:002016-06-07T16:26+09:002016-06-27T11:32+09:00DX Library vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000099.html
DX Library is an open source library for creating Windows applications. DX Library contains a remote code execution vulnerability due to an issue in printfDx().
Tomoya Kitagawa of Graduate School of Information Science, Nara Institute of Science and Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000099https://jvn.jp/en/jp/JVN15205734/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4819https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4819https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dx_library_project:dx_library2016-06-27T11:32+09:002016-06-08T14:30+09:002016-06-27T11:32+09:00ETX-R vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000100.html
ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability (CWE-352).
Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000100https://jvn.jp/en/jp/JVN61317238/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4820https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4820https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:etx-r2016-06-23T17:12+09:002016-06-14T13:55+09:002016-06-23T17:12+09:00ETX-R vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000101.html
ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability.
Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000101https://jvn.jp/en/jp/JVN96052093/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4821https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4821https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:etx-r2016-06-23T12:20+09:002016-06-14T14:00+09:002016-06-23T12:20+09:00Deep Discovery Inspector vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html
Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000103https://jvn.jp/en/jp/JVN55428526/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5840https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5840https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:deep_discovery_inspector2016-07-12T15:03+09:002016-06-16T14:03+09:002016-07-12T15:03+09:00Multiple Hikari Denwa routers vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000105.html
Multiple Hikari Denwa routers contain an OS command injection vulnerability (CWE-78).
Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000105http://jvn.jp/en/jp/JVN77403442/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1227https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1227https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:ntt_east:pr-400mi_firmwarecpe:/o:ntt_east:rt-400mi_firmwarecpe:/o:ntt_east:rv-440mi_firmwarecpe:/o:ntt_west:pr-400mi_firmwarecpe:/o:ntt_west:rt-400mi_firmwarecpe:/o:ntt_west:rv-440mi_firmware2016-08-03T16:07+09:002016-06-27T14:10+09:002016-08-03T16:07+09:00Multiple Hikari Denwa routers vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000106.html
Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability (CWE-352).
Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000106http://jvn.jp/en/jp/JVN45034304/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1228https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1228https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:ntt_east:pr-400mi_firmwarecpe:/o:ntt_east:rt-400mi_firmwarecpe:/o:ntt_east:rv-440mi_firmwarecpe:/o:ntt_west:pr-400mi_firmwarecpe:/o:ntt_west:rt-400mi_firmwarecpe:/o:ntt_west:rv-440mi_firmware2016-08-03T16:07+09:002016-06-27T14:19+09:002016-08-03T16:07+09:00CG-WLBARGL vulnerable to command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000107.html
CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability.
Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000107http://jvn.jp/en/jp/JVN76653039/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4822https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4822https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:corega:cg-wlbargl2016-06-29T16:03+09:002016-06-22T14:56+09:002016-06-29T16:03+09:00CG-WLBARAGM vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000108.html
CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service (DoS) vulnerability.
Yuji Ukai of FFRI, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000108http://jvn.jp/en/jp/JVN24409899/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4823https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4823https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:corega:cg-wlbaragm2016-06-29T16:04+09:002016-06-22T14:57+09:002016-06-29T16:04+09:00CG-WLR300GNV Series does not limit authentication attempts
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html
CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.
Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000109http://jvn.jp/en/jp/JVN75028871/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4824https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4824https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:corega:cg-wlr300gnvcpe:/h:corega:cg-wlr300gnv-w2016-06-29T16:04+09:002016-06-22T14:57+09:002016-06-29T16:04+09:00Apache Struts vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000110.html
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability.
Note that the exploit code for this vulnerability is publicly available.
Shinsaku Nomura of Bitforest Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000110https://jvn.jp/en/jp/JVN07710476/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4438https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4438https://www.ipa.go.jp/security/ciadr/vul/20160620-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2016-08-03T16:19+09:002016-06-20T16:36+09:002016-08-03T16:19+09:00Apache Struts vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000111.html
Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java.
Web applications that are developed using Apache Struts 2 contain a cross-site request forgery vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000111https://jvn.jp/en/jp/JVN45093481/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4430https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4430https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2022-08-09T14:05+09:002016-06-20T17:18+09:002022-08-09T14:05+09:00Apache Struts vulnerable to validation bypass in Getter method
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000112.html
Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java.
Web applications that are developed using Apache Struts 2 contain a validation bypass in Getter method vulnerability.
JPCERT/CC Addendum
[Update: August 25, 2016]
CVE-2016-4433 (S2-039) has been addressed in Struts 2.3.29, although the vendor has confirmed that similar issues still exist. According to the developer, these issues will be addressed in a future release.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000112https://jvn.jp/en/jp/JVN45093481/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4433https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4433https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2022-08-09T14:08+09:002016-06-20T17:19+09:002022-08-09T14:08+09:00Apache Struts vulnerable to input validation bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000113.html
Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java.
Web applications that are developed using Apache Struts 2 contain an input validation bypass vulnerability.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000113https://jvn.jp/en/jp/JVN45093481/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4431https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4431https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2022-08-09T14:10+09:002016-06-20T17:20+09:002022-08-09T14:10+09:00Apache Struts vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000114.html
Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service (DoS) vulnerability due to an issue in URLValidator.
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000114https://jvn.jp/en/jp/JVN12352818/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4465https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4465https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2016-08-03T16:20+09:002016-06-20T16:36+09:002016-08-03T16:20+09:00WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000115.html
WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000115http://jvn.jp/en/jp/JVN47363774/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4825https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4825https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:collne:welcart_e-commerce2016-06-29T16:04+09:002016-06-24T13:43+09:002016-06-29T16:04+09:00WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000116.html
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#55826471.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000116http://jvn.jp/en/jp/JVN95082904/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4826https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4826https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:collne:welcart_e-commerce2016-06-29T16:05+09:002016-06-24T13:43+09:002016-06-29T16:05+09:00WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000117.html
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#95082904.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000117https://jvn.jp/en/jp/JVN55826471/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4827https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4827https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:collne:welcart_e-commerce2016-06-28T17:01+09:002016-06-24T14:12+09:002016-06-28T17:01+09:00WordPress plugin "Welcart e-Commerce" vulnerable to session management
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000118.html
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000118https://jvn.jp/en/jp/JVN61578437/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4828https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4828https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:collne:welcart_e-commerce2016-06-28T17:01+09:002016-06-24T14:12+09:002016-06-28T17:01+09:00QNAP QTS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000119.html
QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a cross-site scripting vulnerability (CWE-79).
Keigo YAMAZAKI of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000119https://jvn.jp/en/jp/JVN42930233/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5664https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5664https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:qnap:qts2016-08-03T14:55+09:002016-06-27T13:48+09:002016-08-03T14:55+09:00DMM Movie Player App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000120.html
DMM Movie Player App provided by DMM.com Labo Co.,Ltd. fails to verify SSL server certificates.
Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000120https://jvn.jp/en/jp/JVN39594409/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4829https://nvd.nist.gov/vuln/detail/CVE-2016-4829https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:dmm.com_android_player_appcpe:/a:misc:dmm.com_iphone_player_app2017-05-23T14:28+09:002016-06-27T14:23+09:002017-05-23T14:28+09:00Apache Commons FileUpload vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000121.html
Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS).
TERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000121https://jvn.jp/en/jp/JVN89379547/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3092https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:commons_fileuploadcpe:/a:apache:strutscpe:/a:apache:tomcat2018-01-29T10:30+09:002016-06-30T13:53+09:002018-01-29T10:30+09:00Sushiro App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000122.html
Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates.
