JVNDB RSS Feed - 2017 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-24T09:10:24+09:002024-03-24T09:10:24+09:00Microsoft IME may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-005802.html
Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs.
When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it.
This registry key does not exist by default, and can be created by a normal user.
If an application program is invoked with some high privilege, this mechanism can be leveraged for privilege escalation attacks.
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2016-005802http://jvn.jp/en/jp/JVN21627267/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7221https://nvd.nist.gov/vuln/detail/CVE-2016-7221https://www.ipa.go.jp/security/ciadr/vul/20161109-ms.htmlhttps://www.jpcert.or.jp/english/at/2016/at160046.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:microsoft:imecpe:/o:microsoft:windows_10cpe:/o:microsoft:windows_7cpe:/o:microsoft:windows_8.1cpe:/o:microsoft:windows_rt_8.1cpe:/o:microsoft:windows_server_2008cpe:/o:microsoft:windows_server_2012cpe:/o:microsoft:windows_server_2016cpe:/o:microsoft:windows_vista2017-07-07T15:47+09:002017-07-07T15:47+09:002017-07-07T15:47+09:00Olive Blog vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000001.html
Olive Blog provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the search parameter.
Ueki Shuya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000001https://jvn.jp/en/jp/JVN60879379/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7839https://nvd.nist.gov/vuln/detail/CVE-2016-7839https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olive_design:olive_blog2017-06-01T15:58+09:002017-01-06T13:56+09:002017-06-01T15:58+09:00WEB SCHEDULE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000002.html
WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the month parameter.JVNDB-2017-000002https://jvn.jp/en/jp/JVN12124922/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7840https://nvd.nist.gov/vuln/detail/CVE-2016-7840https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olive_design:web_schedule2017-06-01T15:58+09:002017-01-06T14:01+09:002017-06-01T15:58+09:00Olive Diary DX vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000003.html
Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the page parameter.JVNDB-2017-000003https://jvn.jp/en/jp/JVN71538099/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7841https://nvd.nist.gov/vuln/detail/CVE-2016-7841https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:olive_design:olive_diary_dx2017-06-01T15:58+09:002017-01-06T14:02+09:002017-06-01T15:58+09:00Cybozu Remote Service Manager fails to verify client certificates
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000007.html
Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager fails to verify client certificates.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000007https://jvn.jp/en/jp/JVN19241292/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7815https://nvd.nist.gov/vuln/detail/CVE-2016-7815https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:remote_service_manager2017-06-06T15:52+09:002017-01-11T13:46+09:002017-06-06T15:52+09:00AttacheCase vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000008.html
AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability (CWE-22) due to a flaw in processing filenames in ATC files.
Kazuki Furukawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000008https://jvn.jp/en/jp/JVN83917769/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7842https://nvd.nist.gov/vuln/detail/CVE-2016-7842https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hibara:attachecase2017-06-06T16:13+09:002017-01-16T14:35+09:002017-06-06T16:13+09:00MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000009.html
Multiple AttacheCase products provided by MaruUo Factory contain a directory traversal vulnerability (CWE-22) due to a flaw in processing filenames in ATC files.
Kazuki Furukawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000009https://jvn.jp/en/jp/JVN28331227/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7843https://nvd.nist.gov/vuln/detail/CVE-2016-7843https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:maruuo_factory_attachecase2017-06-06T16:13+09:002017-01-16T14:41+09:002017-06-06T16:13+09:00smalruby-editor vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000010.html
smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability (CWE-78).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000010http://jvn.jp/en/jp/JVN50197114/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2096https://nvd.nist.gov/vuln/detail/CVE-2017-2096https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:smalruby_project:smalruby-editor2017-06-06T15:40+09:002017-01-24T13:34+09:002017-06-06T15:40+09:00Knowledge vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000011.html
Knowledge provided by support-project.org is an open-source knowledge base platform. Knowledge contains a cross-site request forgery vulnerability (CWE-352).JVNDB-2017-000011https://jvn.jp/en/jp/JVN09460804/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2097https://nvd.nist.gov/vuln/detail/CVE-2017-2097https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:support-project:knowledge2017-06-06T14:38+09:002017-01-24T14:12+09:002017-06-06T14:38+09:00Java (OGNL) code execution in Apache Struts 2 when devMode is enabled
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000012.html
Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java (OGNL) code may be executed in Apache Struts 2 when devMode is enabled in production environment.
It is confirmed that proof-of-concept code exploiting this issue is publicly available.
Hiroshi Fujimoto and Ken Kitahara of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000012https://jvn.jp/en/jp/JVN92395431/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:struts2017-01-20T14:01+09:002017-01-20T14:01+09:002017-01-20T14:01+09:00Nessus vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html
Nessus contains a stored cross-site scripting (CWE-79) vulnerability in handling .nessus files.