Yuta Teshima of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000122https://jvn.jp/en/jp/JVN30260727/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4830https://nvd.nist.gov/vuln/detail/CVE-2016-4830https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:akindo_sushiro_co_ltd:sushiro2017-05-23T14:28+09:002016-06-29T14:27+09:002017-05-23T14:28+09:00LINE for Windows may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000123.html
LINE for Windows provided by LINE Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000123http://jvn.jp/en/jp/JVN51565015/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4831https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4831https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:linecorp:line2016-08-19T17:44+09:002016-07-08T14:29+09:002016-08-19T17:44+09:00WordPress plugin "Nofollow Links" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000125.html
The WordPress plugin "Nofollow Links" contains a cross-site scripting (CWE-79) vulnerability in nofollow-links.php.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000125http://jvn.jp/en/jp/JVN13582657/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4833https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4833https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nofollow_links_project:nofollow_links2016-08-05T17:40+09:002016-07-20T14:56+09:002016-08-05T17:40+09:00Vtiger CRM does not properly restrict access to application data
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000126.html
Vtiger CRM is a customer relationship management (CRM) software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data.
Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000126http://jvn.jp/en/jp/JVN01956993/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4834https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4834https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:vtiger:vtiger_crm2016-08-04T18:02+09:002016-07-20T14:56+09:002016-08-04T18:02+09:00Android stock browser vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000127.html
The Android stock browser contains a denial-of-service (DoS) vulnerability.
Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000127http://jvn.jp/en/jp/JVN09470233/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:google:android_browser2016-08-05T13:41+09:002016-08-05T13:41+09:002016-08-05T13:41+09:00Android OS Contacts app fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000128.html
The Contacts app within the Android OS contains a vulnerability where it fails to restrict access permissions.
The Contacts app within the Android OS receives requests for outgoing calls through Intents and calls the Dialer app. The Contacts app contains a vulnerability where it fails to restrict access permissions, since it receives and processes Intents from apps without CALL_PHONE permissions.
Shifeng, Zhang of Symantec reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000128https://jvn.jp/en/jp/JVN06212291/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:google:android2016-07-25T11:14+09:002016-07-25T11:14+09:002016-07-25T11:14+09:00Android OS issue where it is affected by the CRIME attack
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
The implementation of the TLS protocol in Android OS contains a vulnerability where plaintext HTTP headers may be obtained.
The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of the unencrypted data. When this function is enabled on both the client and server, it results in a vulnerability where plaintext HTTP headers may be obtained. The TLS implementation in Android OS is affected by this vulnerability.
Exploiting this vulnerability to obtain plaintext HTTP headers is referred to as the CRIME attack.JVNDB-2016-000129http://jvn.jp/en/jp/JVN65273415/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:google:android2016-07-25T11:15+09:002016-07-25T11:15+09:002016-07-25T11:15+09:00EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000130.html
EC-CUBE plugin "Coupon Plugin" provided by Seed Inc. contains an SQL injection vulnerability (CWE-89).
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000130http://jvn.jp/en/jp/JVN40696431/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4837https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4837https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:seed_discount_coupon_plugin_for_ec-cube2016-08-04T17:55+09:002016-07-25T11:15+09:002016-08-04T17:55+09:00Coordinate Plus App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000133.html
Coordinate Plus App provided by Toshiba Corporation fails to verify SSL server certificates.
Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000133http://jvn.jp/en/jp/JVN06920277/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4840https://nvd.nist.gov/vuln/detail/CVE-2016-4840https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:toshiba:coordinate_plus2017-05-23T14:28+09:002016-08-04T13:41+09:002017-05-23T14:28+09:00Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000134.html
Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen.
kaito834 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000134https://jvn.jp/en/jp/JVN35062083/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4845https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4845https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:hvl-a2.0_firmwarecpe:/o:i-o_data_device:hvl-a3.0_firmwarecpe:/o:i-o_data_device:hvl-a4.0_firmwarecpe:/o:i-o_data_device:hvl-at1.0s_firmwarecpe:/o:i-o_data_device:hvl-at2.0a_firmwarecpe:/o:i-o_data_device:hvl-at2.0_firmwarecpe:/o:i-o_data_device:hvl-at3.0a_firmwarecpe:/o:i-o_data_device:hvl-at3.0_firmwarecpe:/o:i-o_data_device:hvl-at4.0a_firmwarecpe:/o:i-o_data_device:hvl-at4.0_firmware2016-10-24T18:27+09:002016-08-08T12:28+09:002016-10-24T18:27+09:00Cybozu Mailwise vulnerable to mail header injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html
Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000135https://jvn.jp/en/jp/JVN01353821/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4841https://nvd.nist.gov/vuln/detail/CVE-2016-4841https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:mailwise2017-05-23T16:23+09:002016-08-16T14:10+09:002017-05-23T16:23+09:00Cybozu Mailwise vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000136.html
Cybozu Mailwise contains an information disclosure vulnerability in the mail view page.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000136http://jvn.jp/en/jp/JVN02576342/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4842https://nvd.nist.gov/vuln/detail/CVE-2016-4842https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:mailwise2017-05-23T12:02+09:002016-08-16T14:14+09:002017-05-23T12:02+09:00Cybozu Mailwise vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000137.html
Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed.
Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000137http://jvn.jp/en/jp/JVN03052683/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4843https://nvd.nist.gov/vuln/detail/CVE-2016-4843https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:mailwise2017-05-23T12:02+09:002016-08-16T14:14+09:002017-05-23T12:02+09:00Cybozu Mailwise contains issue in preventing clickjacking attacks
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000138.html
Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000138https://jvn.jp/en/jp/JVN04125292/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4844https://nvd.nist.gov/vuln/detail/CVE-2016-4844https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:mailwise2017-05-23T12:01+09:002016-08-16T14:14+09:002017-05-23T12:01+09:00Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000139.html
PhishWall Client Internet Explorer Version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software.
The installer of PhishWall Client Internet Explorer Version contains an issue with the DLL search path, which may lead to insecurely loading dynamic linking libraries.
This installer is built with an old version of Install Shield. The latest vesrion of Install Shield already addressed the issue.
See Best Practices to Avoid Windows Setup Launcher Executable Issues for details.
Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000139https://jvn.jp/en/jp/JVN45583702/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4846https://nvd.nist.gov/vuln/detail/CVE-2016-4846https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:securebrain:phishwall_client2017-05-23T14:28+09:002016-08-17T16:12+09:002017-05-23T14:28+09:00ClipBucket vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000140.html
Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting (CWE-79) vulnerability.
Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000140https://jvn.jp/en/jp/JVN28386124/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4848https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4848https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:clip-bucket:clipbucket2016-09-05T17:41+09:002016-08-18T14:09+09:002016-09-05T17:41+09:00OSSEC Web UI vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000141.html
OSSEC Web UI is a web interface for use with Open Source HIDS Security (OSSEC). OSSEC Web UI contains a cross-site scripting (CWE-79) vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000141https://jvn.jp/en/jp/JVN58455472/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4847https://nvd.nist.gov/vuln/detail/CVE-2016-4847https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ossec:ossec2017-05-23T14:28+09:002016-08-18T14:24+09:002017-05-23T14:28+09:00Cybozu Garoon vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000142.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the "Scheduler" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000142http://jvn.jp/en/jp/JVN67266823https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1213https://nvd.nist.gov/vuln/detail/CVE-2016-1213https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00"Response request" function in Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Response request" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000143https://jvn.jp/en/jp/JVN67595539/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1214https://nvd.nist.gov/vuln/detail/CVE-2016-1214https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00"User details" function in Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "User details" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. JVNDB-2016-000144https://jvn.jp/en/jp/JVN67595539/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1215https://nvd.nist.gov/vuln/detail/CVE-2016-1215https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00"New appointment" function in Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "New appointment" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000145https://jvn.jp/en/jp/JVN67595539/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1216https://nvd.nist.gov/vuln/detail/CVE-2016-1216https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00"Check available times" function in Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Check available times" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000146https://jvn.jp/en/jp/JVN67595539/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1217https://nvd.nist.gov/vuln/detail/CVE-2016-1217https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00Cybozu Garoon vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the "Messages" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000147http://jvn.jp/en/jp/JVN83568336/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1218https://nvd.nist.gov/vuln/detail/CVE-2016-1218https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00Cybozu Garoon vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an authentication bypass vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000148http://jvn.jp/en/jp/JVN89211736/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1219https://nvd.nist.gov/vuln/detail/CVE-2016-1219https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00Cybozu Garoon fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon fails to restrict access permissions in the error page.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000149http://jvn.jp/en/jp/JVN93411577/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1220https://nvd.nist.gov/vuln/detail/CVE-2016-1220https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-05-23T12:01+09:002016-08-22T15:16+09:002017-05-23T12:01+09:00Geeklog IVYWE edition contains a cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000150.html
Geeklog is an open source content management system (CMS). Geeklog IVYWE edition contains a cross-site scripting (CWE-79) vulnerability.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000150https://jvn.jp/en/jp/JVN09836883/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4849https://nvd.nist.gov/vuln/detail/CVE-2016-4849https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:ivywe_geeklog_ivywe2017-05-23T14:28+09:002016-08-19T14:13+09:002017-05-23T14:28+09:00YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000151.html
YoruFukurou (NightOwl) is a Twitter client application for OS X. YoruFukurou uses OS X API CTFramesetter to render text contents.
CTFramesetter has a problem in processing a certain emoji character sequence, which may cause YoruFukurou to crash.
This problem was verified on OS X v10.9 (Mavericks). The developer of YoruFukurou states that the problem does not exist on OS X v10.11 (El Capitan).
Ryo Ichikawa of Tokyo University of Agriculture and Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000151https://jvn.jp/en/jp/JVN94816361/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4852https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4852https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:aki-null:yorufukurou2016-10-27T09:43+09:002016-08-24T14:14+09:002016-10-27T09:43+09:00simple chat vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000152.html
simple chat provided by Let's PHP! contains a cross-site scripting vulnerability (CWE-79).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000152https://jvn.jp/en/jp/JVN42262137/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4851https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4851https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:let%27s_php%21:simple_chat2016-09-05T17:45+09:002016-08-23T13:37+09:002016-09-05T17:45+09:00LINE for Windows fails to properly verify downloaded files
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000153.html
The auto update function in LINE for Windows provided by LINE Corporation contains a vulnerability where downloaded files are not properly verified.
LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000153https://jvn.jp/en/jp/JVN05924524/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4850https://nvd.nist.gov/vuln/detail/CVE-2016-4850https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:linecorp:line2017-05-23T14:28+09:002016-08-25T14:26+09:002017-05-23T14:28+09:00Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000154.html
Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability (CWE-78) due to an issue in loading saved data.
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000154https://jvn.jp/en/jp/JVN85213412/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4853https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4853https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:akabei_soft2:g-senjou_no_maou2016-09-05T17:56+09:002016-08-31T15:33+09:002016-09-05T17:56+09:00ADOdb vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000156.html
ADOdb is a database abstraction layer for PHP. The library's test script (test.php) contains a cross-site scripting (CWE-79) vulnerability.
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000156https://jvn.jp/en/jp/JVN48237713/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4855https://nvd.nist.gov/vuln/detail/CVE-2016-4855https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:adodb_project:adodb2017-11-27T16:43+09:002016-09-06T13:45+09:002017-11-27T16:43+09:00CS-Cart add-on "Twigmo" vulnerable to PHP object injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html
CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized.
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000157https://jvn.jp/en/jp/JVN55389065/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4862https://nvd.nist.gov/vuln/detail/CVE-2016-4862https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:simtech_ltd_twigmo2017-05-23T14:28+09:002016-09-14T15:00+09:002017-05-23T14:28+09:00Zend Framework vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000158.html
Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability (CWE-89) due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses.
Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000158https://jvn.jp/en/jp/JVN18926672/index.htmlhttp://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000197.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4861https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4861https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zend:zend_framework2017-03-16T14:15+09:002016-09-15T14:11+09:002017-03-16T14:15+09:00H2O use of externally-controlled format string
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000159.html
H2O is an open source web server software. H2O uses externally-controlled format strings (CWE-134) in the code which output error logs.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000159https://jvn.jp/en/jp/JVN94779084/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4864https://nvd.nist.gov/vuln/detail/CVE-2016-4864https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:h2o_project:h2o2017-11-27T17:23+09:002016-09-15T14:26+09:002017-11-27T17:23+09:00Money Forward Apps for Android vulnerable in the WebView class
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000160.html
Money Forward Apps for Android contain a vulnerability in the WebView class.
Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000160http://jvn.jp/en/jp/JVN61297210/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4839https://nvd.nist.gov/vuln/detail/CVE-2016-4839https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:money_forward_inc:money_forwardcpe:/a:sourcenext:money_forward2017-11-27T18:01+09:002016-09-20T15:19+09:002017-11-27T18:01+09:00Money Forward Apps for Android vulnerability that allows unintended operations
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000161.html
Money Forward Apps for Android contain a vulnerability where unintended operations may be performed.
Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000161http://jvn.jp/en/jp/JVN49343562/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4838https://nvd.nist.gov/vuln/detail/CVE-2016-4838https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:money_forward_inc:money_forwardcpe:/a:money_forward_inc:money_forward_for_sbi_sumishin_net_bankcpe:/a:money_forward_inc:money_forward_for_shiga_bankcpe:/a:money_forward_inc:money_forward_for_shizuoka_bankcpe:/a:money_forward_inc:money_forward_for_the_gunma_bankcpe:/a:money_forward_inc:money_forward_for_the_toho_bankcpe:/a:money_forward_inc:money_forward_for_tokai_tokyo_securitiescpe:/a:money_forward_inc:money_forward_for_ymfgcpe:/a:sourcenext:money_forward2017-11-27T18:01+09:002016-09-20T15:19+09:002017-11-27T18:01+09:00Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000162.html
Splunk Enterprise and Splunk Lite contain a stored cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#74244518.
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000162http://jvn.jp/en/jp/JVN71462075https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4856https://nvd.nist.gov/vuln/detail/CVE-2016-4856https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:splunk:splunk2017-11-27T16:55+09:002016-09-16T13:56+09:002017-11-27T16:55+09:00Splunk Enterprise and Splunk Light vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000163.html
Splunk Enterprise and Splunk Light contain an open redirect vulnerability.
Note that this vulnerability is different from JVN#64800312.
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000163https://jvn.jp/en/jp/JVN39926655/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4857https://nvd.nist.gov/vuln/detail/CVE-2016-4857https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:splunk:splunk2017-11-27T16:55+09:002016-09-16T14:08+09:002017-11-27T16:55+09:00Splunk Enterprise and Splunk Light vulnerable to open redirect
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000164.html
Splunk Enterprise and Splunk Light contain an open redirect vulnerability.
Note that this vulnerability is different from JVN#39926655.
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000164https://jvn.jp/en/jp/JVN64800312/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4859https://nvd.nist.gov/vuln/detail/CVE-2016-4859https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:splunk:splunk2017-11-27T16:55+09:002016-09-16T14:16+09:002017-11-27T16:55+09:00Splunk Enterprise and Splunk Light vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000165.html
Splunk Enterprise and Splunk Light contain a cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#71462075.
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000165http://jvn.jp/en/jp/JVN74244518https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4858https://nvd.nist.gov/vuln/detail/CVE-2016-4858https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:splunk:splunk2018-01-24T11:53+09:002016-09-16T14:17+09:002018-01-24T11:53+09:00Trend Micro Internet Security vulnerability where files may be excluded as scan targets
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000166.html
Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met.
* An attacker can place a specific file into the system
* The attacker can execute a specific API from the specific file
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000166https://jvn.jp/en/jp/JVN98126322/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:trendmicro:virus_baster_cloud2016-09-16T14:31+09:002016-09-16T14:31+09:002016-09-16T14:31+09:00Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html
Geeklog is an open source content management system (CMS). The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting (CWE-79) vulnerability.
IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and IVY WE CO.,LTD. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000167http://jvn.jp/en/jp/JVN46087986/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4875https://nvd.nist.gov/vuln/detail/CVE-2016-4875https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:ivywe_assist_plugincpe:/a:misc:ivywe_datbox_plugincpe:/a:misc:ivywe_userbox_plugin2017-05-23T14:28+09:002016-09-23T14:15+09:002017-05-23T14:28+09:00Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000168.html
FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point.
When "Internet pass-thru Mode" is enabled, FlashAir does not require authentication on accepting a connection from STA (station) side LAN.
Tsukada Nobuhisa of Seasoft reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000168http://jvn.jp/en/jp/JVN39619137/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4863https://nvd.nist.gov/vuln/detail/CVE-2016-4863https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:toshiba:flashair2017-11-27T17:04+09:002016-10-12T10:03+09:002017-11-27T17:04+09:00ManageEngine ServiceDesk Plus vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000169.html
ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting (CWE-79) vulnerability.
Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000169http://jvn.jp/en/jp/JVN50347324/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4888https://nvd.nist.gov/vuln/detail/CVE-2016-4888https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zohocorp:manageengine_servicedesk_plus2017-05-23T14:28+09:002016-09-29T14:39+09:002017-05-23T14:28+09:00ManageEngine ServiceDesk Plus fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000170.html
ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus fails to restrict access permissions.
Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000170http://jvn.jp/en/jp/JVN89726415/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4889https://nvd.nist.gov/vuln/detail/CVE-2016-4889https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zohocorp:manageengine_servicedesk_plus2017-05-23T14:28+09:002016-09-29T14:39+09:002017-05-23T14:28+09:00ManageEngine ServiceDesk Plus uses an insecure method for cookie generation
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.html
ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus uses an insecure method for generating cookies.
Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000171http://jvn.jp/en/jp/JVN72559412/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4890https://nvd.nist.gov/vuln/detail/CVE-2016-4890https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zohocorp:manageengine_servicedesk_plus2017-05-23T14:28+09:002016-09-29T14:39+09:002017-05-23T14:28+09:00baserCMS vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000172.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000172http://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4876https://nvd.nist.gov/vuln/detail/CVE-2016-4876https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:36+09:002016-09-29T16:04+09:002017-11-27T16:36+09:00baserCMS plugin Mail vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000173.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000173https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4877https://nvd.nist.gov/vuln/detail/CVE-2016-4877https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS plugin Mail vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000174.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000174https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4879https://nvd.nist.gov/vuln/detail/CVE-2016-4879https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS plugin Blog vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000175.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a stored cross-site scripting vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000175https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://nvd.nist.gov/vuln/detail/CVE-2016-4880https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4880https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS plugin Blog vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000176.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000176https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4881https://nvd.nist.gov/vuln/detail/CVE-2016-4881https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000177.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000177http://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4878https://nvd.nist.gov/vuln/detail/CVE-2016-4878https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000178.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000178http://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4882https://nvd.nist.gov/vuln/detail/CVE-2016-4882https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000179.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a stored cross-site scripting vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000179https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4883https://nvd.nist.gov/vuln/detail/CVE-2016-4883https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS plugin Blog vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000180.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000180https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4884https://nvd.nist.gov/vuln/detail/CVE-2016-4884https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS plugin Feed vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000181.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Feed contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2016-000181https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4885https://nvd.nist.gov/vuln/detail/CVE-2016-4885https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS plugin Mail vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000182.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000182https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4886https://nvd.nist.gov/vuln/detail/CVE-2016-4886https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00baserCMS plugin Uploader vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000183.html
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Uploader contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000183https://jvn.jp/en/jp/JVN92765814/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4887https://nvd.nist.gov/vuln/detail/CVE-2016-4887https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2017-11-27T16:37+09:002016-09-29T16:04+09:002017-11-27T16:37+09:00"Customapp" function in Cybozu Office vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
JVNDB-2016-000184http://jvn.jp/en/jp/JVN06726266/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4865https://nvd.nist.gov/vuln/detail/CVE-2016-4865https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:05+09:002016-10-03T15:43+09:002017-04-24T15:05+09:00"Project" function in Cybozu Office vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. JVNDB-2016-000185http://jvn.jp/en/jp/JVN06726266/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4866https://nvd.nist.gov/vuln/detail/CVE-2016-4866https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:05+09:002016-10-03T15:43+09:002017-04-24T15:05+09:00"Schedule" function in Cybozu Office vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html
Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability.
Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. JVNDB-2016-000186http://jvn.jp/en/jp/JVN06726266/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4870https://nvd.nist.gov/vuln/detail/CVE-2016-4870https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:10+09:002016-10-03T15:43+09:002017-04-24T15:10+09:00"Project" function in Cybozu Office vulnerable vulnerable to access restriction bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html
Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the "Project" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. JVNDB-2016-000187http://jvn.jp/en/jp/JVN07148816/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4867https://nvd.nist.gov/vuln/detail/CVE-2016-4867https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:05+09:002016-10-03T15:43+09:002017-04-24T15:05+09:00Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html
Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
JVNDB-2016-000188http://jvn.jp/en/jp/JVN07148816/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4872https://nvd.nist.gov/vuln/detail/CVE-2016-4872https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:10+09:002016-10-03T15:43+09:002017-04-24T15:10+09:00"Project" function in Cybozu Office vulnerable vulnerable to operation restriction bypass
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html
Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the "Project" function.
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. JVNDB-2016-000189http://jvn.jp/en/jp/JVN07148816/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4873https://nvd.nist.gov/vuln/detail/CVE-2016-4873https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:10+09:002016-10-03T15:43+09:002017-04-24T15:10+09:00Cybozu Office vulnerable to mail header injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html
Cybozu Office contains a mail header injection vulnerability in the process of sending emails.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000190https://jvn.jp/en/jp/JVN08736331/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4868https://nvd.nist.gov/vuln/detail/CVE-2016-4868https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:05+09:002016-10-03T15:43+09:002017-04-24T15:05+09:00Cybozu Office vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html
Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed.
Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page where CGI environment variables are displayed. Therefore, session information may be disclosed if the contents of this page is read in some way.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000191https://jvn.jp/en/jp/JVN09736331/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4869https://nvd.nist.gov/vuln/detail/CVE-2016-4869https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:05+09:002016-10-03T15:43+09:002017-04-24T15:05+09:00Cybozu Office vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html
Cybozu Office contains a denial-of-service (DoS) vulnerability.
Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000192http://jvn.jp/en/jp/JVN10092452/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4871https://nvd.nist.gov/vuln/detail/CVE-2016-4871https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:10+09:002016-10-03T15:46+09:002017-04-24T15:10+09:00Cybozu Office vulnerable to Reflected File Download (RFD)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html
Cybozu Office contains a Reflected File Download (RFD) vulnerability.
Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000193http://jvn.jp/en/jp/JVN11288252/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4874https://nvd.nist.gov/vuln/detail/CVE-2016-4874https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-24T15:10+09:002016-10-03T15:47+09:002017-04-24T15:10+09:00Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000194.html
L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen.
Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000194http://jvn.jp/en/jp/JVN46351856/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4854https://nvd.nist.gov/vuln/detail/CVE-2016-4854https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:lg_electronics:l-04d2018-01-17T11:53+09:002016-10-03T15:17+09:002018-01-17T11:53+09:00Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000195.html
Cryptography API: Next Generation (CNG) contains an issue in BCryptDecrypt, which may result in a denial-of-service (DoS).