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000013http://jvn.jp/en/jp/JVN12796388/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9260https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9260https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tenable:nessus2017-02-20T17:44+09:002017-01-24T13:38+09:002017-02-20T17:44+09:00CubeCart vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000014.html
CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability (CWE-22).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000014https://jvn.jp/en/jp/JVN81618356/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2098https://nvd.nist.gov/vuln/detail/CVE-2017-2098https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cubecart:cubecart2017-06-01T11:30+09:002017-01-27T13:49+09:002017-06-01T11:30+09:00Norton Download Manager may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000015.html
Norton Download Manager provided by Symantec Japan, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000015http://jvn.jp/en/jp/JVN40667528/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6592https://nvd.nist.gov/vuln/detail/CVE-2016-6592https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:symantec:norton_download_manager2017-02-10T14:58+09:002017-02-10T14:58+09:002017-02-10T14:58+09:00LaLa Call App for Android fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000016.html
LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates.
Yuto Iso of NTT Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000016https://jvn.jp/en/jp/JVN01014759/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2103https://nvd.nist.gov/vuln/detail/CVE-2017-2103https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:k-opticom_corporation:lala_call2017-06-06T11:52+09:002017-02-03T13:31+09:002017-06-06T11:52+09:00Business LaLa Call App for Android fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000017.html
Business LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates.
Yuto Iso of NTT Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000017https://jvn.jp/en/jp/JVN21114208/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2104https://nvd.nist.gov/vuln/detail/CVE-2017-2104https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:k-opticom_corporation:business_lala_call2017-06-06T11:52+09:002017-02-03T13:58+09:002017-06-06T11:52+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000018.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000018http://jvn.jp/en/jp/JVN71666779/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2099https://nvd.nist.gov/vuln/detail/CVE-2017-2099https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-06-01T11:30+09:002017-02-09T14:47+09:002017-06-01T11:30+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000019.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000019http://jvn.jp/en/jp/JVN87662835/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2100https://nvd.nist.gov/vuln/detail/CVE-2017-2100https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-06-01T11:30+09:002017-02-09T14:47+09:002017-06-01T11:30+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000020.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an authentication bypass vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000020https://jvn.jp/en/jp/JVN88176589/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2101https://nvd.nist.gov/vuln/detail/CVE-2017-2101https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-06-01T11:30+09:002017-02-09T14:39+09:002017-06-01T11:30+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000021.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a cross-site request forgery vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000021https://jvn.jp/en/jp/JVN39008927/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2102https://nvd.nist.gov/vuln/detail/CVE-2017-2102https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-06-01T11:30+09:002017-02-09T14:40+09:002017-06-01T11:30+09:00Multiple cross-site scripting vulnerabilities in Webmin
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000022.html
Webmin contains multiple cross-site scripting vulnerabilities (CWE-79) due to issues in outputting error messages into a HTML page and the function to edit the database.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000022http://jvn.jp/en/jp/JVN34207650/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2106https://nvd.nist.gov/vuln/detail/CVE-2017-2106https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:webmin:webmin2017-06-02T18:04+09:002017-02-09T14:06+09:002017-06-02T18:04+09:00TVer App for Android fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000023.html
TVer App for Android provided by PRESENTCAST INC. fails to verify SSL server certificates.
Yuto Iso of NTT Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000023http://jvn.jp/en/jp/JVN53880182/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2105https://nvd.nist.gov/vuln/detail/CVE-2017-2105https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:presentcast_inc:tver2017-06-06T11:52+09:002017-02-10T15:14+09:002017-06-06T11:52+09:00Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000024.html
7-ZIP32.DLL is an open source library for compressing and decompressing 7z and zip format files. It can also create self-extracting archive files.
Self-extracting archive files created by 7-ZIP32.DLL contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000024http://jvn.jp/en/jp/JVN86200862/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2107https://nvd.nist.gov/vuln/detail/CVE-2017-2107https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:akky:7-zip32.dll2017-06-05T11:55+09:002017-02-17T15:13+09:002017-06-05T11:55+09:00Apache Brooklyn vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000025.html
Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains cross-site scripting vulnerabilities.
It is known that proof-of-concept code to exploit these vulnerabilties exist.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000025http://jvn.jp/en/jp/JVN55489964/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3165https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:brooklyn2017-02-15T16:20+09:002017-02-15T16:20+09:002017-02-15T16:20+09:00Apache Brooklyn vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000026.html
Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains a cross-site request forgery vulnerability.
It is known that proof-of-concept code to exploit these vulnerabilties exist.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000026http://jvn.jp/en/jp/JVN55489964/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8737https://nvd.nist.gov/vuln/detail/CVE-2016-8737https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apache:brooklyn2018-03-07T14:35+09:002017-02-15T16:20+09:002018-03-07T14:35+09:00Cybozu Garoon vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000027.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000027http://jvn.jp/en/jp/JVN73182875/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2090https://nvd.nist.gov/vuln/detail/CVE-2017-2090https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-06-01T15:05+09:002017-02-20T15:38+09:002017-06-01T15:05+09:00Cybozu Garoon fails to restrict access permission in the Phone Messages function
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000028.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. JVNDB-2017-000028http://jvn.jp/en/jp/JVN73182875/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2091https://nvd.nist.gov/vuln/detail/CVE-2017-2091https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-06-01T15:05+09:002017-02-20T15:38+09:002017-06-01T15:05+09:00Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000029.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. JVNDB-2017-000029http://jvn.jp/en/jp/JVN73182875/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2092https://nvd.nist.gov/vuln/detail/CVE-2017-2092https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-06-01T15:05+09:002017-02-20T15:38+09:002017-06-01T15:05+09:00Cybozu Garoon vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000030.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.JVNDB-2017-000030https://jvn.jp/en/jp/JVN73182875/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2093https://nvd.nist.gov/vuln/detail/CVE-2017-2093https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-06-01T15:05+09:002017-02-20T15:40+09:002017-06-01T15:05+09:00Cybozu Garoon fails to restrict access permission in Workflow and the function "MultiReport"
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000031.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in Workflow and the function "MultiReport".
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.JVNDB-2017-000031https://jvn.jp/en/jp/JVN73182875/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2094https://nvd.nist.gov/vuln/detail/CVE-2017-2094https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-06-01T15:05+09:002017-02-20T15:40+09:002017-06-01T15:05+09:00Cybozu Garoon fails to restrict access permission in the mail function
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000032.html
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JVNDB-2017-000032https://jvn.jp/en/jp/JVN73182875/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2095https://nvd.nist.gov/vuln/detail/CVE-2017-2095https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2017-06-01T15:05+09:002017-02-20T15:40+09:002017-06-01T15:05+09:00PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000033.html
PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application is vulnerable to load specific Dynamic Link Libraries in the same directory (CWE-427) .
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000033http://jvn.jp/en/jp/JVN88713190/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2108https://nvd.nist.gov/vuln/detail/CVE-2017-2108https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:softbank:primedrive_desktop_application2017-05-15T11:27+09:002017-03-01T15:53+09:002017-05-15T11:27+09:00Access CX App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000034.html
Access CX App provided by NISSAN SECURITIES CO., LTD. fails to verify SSL server certificates.
Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000034http://jvn.jp/en/jp/JVN82619692/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2110https://nvd.nist.gov/vuln/detail/CVE-2017-2110https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nissan_securities:access_cx2017-06-05T11:26+09:002017-03-01T16:31+09:002017-06-05T11:26+09:00WBCE CMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000035.html
WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a cross-site scripting vulnerability (CWE-79).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000035http://jvn.jp/en/jp/JVN73083905/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2118https://nvd.nist.gov/vuln/detail/CVE-2017-2118https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wbce:wbce_cms2017-06-01T12:28+09:002017-02-28T14:21+09:002017-06-01T12:28+09:00WBCE CMS vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000036.html
WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a directory traversal vulnerability (CWE-22).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000036http://jvn.jp/en/jp/JVN73083905/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2119https://nvd.nist.gov/vuln/detail/CVE-2017-2119https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wbce:wbce_cms2017-06-01T12:28+09:002017-02-28T14:21+09:002017-06-01T12:28+09:00WBCE CMS vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000037.html
WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains an SQL injection vulnerability (CWE-89).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000037http://jvn.jp/en/jp/JVN73083905/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2120https://nvd.nist.gov/vuln/detail/CVE-2017-2120https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wbce:wbce_cms2017-06-01T12:28+09:002017-02-28T14:22+09:002017-06-01T12:28+09:00CubeCart vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000038.html
CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability (CWE-22).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000038http://jvn.jp/en/jp/JVN63474730/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2117https://nvd.nist.gov/vuln/detail/CVE-2017-2117https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cubecart:cubecart2017-06-01T12:18+09:002017-02-28T14:13+09:002017-06-01T12:18+09:00Multiple I-O DATA network camera products vulnerable to HTTP header injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000039.html
Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability.
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000039http://jvn.jp/en/jp/JVN46830433/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2111https://nvd.nist.gov/vuln/detail/CVE-2017-2111https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmwarecpe:/o:i-o_data_device:ts-ptcam_firmwarecpe:/o:i-o_data_device:ts-wlc2_firmwarecpe:/o:i-o_data_device:ts-wlce_firmwarecpe:/o:i-o_data_device:ts-wptcam2_firmwarecpe:/o:i-o_data_device:ts-wptcam_firmwarecpe:/o:i-o_data_device:ts-wrlc_firmware2017-06-06T15:52+09:002017-03-02T14:36+09:002017-06-06T15:52+09:00Multiple I-O DATA network camera products vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000040.html
Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2017-000040http://jvn.jp/en/jp/JVN46830433/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2112https://nvd.nist.gov/vuln/detail/CVE-2017-2112https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmwarecpe:/o:i-o_data_device:ts-ptcam_firmwarecpe:/o:i-o_data_device:ts-wlc2_firmwarecpe:/o:i-o_data_device:ts-wlce_firmwarecpe:/o:i-o_data_device:ts-wptcam2_firmwarecpe:/o:i-o_data_device:ts-wptcam_firmwarecpe:/o:i-o_data_device:ts-wrlc_firmware2017-06-06T15:52+09:002017-03-02T14:36+09:002017-06-06T15:52+09:00Multiple I-O DATA network camera products vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000041.html
Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000041http://jvn.jp/en/jp/JVN46830433/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2113https://nvd.nist.gov/vuln/detail/CVE-2017-2113https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmwarecpe:/o:i-o_data_device:ts-ptcam_firmwarecpe:/o:i-o_data_device:ts-wlc2_firmwarecpe:/o:i-o_data_device:ts-wlce_firmwarecpe:/o:i-o_data_device:ts-wptcam2_firmwarecpe:/o:i-o_data_device:ts-wptcam_firmwarecpe:/o:i-o_data_device:ts-wrlc_firmware2017-06-05T11:10+09:002017-03-02T14:36+09:002017-06-05T11:10+09:00OneThird CMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000042.html
OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability (CWE-79) due to an issue in processing the language selection screen.