ASHINO, Yuki of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000195http://jvn.jp/en/jp/JVN20786316/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:microsoft:windows2016-10-07T14:11+09:002016-10-07T14:11+09:002016-10-07T14:11+09:00SetucoCMS vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000196.html
SetucoCMS provided by SetucoCMS Project is a content management system (CMS). SetucoCMS contains cross-site request forgery vulnerability.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.JVNDB-2016-000196http://jvn.jp/en/jp/JVN80157683/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4891https://nvd.nist.gov/vuln/detail/CVE-2016-4891https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:setucocms_project:setucocms2017-05-17T14:44+09:002016-10-07T15:04+09:002017-05-17T14:44+09:00SetucoCMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000197.html
SetucoCMS provided by SetucoCMS Project is a content management system (CMS). SetucoCMS contains cross-site scripting vulnerability.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.JVNDB-2016-000197http://jvn.jp/en/jp/JVN80157683/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4892https://nvd.nist.gov/vuln/detail/CVE-2016-4892https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:setucocms_project:setucocms2017-05-17T14:44+09:002016-10-07T15:04+09:002017-05-17T14:44+09:00SetucoCMS vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000198.html
SetucoCMS provided by SetucoCMS Project is a content management system (CMS). SetucoCMS contains an SQL injection vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.JVNDB-2016-000198https://jvn.jp/en/jp/JVN80157683/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4893https://nvd.nist.gov/vuln/detail/CVE-2016-4893https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:setucocms_project:setucocms2017-05-17T14:44+09:002016-10-07T15:04+09:002017-05-17T14:44+09:00SetucoCMS vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000199.html
SetucoCMS provided by SetucoCMS Project is a content management system (CMS). SetucoCMS contains denial-of-service (DoS) vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. JVNDB-2016-000199http://jvn.jp/en/jp/JVN80157683/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4894https://nvd.nist.gov/vuln/detail/CVE-2016-4894https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:setucocms_project:setucocms2017-05-17T14:44+09:002016-10-07T15:04+09:002017-05-17T14:44+09:00SetucoCMS vulnerable to code injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000200.html
SetucoCMS provided by SetucoCMS Project is a content management system (CMS). SetucoCMS contains code injection vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.JVNDB-2016-000200http://jvn.jp/en/jp/JVN80157683/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4895https://nvd.nist.gov/vuln/detail/CVE-2016-4895https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:setucocms_project:setucocms2017-05-17T14:44+09:002016-10-07T15:04+09:002017-05-17T14:44+09:00SetucoCMS vulnerable to session management
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000201.html
SetucoCMS provided by SetucoCMS Project is a content management system (CMS). SetucoCMS contains session management vulnerability.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.JVNDB-2016-000201http://jvn.jp/en/jp/JVN80157683/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4896https://nvd.nist.gov/vuln/detail/CVE-2016-4896https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:setucocms_project:setucocms2017-05-17T14:44+09:002016-10-07T15:04+09:002017-05-17T14:44+09:00Usermin cross-site scripting vulnerabilties
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000202.html
Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/save_forward.cgi, /filter/save.cgi and /man/search.cgi.
Toshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000202http://jvn.jp/en/jp/JVN32504719/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4897https://nvd.nist.gov/vuln/detail/CVE-2016-4897https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:webmin:usermin2017-05-16T17:52+09:002016-10-07T13:50+09:002017-05-16T17:52+09:00Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000206.html
The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000206https://jvn.jp/en/jp/JVN03251132/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4900https://nvd.nist.gov/vuln/detail/CVE-2016-4900https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:evernote:evernote2017-11-27T18:12+09:002016-10-19T15:32+09:002017-11-27T18:12+09:00The installer of e-Tax Software may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000207.html
The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000207https://jvn.jp/en/jp/JVN63012325/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4901https://nvd.nist.gov/vuln/detail/CVE-2016-4901https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:national_tax_agency:e-tax2018-01-17T11:48+09:002016-10-19T12:29+09:002018-01-17T11:48+09:00Cross-site scripting vulnerability in WordPress plugin WP-OliveCart
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000208.html
WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site scripting vulnerability.
Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under information Security Early Warning Partnership. JVNDB-2016-000208https://jvn.jp/en/jp/JVN14567604/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4903https://nvd.nist.gov/vuln/detail/CVE-2016-4903https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olive_design:olivedesign_wp-olivecartcpe:/a:olive_design:olivedesign_wp-olivecart_pro2018-01-17T12:10+09:002016-10-20T14:22+09:002018-01-17T12:10+09:00Cross-site request forgery vulnerability in WordPress plugin WP-OliveCart
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000209.html
WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site request forgery vulnerability.
Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under information Security Early Warning Partnership.JVNDB-2016-000209https://jvn.jp/en/jp/JVN14567604/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4904https://nvd.nist.gov/vuln/detail/CVE-2016-4904https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olive_design:olivedesign_wp-olivecartcpe:/a:olive_design:olivedesign_wp-olivecart_pro2018-01-17T12:10+09:002016-10-20T14:22+09:002018-01-17T12:10+09:00SQL injection vulnerability in WordPress plugin WP-OliveCart
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000210.html
WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains an SQL injection vulnerability.
Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under information Security Early Warning Partnership.JVNDB-2016-000210https://jvn.jp/en/jp/JVN14567604/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4905https://nvd.nist.gov/vuln/detail/CVE-2016-4905https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olive_design:olivedesign_wp-olivecartcpe:/a:olive_design:olivedesign_wp-olivecart_pro2018-01-17T12:10+09:002016-10-20T14:22+09:002018-01-17T12:10+09:00Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000211.html
7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000211https://jvn.jp/en/jp/JVN76780067/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7804https://nvd.nist.gov/vuln/detail/CVE-2016-7804https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:7-zip:7-zip2017-12-25T10:27+09:002016-10-26T15:13+09:002017-12-25T10:27+09:00The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000212.html
The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems (J-LIS) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000212https://jvn.jp/en/jp/JVN91002412/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4902https://nvd.nist.gov/vuln/detail/CVE-2016-4902https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:j-lis:the_public_certification_service_for_individuals2017-12-25T11:28+09:002016-11-01T16:44+09:002017-12-25T11:28+09:00mobiGate App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000213.html
mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates.
Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to Nihon Unisys, Ltd., and Nihon Unisys, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Nihon Unisys, Ltd. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000213https://jvn.jp/en/jp/JVN27260483/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7805https://nvd.nist.gov/vuln/detail/CVE-2016-7805https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:unisys:mobigate2018-01-17T12:18+09:002016-11-01T13:47+09:002018-01-17T12:18+09:00Command injection vulnerability in WFS-SR01
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000214.html
WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function".
I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000214https://jvn.jp/en/jp/JVN18228200/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7806https://nvd.nist.gov/vuln/detail/CVE-2016-7806https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:wfs-sr012017-11-27T16:42+09:002016-11-02T16:20+09:002017-11-27T16:42+09:00Access restriction bypass vulnerability in WFS-SR01
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000215.html
WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function".
I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000215https://jvn.jp/en/jp/JVN18228200/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7807https://nvd.nist.gov/vuln/detail/CVE-2016-7807https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:wfs-sr012017-11-27T16:42+09:002016-11-02T16:21+09:002017-11-27T16:42+09:00Multiple Corega wireless LAN routers vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000216.html
Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability (CWE-79).
Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000216http://jvn.jp/en/jp/JVN25060672/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7808https://nvd.nist.gov/vuln/detail/CVE-2016-7808https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:corega:cg-wlbargmhcpe:/h:corega:cg-wlbargnl2017-11-27T16:42+09:002016-11-11T14:45+09:002017-11-27T16:42+09:00CG-WLR300NX vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000217.html
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability (CWE-352).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000217https://jvn.jp/en/jp/JVN23823838/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7809https://nvd.nist.gov/vuln/detail/CVE-2016-7809https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:corega:cg-wlr300nx_firmware2018-01-17T12:18+09:002016-11-11T14:49+09:002018-01-17T12:18+09:00CG-WLR300NX vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000218.html
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability (CWE-79).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000218https://jvn.jp/en/jp/JVN92237169/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7810https://nvd.nist.gov/vuln/detail/CVE-2016-7810https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:corega:cg-wlr300nx_firmware2018-01-17T12:18+09:002016-11-11T14:49+09:002018-01-17T12:18+09:00CG-WLR300NX fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000219.html
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000219http://jvn.jp/en/jp/JVN23549283/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7811https://nvd.nist.gov/vuln/detail/CVE-2016-7811https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:corega:cg-wlr300nx_firmware2018-01-17T12:09+09:002016-11-11T14:50+09:002018-01-17T12:09+09:00DERAEMON-CMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000220.html
DERAEMON-CMS provided by TEAM DERAEMONS is a content management system (CMS). install.php in DERAEMON-CMS contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing of the parameters hostname, database and username.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000220http://jvn.jp/en/jp/JVN75396659/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7813https://nvd.nist.gov/vuln/detail/CVE-2016-7813https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:emon-cms:deraemon-cms2018-01-17T12:09+09:002016-11-15T13:41+09:002018-01-17T12:09+09:00Multiple I-O DATA network camera products vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000221.html
Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200).
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000221https://jvn.jp/en/jp/JVN34103586/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7814https://nvd.nist.gov/vuln/detail/CVE-2016-7814https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:ts-wrlacpe:/h:i-o_data_device:ts-wrlp2018-01-17T12:02+09:002016-11-11T13:51+09:002018-01-17T12:02+09:00Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000222.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability (CWE-79) due to an issue in "Messages" function of Cybozu Garoon Keitai.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000222http://jvn.jp/en/jp/JVN12281353/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4906https://nvd.nist.gov/vuln/detail/CVE-2016-4906https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T16:58+09:002016-12-19T12:22+09:002017-11-27T16:58+09:00Cybozu Garoon vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000223.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability (CWE-200).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000223http://jvn.jp/en/jp/JVN13218253/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4907https://nvd.nist.gov/vuln/detail/CVE-2016-4907https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T16:58+09:002016-12-19T12:29+09:002017-11-27T16:58+09:00Cybozu Garoon fails to restrict access permission in the RSS settings
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000224.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the RSS settings.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000224http://jvn.jp/en/jp/JVN14631222/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2016-4908https://nvd.nist.gov/vuln/detail/CVE-2016-4908https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T16:58+09:002016-12-19T14:29+09:002017-11-27T16:58+09:00Cybozu Garoon fails to restrict access permission in MultiReport filters
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000225.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in MultiReport filters.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000225http://jvn.jp/en/jp/JVN14631222/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4910https://nvd.nist.gov/vuln/detail/CVE-2016-4910https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T16:58+09:002016-12-19T14:32+09:002017-11-27T16:58+09:00Cybozu Garoon fails to restrict access permission in To-Dos of Space function
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000226.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in To-Dos of Space function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000226http://jvn.jp/en/jp/JVN14631222/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7801https://nvd.nist.gov/vuln/detail/CVE-2016-7801https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T16:58+09:002016-12-19T14:38+09:002017-11-27T16:58+09:00Cybozu Garoon vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000227.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability (CWE-352).
Yasuda Yuya reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000227http://jvn.jp/en/jp/JVN15222211/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4909https://nvd.nist.gov/vuln/detail/CVE-2016-4909https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T16:58+09:002016-12-19T13:36+09:002017-11-27T16:58+09:00Cybozu Garoon vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000228.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability (CWE-22).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000228http://jvn.jp/en/jp/JVN16200242/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7802https://nvd.nist.gov/vuln/detail/CVE-2016-7802https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T17:11+09:002016-12-19T13:44+09:002017-11-27T17:11+09:00Cybozu Garoon vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000229.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability (CWE-89) due to an issue in "MultiReport" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000229http://jvn.jp/en/jp/JVN17980240/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7803https://nvd.nist.gov/vuln/detail/CVE-2016-7803https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-11-27T17:11+09:002016-12-19T14:19+09:002017-11-27T17:11+09:00kintone mobile for Android fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000231.html
kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates in WebView.
Note that this vulnerability is different from JVN#91816422.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000231http://jvn.jp/en/jp/JVN20252219/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7816https://nvd.nist.gov/vuln/detail/CVE-2016-7816https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kintone2018-01-17T12:34+09:002016-11-28T13:47+09:002018-01-17T12:34+09:00Simple keitai chat vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000232.html
Simple keitai chat provided by LEMON-S PHP contains reflected and stored cross-site scripting vulnerabilities (CWE-79).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000232https://jvn.jp/en/jp/JVN05493467/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7817https://nvd.nist.gov/vuln/detail/CVE-2016-7817https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lemon-s_php:simple_mobile_chat2018-01-17T11:57+09:002016-11-25T13:54+09:002018-01-17T11:57+09:00The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000233.html
The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000233http://jvn.jp/en/jp/JVN08868688/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7818https://nvd.nist.gov/vuln/detail/CVE-2016-7818https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:japan_pension_service:device_data_encryption_programcpe:/a:japan_pension_service:specification_check_programcpe:/a:japan_pension_service:todokesho_creation_programcpe:/a:japan_pension_service:todokesho_print_program2018-01-17T13:54+09:002016-12-01T13:40+09:002018-01-17T13:54+09:00Multiple I-O DATA network camera products vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000234.html
Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000234http://jvn.jp/en/jp/JVN25059363/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7819https://nvd.nist.gov/vuln/detail/CVE-2016-7819https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:ts-wrlacpe:/h:i-o_data_device:ts-wrlp2018-01-17T11:52+09:002016-11-30T15:17+09:002018-01-17T11:52+09:00Multiple I-O DATA network camera products vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000235.html
Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000235http://jvn.jp/en/jp/JVN25059363/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7820https://nvd.nist.gov/vuln/detail/CVE-2016-7820https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:ts-wrlacpe:/h:i-o_data_device:ts-wrlp2018-01-17T11:48+09:002016-11-30T15:17+09:002018-01-17T11:48+09:00WNC01WH vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000236.html
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a denial-of-service (DoS) vulnerability.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000236http://jvn.jp/en/jp/JVN40613060/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7821https://nvd.nist.gov/vuln/detail/CVE-2016-7821https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wnc01wh_firmware2017-11-27T16:27+09:002016-12-02T14:43+09:002017-11-27T16:27+09:00WNC01WH vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000237.html
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a cross-site request forgery vulnerability.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000237http://jvn.jp/en/jp/JVN40613060/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7822https://nvd.nist.gov/vuln/detail/CVE-2016-7822https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wnc01wh_firmware2017-11-27T16:27+09:002016-12-02T14:43+09:002017-11-27T16:27+09:00WNC01WH vulnerable to stored cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000238.html
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000238http://jvn.jp/en/jp/JVN40613060/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7823https://nvd.nist.gov/vuln/detail/CVE-2016-7823https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wnc01wh_firmware2017-11-27T16:27+09:002016-12-02T14:43+09:002017-11-27T16:27+09:00WNC01WH vulnerable to enabling debug option
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000239.html
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an enabling debug option vulnerability.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000239http://jvn.jp/en/jp/JVN40613060/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7824https://nvd.nist.gov/vuln/detail/CVE-2016-7824https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wnc01wh_firmware2017-11-27T16:27+09:002016-12-02T14:44+09:002017-11-27T16:27+09:00WNC01WH vulnerable to directory traversal due to an issue in processing commands
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000240.html
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing commands.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2016-000240http://jvn.jp/en/jp/JVN40613060/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7825https://nvd.nist.gov/vuln/detail/CVE-2016-7825https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wnc01wh_firmware2017-11-27T16:27+09:002016-12-02T14:45+09:002017-11-27T16:27+09:00WNC01WH vulnerable to directory traversal due to an issue in processing POST request
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000241.html
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2016-000241http://jvn.jp/en/jp/JVN40613060/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7826https://nvd.nist.gov/vuln/detail/CVE-2016-7826https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wnc01wh_firmware2017-11-27T17:11+09:002016-12-02T14:46+09:002017-11-27T17:11+09:00Sleipnir for Mac vulnerable to URL spoofing
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000242.html
Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000242http://jvn.jp/en/jp/JVN28151745/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7831https://nvd.nist.gov/vuln/detail/CVE-2016-7831https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fenrir-inc:sleipnir2018-01-17T11:48+09:002016-12-07T14:44+09:002018-01-17T11:48+09:00Access restriction bypass to download DBM files in Cybozu Dezie
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000243.html
Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to download DBM (Cybozu Dezie proprietary format) files.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000243http://jvn.jp/en/jp/JVN16781735/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7832https://nvd.nist.gov/vuln/detail/CVE-2016-7832https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:dezie2017-11-27T17:12+09:002016-12-12T14:49+09:002017-11-27T17:12+09:00Access restriction bypass to delete DBM files in Cybozu Dezie
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000244.html
Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to delete DBM (Cybozu Dezie proprietary format) files.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000244http://jvn.jp/en/jp/JVN16781735/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7833https://nvd.nist.gov/vuln/detail/CVE-2016-7833https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:dezie2017-11-27T17:12+09:002016-12-12T14:49+09:002017-11-27T17:12+09:00Apache ActiveMQ vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000245.html
Apache ActiveMQ provided by the Apache Software Foundation is a middleware that implements Java Message Service. Apache ActiveMQ contains a stored cross-site scripting vulnerability (CWE-79).