Note that this vulnerability is different from JVN#13003724.
Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000042https://jvn.jp/en/jp/JVN49408248/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2123https://nvd.nist.gov/vuln/detail/CVE-2017-2123https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:spiqe:onethird2017-06-01T12:28+09:002017-03-08T09:57+09:002017-06-01T12:28+09:00OneThird CMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000043.html
OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability (CWE-79) due to an issue in processing the inquiry form.
Note that this vulnerability is different from JVN#49408248.
Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000043https://jvn.jp/en/jp/JVN13003724/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2124https://nvd.nist.gov/vuln/detail/CVE-2017-2124https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:spiqe:onethird2017-06-01T15:08+09:002017-03-08T09:57+09:002017-06-01T15:08+09:00CentreCOM AR260S V2 vulnerable to privilege escalation
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000044.html
CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability.
Ziv Chang of Trend Micro Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000044https://jvn.jp/en/jp/JVN55121369/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2125https://nvd.nist.gov/vuln/detail/CVE-2017-2125https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:allied_telesis_k.k.:centrecom_ar260s_v22017-06-05T10:51+09:002017-03-30T14:37+09:002017-06-05T10:51+09:00Cybozu KUNAI for Android information management vulnerability
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000045.html
Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default.
Cybozu KUNAI for Android contains an issue where it outputs log information when its data is synchronized with Cybozu for the first time, even if the log output function is disabled.
Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000045https://jvn.jp/en/jp/JVN88745657/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2109https://nvd.nist.gov/vuln/detail/CVE-2017-2109https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kunai2017-06-02T18:04+09:002017-03-13T13:42+09:002017-06-02T18:04+09:00Security guide for website operators vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000047.html
Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an OS command injection vulnerability (CWE-78) due to an issue in loading saved data.
This vulnerability was reported by IPA to notify users of its solution through JVN. JPCERT/CC and IPA coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000047https://jvn.jp/en/jp/JVN11448789/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2128https://nvd.nist.gov/vuln/detail/CVE-2017-2128https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:introduction_to_safe_website_operation2017-06-01T15:08+09:002017-03-16T13:32+09:002017-06-01T15:08+09:00Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000049.html
PhishWall Client Internet Explorer version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software.
The installer of PhishWall Client Internet Explorer version contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
According to the developer, the affected installer was built using a version of Install Shield with all Hotfixes applied as of August 2016.
The developer has confirmed that the version of Install Shield with the most recent Hotfix applied addresses this issue.
For details on the Hotfixes, refer to Best Practices to Avoid Windows Setup Launcher Executable Issues.
Yuji Tounai of NTT Communications Corporation and Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000049https://jvn.jp/en/jp/JVN93699304/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2130https://nvd.nist.gov/vuln/detail/CVE-2017-2130https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:securebrain:phishwall_client2017-06-01T17:16+09:002017-03-22T14:43+09:002017-06-01T17:16+09:00WordPress plugin "YOP Poll" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000050.html
The WordPress plugin "YOP Poll" contains a stored cross-site scripting (CWE-79) vulnerability.
Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000050https://jvn.jp/en/jp/JVN55294532/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2127https://nvd.nist.gov/vuln/detail/CVE-2017-2127https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yop_yop_poll2017-06-01T15:08+09:002017-03-23T12:23+09:002017-06-01T15:08+09:00ASSETBASE vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000054.html
ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability (CWE-79).
Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000054https://jvn.jp/en/jp/JVN82019695/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2134https://nvd.nist.gov/vuln/detail/CVE-2017-2134https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:uchida_yoko_co._ltd:assetbase2017-06-01T17:16+09:002017-04-11T13:37+09:002017-06-01T17:16+09:00NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000055.html
ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches.
When the utility is invoked, it starts listening on a certain port for SOAP requests. The utility executes configuration tasks for switches according to the SOAP requests.
The utility accepts connections from network, hence unintended operation may be conducted on the switches through the utility (CWE-284).
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000055https://jvn.jp/en/jp/JVN08740778/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2137https://nvd.nist.gov/vuln/detail/CVE-2017-2137https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:netgear:prosafe_plus_configuration_utility2017-06-01T15:24+09:002017-04-18T13:42+09:002017-06-01T15:24+09:00CS-Cart Japanese Edition fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000056.html
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions (CWE-425).
Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000056https://jvn.jp/en/jp/JVN14396697/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2139https://nvd.nist.gov/vuln/detail/CVE-2017-2139https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:simtech_ltd_cs-cart2017-06-01T17:39+09:002017-04-10T18:13+09:002017-06-01T17:39+09:00CS-Cart Japanese Edition vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000057.html
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery (CWE-352) vulnerability.
Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000057https://jvn.jp/en/jp/JVN87770873/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2138https://nvd.nist.gov/vuln/detail/CVE-2017-2138https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:simtech_ltd_cs-cart2018-01-24T13:49+09:002017-04-10T18:13+09:002018-01-24T13:49+09:00Tablacus Explorer vulnerable to script injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000058.html
Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names.