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000245http://jvn.jp/en/jp/JVN78980598/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6810https://nvd.nist.gov/vuln/detail/CVE-2016-6810https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:activemq2018-04-04T12:25+09:002016-12-13T14:00+09:002018-04-04T12:25+09:00Mutiple SONY Videoconference Systems do not properly perform authentication
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html
Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306).
This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges.
telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.JVNDB-2016-000246http://jvn.jp/en/jp/JVN42070907/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7830https://nvd.nist.gov/vuln/detail/CVE-2016-7830https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sony:pcs-xc1cpe:/h:sony:pcs-xg100cpe:/h:sony:pcs-xg100scpe:/h:sony:pcs-xg77cpe:/h:sony:pcs-xg77s2018-01-17T14:03+09:002016-12-16T14:11+09:002018-01-17T14:03+09:00BlueZ userland utilities vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000247.html
BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities.
parse_line() function used in some userland utilities contains a buffer overflow vulnerability.
Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000247http://jvn.jp/en/jp/JVN38755305/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7837https://nvd.nist.gov/vuln/detail/CVE-2016-7837https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bluez:bluez2017-11-27T16:47+09:002016-12-22T14:26+09:002017-11-27T16:47+09:00H2O use-after-free vulnerability
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000248.html
H2O is an open source web server software. H2O contains a use-after-free vulnerability (CWE-416) due to a flaw in the process of upgrading from HTTP/1 to HTTP/2.
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000248http://jvn.jp/en/jp/JVN44566208/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7835https://nvd.nist.gov/vuln/detail/CVE-2016-7835https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:h2o_project:h2o2017-11-27T16:53+09:002016-12-22T14:26+09:002017-11-27T16:53+09:00SKYSEA Client View vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000249.html
SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC.
Attacks exploiting this vulnerability have been observed in the wild.
Sky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Sky Co., LTD. coordinated under the Information Security Early Warning Partnership.JVNDB-2016-000249http://jvn.jp/en/jp/JVN84995847/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7836https://nvd.nist.gov/vuln/detail/CVE-2016-7836https://www.ipa.go.jp/security/ciadr/vul/20161222-jvn.htmlhttps://www.jpcert.or.jp/at/2016/at160051.htmlhttps://www.npa.go.jp/cyberpolice/detect/pdf/20161222.pdfhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:skygroup:skysea_client_view2017-11-27T16:53+09:002016-12-22T14:26+09:002017-11-27T16:53+09:00Wireshark for Windows issue where an arbitrary file may be deleted
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000250.html
Wireshark for Windows uses a software updating library called WinSparkle. Wireshark for Windows contains an issue where an arbitrary directory of file may be deleted due to an issue contained in WinSparkle (JVN#96681653).
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this issue to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000250https://jvn.jp/en/jp/JVN90813656/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7838https://nvd.nist.gov/vuln/detail/CVE-2016-7838https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wireshark:wireshark2018-02-16T16:00+09:002016-12-26T14:45+09:002018-02-16T16:00+09:00WinSparkle issue where registry value is not validated
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000251.html
When an application that uses WinSparkle is launched, it checks the directory used by WinSparkle for temporary files and deletes any temporary files. This directory path is specified in a registry key.
In a situation where an attacker has modified the specific registry value used by this library, and a user launches an application that uses WinSparkle, an unintended directory or file may be deleted.
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this issue to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-000251https://jvn.jp/en/jp/JVN96681653/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7838https://nvd.nist.gov/vuln/detail/CVE-2016-7838https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:winsparkle:winsparkle2018-02-16T16:00+09:002016-12-26T14:45+09:002018-02-16T16:00+09:00Remote File Inclusion Vulnerability in Hitachi Command Suite
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-001472.html
A Remote File Inclusion Vulnerability was found in Hitachi Command Suite. JVNDB-2016-001472https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:compute_systems_managercpe:/a:hitachi:device_managercpe:/a:hitachi:tiered_storage_manager2016-09-14T18:18+09:002016-02-25T16:09+09:002016-09-14T18:18+09:00Information Disclosure Vulnerability in Hitachi Compute Systems Manager
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-001559.html
An Information Disclosure Vulnerability was found in Hitachi Compute Systems Manager. JVNDB-2016-001559https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:compute_systems_manager2016-03-31T17:50+09:002016-03-07T17:00+09:002016-03-31T17:50+09:00Keitai Kit for Movable Type vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002298.html
Keitai Kit for Movable Type contains an OS command injection vulnerability.
Keitai Kit for Movable Type provided by ideaman's Inc. contains an OS command injection vulnerability (CWE-78).
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
http://cwe.mitre.org/data/definitions/78.html
Attacks in the wild leveraging this vulnerability have been confirmed.JVNDB-2016-002298http://jvn.jp/en/vu/JVNVU92116866/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1204http://blog.jpcert.or.jp/2016/05/some-coordinated-vulnerability-disclosures-in-april-2016.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:ideamans_keitai_kit_for_movable_type2016-12-05T15:02+09:002016-12-05T15:02+09:002016-12-05T15:02+09:00SaAT Netizen fails to properly verify downloaded installation and update files
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002299.html
SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified.
The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process.
PinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.JVNDB-2016-002299http://jvn.jp/en/vu/JVNVU97339542/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1203cpe:/a:saat:netizen2016-12-05T13:52+09:002016-12-05T13:52+09:002016-12-05T13:52+09:00ManageEngine Password Manager Pro fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002331.html
ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions.JVNDB-2016-002331http://jvn.jp/en/vu/JVNVU90405898/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1159https://nvd.nist.gov/vuln/detail/CVE-2016-1159#vulnConfigurationsAreahttp://excellium-services.com/en/cert-xlm-advisory/cve-2016-1159/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zohocorp:manageengine_password_manager_pro2016-12-05T15:02+09:002016-12-05T15:02+09:002016-12-05T15:02+09:00Information Disclosure Vulnerability in Hitachi Command Suite
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002715.html
An Information Disclosure Vulnerability was found in Hitachi Command Suite.