Touma Hatano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000058http://jvn.jp/en/jp/JVN64451600/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2140https://nvd.nist.gov/vuln/detail/CVE-2017-2140https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gaku:tablacus_explorer2017-06-01T15:24+09:002017-04-07T14:47+09:002017-06-01T15:24+09:00WN-G300R3 vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000059.html
WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000059http://jvn.jp/en/jp/JVN81024552/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2141https://nvd.nist.gov/vuln/detail/CVE-2017-2141https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:wn-g300r3_firmware2017-06-01T15:24+09:002017-04-10T13:36+09:002017-06-01T15:24+09:00WN-G300R3 vulnerable to stack based buffer overflow
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000060.html
WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2017-000060http://jvn.jp/en/jp/JVN81024552/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2142https://nvd.nist.gov/vuln/detail/CVE-2017-2142https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:wn-g300r3_firmware2017-06-01T13:53+09:002017-04-10T13:40+09:002017-06-01T13:53+09:00CS-Cart Japanese Edition fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000061.html
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions (CWE-425).
Note that this vulnerability is different from JVN#14396697.
Hirota Kazuki of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000061https://jvn.jp/en/jp/JVN25598952/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2143https://nvd.nist.gov/vuln/detail/CVE-2017-2143https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:simtech_ltd_cs-cart2017-06-06T11:52+09:002017-04-10T13:47+09:002017-06-06T11:52+09:00WordPress plugin "WP Statistics" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000062.html
The WordPress plugin "WP Statistics" provided by WP Statistics contains a reflected cross-site scripting vulnerability (CWE-79).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000062https://jvn.jp/en/jp/JVN17633442/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2135https://nvd.nist.gov/vuln/detail/CVE-2017-2135https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:veronalabs:wp_statistics2017-06-01T15:24+09:002017-04-10T13:47+09:002017-06-01T15:24+09:00The design setting screen in Cybozu Office vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000063.html
The design setting screen in Cybozu Office contains a cross-site scripting vulnerability.
Kazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000063http://jvn.jp/en/jp/JVN17535578/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2114https://nvd.nist.gov/vuln/detail/CVE-2017-2114https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-06-01T11:30+09:002017-04-11T16:05+09:002017-06-01T11:30+09:00Cybozu Office fails to restrict access permission in the file export function in "customapp"
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000064.html
Cybozu Office contains an access restriction flaw in the file export function in "customapp".
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000064http://jvn.jp/en/jp/JVN17535578/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2115https://nvd.nist.gov/vuln/detail/CVE-2017-2115https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-06-01T11:30+09:002017-04-11T16:05+09:002017-06-01T11:30+09:00Cybozu Office fails to restrict access permission in the templates delete function in "customapp"
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000065.html
Cybozu Office contains an access restriction flaw in the templates delete function in "customapp".
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000065http://jvn.jp/en/jp/JVN17535578/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2116https://nvd.nist.gov/vuln/detail/CVE-2017-2116https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-06-01T12:18+09:002017-04-11T16:05+09:002017-06-01T12:18+09:00The API in Cybozu Office vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html
The API in Cybozu Office contains a denial-of-service (DoS) vulnerability.
Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000066http://jvn.jp/en/jp/JVN17535578/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2017-04-11T16:05+09:002017-04-11T16:05+09:002017-04-11T16:05+09:00WordPress plugin "WP Statistics" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000067.html
The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability (CWE-79) in multiple pages due to a flaw in processing HTTP Referer headers.
Note that this vulnerability is different from JVN#77253951.
Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000067http://jvn.jp/en/jp/JVN62392065/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2136https://nvd.nist.gov/vuln/detail/CVE-2017-2136https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:veronalabs:wp_statistics2017-06-01T15:23+09:002017-04-13T13:49+09:002017-06-01T15:23+09:00WordPress plugin "WP Statistics" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000068.html
The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#62392065.
Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000068http://jvn.jp/en/jp/JVN77253951/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2147https://nvd.nist.gov/vuln/detail/CVE-2017-2147https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:veronalabs:wp_statistics2017-06-01T13:53+09:002017-04-13T13:49+09:002017-06-01T13:53+09:00Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000069.html
Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000069http://jvn.jp/en/jp/JVN05340816/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2149https://nvd.nist.gov/vuln/detail/CVE-2017-2149https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:toshiba:nfc_sdhc_%2F_sdxc_memory_card_software_updatetoolcpe:/a:toshiba:sdhc_memory_card_with_transferjet_firmware_updatetoolcpe:/a:toshiba:sdhc_memory_card_with_transferjet_setting_softwarecpe:/a:toshiba:wlan_sdhc_memory_card_flashair_setting_softwarecpe:/a:toshiba:wlan_sdhc_memory_card_flashair_setting_software_updatetool2017-12-21T17:50+09:002017-04-14T14:09+09:002017-12-21T17:50+09:00WN-AC1167GR vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000070.html
WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability (CWE-79).
Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000070http://jvn.jp/en/jp/JVN01537659/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2148https://nvd.nist.gov/vuln/detail/CVE-2017-2148https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:wn-ac1167gr_firmware2017-06-01T13:53+09:002017-04-14T13:55+09:002017-06-01T13:53+09:00SEIL Series routers vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000071.html
The DNS forwarder, the PPP Access Concentrator (L2TP) and the Measure(iPerf server) function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to a flaw in processing certain packets.
Internet Initiative Japan Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Internet Initiative Japan Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000071https://jvn.jp/en/jp/JVN86171513/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2153https://nvd.nist.gov/vuln/detail/CVE-2017-2153https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fbpv4cpe:/h:iij:seil%2Fx1cpe:/h:iij:seil%2Fx2cpe:/h:iij:seil_x86_fuji2017-06-06T14:50+09:002017-04-19T14:43+09:002017-06-06T14:50+09:00WNC01WH vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000072.html
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability (CWE-78).
Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000072https://jvn.jp/en/jp/JVN48790793/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2152https://nvd.nist.gov/vuln/detail/CVE-2017-2152https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wnc01wh_firmware2017-06-01T13:53+09:002017-04-21T13:44+09:002017-06-01T13:53+09:00WordPress plugin "Booking Calendar" vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000073.html
The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability (CWE-22).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000073http://jvn.jp/en/jp/JVN18739672/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2150https://nvd.nist.gov/vuln/detail/CVE-2017-2150https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:booking_calendar_project:booking_calendar2017-06-01T13:53+09:002017-04-20T15:11+09:002017-06-01T13:53+09:00WordPress plugin "Booking Calendar" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000074.html
The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability (CWE-79).
Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000074http://jvn.jp/en/jp/JVN54762089/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2151https://nvd.nist.gov/vuln/detail/CVE-2017-2151https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:booking_calendar_project:booking_calendar2017-06-01T13:53+09:002017-04-20T15:11+09:002017-06-01T13:53+09:00Hoozin Viewer vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000075.html
Hoozin Viewer provided by ICON CORPORATION contains a buffer overflow vulnerability (CWE-121).
Touma Hatano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000075https://jvn.jp/en/jp/JVN93931029/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2155https://nvd.nist.gov/vuln/detail/CVE-2017-2155https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:i.con_corporation:hoozin_viewer2017-06-01T13:40+09:002017-04-20T14:48+09:002017-06-01T13:40+09:00Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000076.html
Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000076https://jvn.jp/en/jp/JVN54268888/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2154https://nvd.nist.gov/vuln/detail/CVE-2017-2154https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:justsystems:hanakocpe:/a:justsystems:hanako_policecpe:/a:justsystems:hanako_procpe:/a:justsystems:justschoolcpe:/a:justsystems:just_frontiercpe:/a:justsystems:just_governmentcpe:/a:justsystems:just_jumpcpe:/a:justsystems:just_officecpe:/a:justsystems:just_police2017-06-01T13:40+09:002017-04-20T15:11+09:002017-06-01T13:40+09:00Installer of Vivaldi for Windows may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000077.html
The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files (CWE-427).
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000077https://jvn.jp/en/jp/JVN71572107/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2156https://nvd.nist.gov/vuln/detail/CVE-2017-2156https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:vivaldi:vivaldi_installer_for_windows2017-06-06T15:04+09:002017-04-25T13:36+09:002017-06-06T15:04+09:00SOY CMS vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000078.html
SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System (CMS). SOY CMS contains a directory traversal vulnerability (CWE-22) due to a flaw in processing shop_id parameter.
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000078http://jvn.jp/en/jp/JVN51819749/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2163https://nvd.nist.gov/vuln/detail/CVE-2017-2163https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:n-i-agroinformatics:soy_cms2017-11-27T17:23+09:002017-05-11T13:36+09:002017-11-27T17:23+09:00The installer of SOY CMS vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000079.html
SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System (CMS). The installer of SOY CMS contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing parameter.
Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000079http://jvn.jp/en/jp/JVN51978169/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2164https://nvd.nist.gov/vuln/detail/CVE-2017-2164https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:n-i-agroinformatics:soy_cms2017-11-27T17:23+09:002017-05-11T13:37+09:002017-11-27T17:23+09:00PrimeDrive Desktop Application Installer may insecurely load executable files
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000080.html
PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files (CWE-427).
Eili Masami of Tachibana Lab. and Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000080http://jvn.jp/en/jp/JVN16248227/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2167https://nvd.nist.gov/vuln/detail/CVE-2017-2167https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:softbank:primedrive_desktop_application2017-11-27T16:55+09:002017-05-12T13:36+09:002017-11-27T16:55+09:00Nessus vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000082.html
Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability (CWE-79) (CVE-2017-2122).
An authenticated user may store crafted contents to Nessus.
According to the developer, another stored cross-site scripting vulnerability (CVE-2017-5179) was found and fixed in Nessus 6.9.3 as well as the issue of CVE-2017-2122.
For more information, please see the developer's advisory.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability (CVE-2017-2122) to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000082http://jvn.jp/en/jp/JVN87760109/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2122https://nvd.nist.gov/vuln/detail/CVE-2017-2122https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tenable:nessus2017-11-27T16:55+09:002017-05-09T13:52+09:002017-11-27T16:55+09:00The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000083.html
The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems (J-LIS) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Note that this vulnerability is different from JVN#91002412.