JVNDB-2016-002715https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:automation_directorcpe:/a:hitachi:device_managercpe:/a:hitachi:global_link_availability_managercpe:/a:hitachi:hitachi_replication_monitorcpe:/a:hitachi:jp1-hicommand_device_managercpe:/a:hitachi:jp1-hicommand_global_link_availability_managercpe:/a:hitachi:jp1-hicommand_replication_monitorcpe:/a:hitachi:jp1-hicommand_tiered_storage_managercpe:/a:hitachi:replication_managercpe:/a:hitachi:tiered_storage_managercpe:/a:hitachi:tuning_manager2016-08-03T16:09+09:002016-05-24T16:43+09:002016-08-03T16:09+09:00Cross-site Scripting Vulnerability in Hitachi Tuning Manager
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002716.html
A cross-site scripting vulnerability was found in Hitachi Tuning Manager.JVNDB-2016-002716https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:tuning_manager2016-08-03T16:09+09:002016-05-24T16:43+09:002016-08-03T16:09+09:00ManageEngine Password Manager Pro vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-003380.html
ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability.
ManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability (CWE-352).
CWE-352: Cross-Site Request Forgery (CSRF)
https://cwe.mitre.org/data/definitions/352.htmlJVNDB-2016-003380http://jvn.jp/en/vu/JVNVU95113461/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1161https://nvd.nist.gov/vuln/detail/CVE-2016-1161http://excellium-services.com/en/cert-xlm-advisory/cve-2016-1161/https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:zohocorp:manageengine_password_manager_pro2017-05-23T16:23+09:002016-12-05T14:32+09:002017-05-23T16:23+09:00Information Disclosure Vulnerability in Hitachi Command Suite
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-003527.html
An Information Disclosure Vulnerability was found in Hitachi Command Suite.
JVNDB-2016-003527https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:device_managercpe:/a:hitachi:replication_manager2016-09-14T18:18+09:002016-08-02T13:50+09:002016-09-14T18:18+09:00Information Disclosure Vulnerability in Hitachi Automation Director and JP1/Automatic Operation
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-004496.html
An Information Disclosure Vulnerability was found in Hitachi Automation Director and JP1/Automatic Operation.
JVNDB-2016-004496https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:automation_directorcpe:/a:hitachi:job_management_partnercpe:/a:hitachi:jp1_automatic_operation2016-09-30T09:47+09:002016-09-02T16:09+09:002016-09-30T09:47+09:00Vulnerabilitie in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-005655.html
A Remote Command Execution Vulnerability was found in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM.
JVNDB-2016-005655https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:groupmax_remote_installation_clientcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_managementcpe:/a:hitachi:job_management_partner_1%2Fsoftware_distributioncpe:/a:hitachi:job_management_partner_1_software_distribution_clientcpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:job_management_partner_1_software_distribution_submanagercpe:/a:hitachi:jp1%2Fnetm%2Fdm%2Fwcpe:/a:hitachi:jp1_it_desktop_managementcpe:/a:hitachi:jp1_netm-dm_managercpe:/a:hitachi:jp1_netm_dm_clientcpe:/a:hitachi:jp1_netm_dm_submanagercpe:/a:hitachi:netm%2Fdm%2Fpcpe:/a:hitachi:netm%2Fdm%2Fwcpe:/a:hitachi:netm_dm2016-11-10T16:59+09:002016-11-10T16:59+09:002016-11-10T16:59+09:00Multiple SONY network cameras vulnerable to sensitive information disclosure
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-006038.html
Multiple SONY network cameras contain a sensitive information disclosure vulnerability.
SEC Consult reported this vulnerability to Sony, and Sony reported this vulnerability to JPCERT/CC to notify the solution to users through JVN. JPCERT/CC and Sony coordinated for the publication of this case.JVNDB-2016-006038http://jvn.jp/en/vu/JVNVU96435227/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7834https://nvd.nist.gov/vuln/detail/CVE-2016-7834https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sony:snc-ch1202017-05-23T14:28+09:002016-12-05T14:33+09:002017-05-23T14:28+09:00The Bank of Tokyo-Mitsubishi UFJ for Android vulnerable to SSL/TLS downgrade attack
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-006114.html
The Bank of Tokyo-Mitsubishi UFJ for Android may be exploited by SSL/TLS downgrade attack.
The Bank of Tokyo-Mitsubishi UFJ for Android provided by The Bank of Tokyo-Mitsubishi UFJ, Ltd. tries to communicate with a server via TLS v1.2. However, when a response from the server indicates SSL v3.0, communication is conducted via SSL v3.0 (CWE-757). As a result, the application may be exploited by POODLE attack.
CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
https://cwe.mitre.org/data/definitions/757.html
Reo Yoshida reported this vulnerability to JPCERT/CC, and JPCERT/CC coordinated with The Bank of Tokyo-Mitsubishi UFJ, Ltd.JVNDB-2016-006114http://jvn.jp/en/vu/JVNVU92900492/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7812https://nvd.nist.gov/vuln/detail/CVE-2016-7812https://cwe.mitre.org/data/definitions/757.htmlcpe:/a:mufg:mitsubishi_ufj2018-02-28T11:47+09:002016-12-08T11:33+09:002018-02-28T11:47+09:00Vulnerability in JP1/Cm2/Network Node Manager i
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-006450.html
A vulnerability (CVE-2016-4397) exists in JP1/Cm2/Network Node Manager i. JVNDB-2016-006450http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4397https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_cm2_network_node_manager2017-03-30T15:01+09:002017-03-30T15:01+09:002017-03-30T15:01+09:00Multiple ESET products for macOS vulnerable to improper server certificate verification
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008013.html
Multiple ESET products for macOS are vulnerable to improper server certificate verification (CWE-295).
KOBAYASHI Yasuyuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-008013https://jvn.jp/en/jp/JVN95898697/index.htmlhttps://www.cve.org/CVERecord?id=CVE-2016-9892https://nvd.nist.gov/vuln/detail/CVE-2016-9892https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:eset:cyber_securitycpe:/a:eset:cyber_security_procpe:/a:eset:endpoint_antiviruscpe:/a:eset:endpoint_security2022-02-07T14:18+09:002022-02-07T14:18+09:002022-02-07T14:18+09:00Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html
A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.JVNDB-2016-008607http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975https://nvd.nist.gov/vuln/detail/CVE-2016-8743https://nvd.nist.gov/vuln/detail/CVE-2016-4975https://cwe.mitre.org/data/definitions/19.htmlcpe:/a:apache:http_servercpe:/a:hitachi:cosminexus_http_servercpe:/a:hitachi:hitachi_application_servercpe:/a:hitachi:hitachi_application_server_for_developerscpe:/a:hitachi:hitachi_web_servercpe:/a:hitachi:it_operations_directorcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_managementcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-managercpe:/a:hitachi:job_management_partner_1_integrated_managementcpe:/a:hitachi:job_management_partner_1_performance_management_web_consolecpe:/a:hitachi:jp1%2Fit_desktop_management-managercpe:/a:hitachi:jp1_automatic_job_management_system_3cpe:/a:hitachi:jp1_automatic_operationcpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:jp1_it_desktop_managementcpe:/a:hitachi:jp1_operation_analyticscpe:/a:hitachi:jp1_performance_managementcpe:/a:hitachi:jp1_service_supportcpe:/a:hitachi:ucosminexus_application_servercpe:/a:hitachi:ucosminexus_application_server_enterprisecpe:/a:hitachi:ucosminexus_application_server_smart_editioncpe:/a:hitachi:ucosminexus_application_server_standardcpe:/a:hitachi:ucosminexus_developercpe:/a:hitachi:ucosminexus_developer_lightcpe:/a:hitachi:ucosminexus_developer_standardcpe:/a:hitachi:ucosminexus_primary_servercpe:/a:hitachi:ucosminexus_service_architectcpe:/a:hitachi:ucosminexus_service_platform2019-07-25T14:14+09:002017-06-30T15:55+09:002019-07-25T14:14+09:00