Eiji James Yoshida of Security Professionals Network Inc. and Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000083http://jvn.jp/en/jp/JVN39605485/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2157https://nvd.nist.gov/vuln/detail/CVE-2017-2157https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:j-lis:the_public_certification_service_for_individuals2017-11-27T17:23+09:002017-05-09T13:52+09:002017-11-27T17:23+09:00GroupSession fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html
GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000089http://jvn.jp/en/jp/JVN42164352/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2165https://nvd.nist.gov/vuln/detail/CVE-2017-2165https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:groupsession:groupsession2018-01-24T11:59+09:002017-05-25T14:14+09:002018-01-24T11:59+09:00FlashAir fails to restrict access permissions in PhotoShare
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html
FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.
FlashAir fails to restrict access permissions (CWE-425) in PhotoShare.
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000090http://jvn.jp/en/jp/JVN46372675/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2161https://nvd.nist.gov/vuln/detail/CVE-2017-2161https://cwe.mitre.org/data/definitions/284.htmlcpe:/a:toshiba:flashair2017-12-21T19:13+09:002017-05-16T15:34+09:002017-12-21T19:13+09:00FlashAir do not set credential information in PhotoShare
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000091.html
FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.
When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284).
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000091http://jvn.jp/en/jp/JVN81820501/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2162https://nvd.nist.gov/vuln/detail/CVE-2017-2162https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:toshiba:flashair2017-12-21T19:16+09:002017-05-16T15:46+09:002017-12-21T19:16+09:00WordPress plugin "WP Booking System" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000092.html
The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability (CWE-79).
Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000092http://jvn.jp/en/jp/JVN96165722/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2168https://nvd.nist.gov/vuln/detail/CVE-2017-2168https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wpbookingsystem:wp_booking_system2018-01-17T11:46+09:002017-05-16T13:58+09:002018-01-17T11:46+09:00WordPress plugin "MaxButtons" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000093.html
The WordPress plugin "MaxButtons" provided by Max Foundry contains a cross-site scripting vulnerability (CWE-79).
ASAI Ken and Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000093http://jvn.jp/en/jp/JVN70411623/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2169https://nvd.nist.gov/vuln/detail/CVE-2017-2169https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:max_foundry:maxbuttons2018-01-17T12:28+09:002017-05-16T13:59+09:002018-01-17T12:28+09:00Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000094.html
Multiple WordPress Plugins provided by BestWebSoft use a common function for displaying the BestWebSoft menu. This function contains a cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000094http://jvn.jp/en/jp/JVN24834813/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2171https://nvd.nist.gov/vuln/detail/CVE-2017-2171https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bestwebsoft:captcha2017-11-27T17:04+09:002017-05-16T14:00+09:002017-11-27T17:04+09:00Empirical Project Monitor - eXtended vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000096.html
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a stored cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#11326581.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000096http://jvn.jp/en/jp/JVN85512750/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2173https://nvd.nist.gov/vuln/detail/CVE-2017-2173https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:empirical_project_monitor_-_extended2017-11-27T18:01+09:002017-05-19T14:53+09:002017-11-27T18:01+09:00Empirical Project Monitor - eXtended vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000097.html
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a reflected cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#85512750.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000097http://jvn.jp/en/jp/JVN11326581/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2174https://nvd.nist.gov/vuln/detail/CVE-2017-2174https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:empirical_project_monitor_-_extended2017-11-27T18:01+09:002017-05-19T14:55+09:002017-11-27T18:01+09:00The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000098.html
The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000098http://jvn.jp/en/jp/JVN12493656/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2175https://nvd.nist.gov/vuln/detail/CVE-2017-2175https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:empirical_project_monitor_-_extended2017-11-27T18:01+09:002017-05-19T14:57+09:002017-11-27T18:01+09:00SSL Visibility Appliance may generate illegal RST packets
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000099.html
SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management.
It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web server behind the appliance fails to treat these incorrect RST packets, it keeps the encrypted session indefinitely.
This behavior may be used to cause a denial-of-service (DoS) condition on the server side.
According to the developer, this issue does not affect the appliance.
NTT-ME CORPORATION Cyber Security Center reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000099http://jvn.jp/en/jp/JVN91438377/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10259https://nvd.nist.gov/vuln/detail/CVE-2016-10259https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bluecoat:ssl_visibility_appliance2017-05-31T19:27+09:002017-05-24T14:41+09:002017-05-31T19:27+09:00Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000100.html
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000100http://jvn.jp/en/jp/JVN75514460/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2178https://nvd.nist.gov/vuln/detail/CVE-2017-2178https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:atla:electronic_tendering_and_bid_opening_system2018-01-17T13:58+09:002017-05-25T14:14+09:002018-01-17T13:58+09:00Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000101.html
Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000101http://jvn.jp/en/jp/JVN41185163/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2176https://nvd.nist.gov/vuln/detail/CVE-2017-2176https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jasdf:screensavers2018-02-15T15:30+09:002017-05-25T14:14+09:002018-02-15T15:30+09:00The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000102.html
The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000102https://jvn.jp/en/jp/JVN92422409/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2177https://nvd.nist.gov/vuln/detail/CVE-2017-2177https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:moj:touki_denshi2018-01-17T13:58+09:002017-06-06T11:19+09:002018-01-17T13:58+09:00WordPress plugin "WP Live Chat Support" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000103.html
The WordPress plugin "WP Live Chat Support" provided by CODECABIN_ contains a cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000103https://jvn.jp/en/jp/JVN70951878/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2187https://nvd.nist.gov/vuln/detail/CVE-2017-2187https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:codecabin_:wp_live_chat_support2017-11-27T16:47+09:002017-06-01T14:06+09:002017-11-27T16:47+09:00RW-4040 driver installer may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000104.html
RW-4040 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000104http://jvn.jp/en/jp/JVN51274854/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2189https://nvd.nist.gov/vuln/detail/CVE-2017-2189https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sharp:rw-4040_driver_installer_for_windows_72018-01-24T13:57+09:002017-06-01T16:25+09:002018-01-24T13:57+09:00RW-4040 tool to verify execution environment may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000105.html
RW-4040 tool to verify execution environment for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000105http://jvn.jp/en/jp/JVN51274854/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2190https://nvd.nist.gov/vuln/detail/CVE-2017-2190https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sharp:rw-4040_operation_check_tool2018-01-24T14:05+09:002017-06-01T16:40+09:002018-01-24T14:05+09:00RW-5100 driver installer may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000106.html
RW-5100 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000106http://jvn.jp/en/jp/JVN51274854/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2191https://nvd.nist.gov/vuln/detail/CVE-2017-2191https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sharp:rw-5100_driver_installer_for_windows_7cpe:/a:sharp:rw-5100_driver_installer_for_windows_82018-01-24T14:15+09:002017-06-01T16:44+09:002018-01-24T14:15+09:00RW-5100 tool to verify execution environment may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000107.html
RW-5100 tool to verify execution environment for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000107http://jvn.jp/en/jp/JVN51274854/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2192https://nvd.nist.gov/vuln/detail/CVE-2017-2192https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sharp:rw-5100_operation_check_tool2018-01-24T14:03+09:002017-06-01T16:47+09:002018-01-24T14:03+09:00Installer of Tera Term may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000108.html
The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000108https://jvn.jp/en/jp/JVN06770361/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2193https://nvd.nist.gov/vuln/detail/CVE-2017-2193https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tera_term_project:tera_term2018-01-24T14:20+09:002017-06-01T14:42+09:002018-01-24T14:20+09:00Installer of SaAT Netizen may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000109.html
The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
DigiGnome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000109https://jvn.jp/en/jp/JVN91170929/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2206https://nvd.nist.gov/vuln/detail/CVE-2017-2206https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:saat:netizen2018-01-17T12:29+09:002017-06-02T14:00+09:002018-01-17T12:29+09:00Installer of SaAT Personal may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000110.html
The installer of SaAT Personal provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
DigiGnome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000110https://jvn.jp/en/jp/JVN08020381/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2207https://nvd.nist.gov/vuln/detail/CVE-2017-2207https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:saat:personal2018-01-17T12:25+09:002017-06-02T14:00+09:002018-01-17T12:25+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000111.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability.
Note that this vulnerability is different from JVN#20870477 and JVN#01404851.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000111http://jvn.jp/en/jp/JVN80238098/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2179https://nvd.nist.gov/vuln/detail/CVE-2017-2179https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-11-27T17:22+09:002017-06-06T14:19+09:002017-11-27T17:22+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000112.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an information disclosure vulnerability.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000112http://jvn.jp/en/jp/JVN32120290/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2180https://nvd.nist.gov/vuln/detail/CVE-2017-2180https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-11-27T17:22+09:002017-06-06T14:20+09:002017-11-27T17:22+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000113.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability.
Note that this vulnerability is different from JVN#80238098 and JVN#01404851.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000113http://jvn.jp/en/jp/JVN20870477/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2181https://nvd.nist.gov/vuln/detail/CVE-2017-2181https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-11-27T17:22+09:002017-06-06T14:21+09:002017-11-27T17:22+09:00Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000114.html
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability.
Note that this vulnerability is different from JVN#80238098 and JVN#20870477.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000114http://jvn.jp/en/jp/JVN01404851/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2182https://nvd.nist.gov/vuln/detail/CVE-2017-2182https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:appgoat2017-11-27T17:22+09:002017-06-06T14:19+09:002017-11-27T17:22+09:00WordPress plugin "Multi Feed Reader" vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000115.html
The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability (CWE-89).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000115https://jvn.jp/en/jp/JVN98617234/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2195https://nvd.nist.gov/vuln/detail/CVE-2017-2195https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:multi_feed_reader_project:multi_feed_reader2018-01-17T13:58+09:002017-06-06T14:54+09:002018-01-17T13:58+09:00Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000116.html
Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000116http://jvn.jp/en/ta/JVNTA91240916/index.htmlhttp://jvn.jp/en/jp/JVN94771799/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2218https://nvd.nist.gov/vuln/detail/CVE-2017-2218https://www.us-cert.gov/ncas/alerts/TA16-105Ahttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:apple:quicktime2018-02-14T11:58+09:002017-06-13T13:51+09:002018-02-14T11:58+09:00Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000117.html
Installer of CASL II simulator(self-extract format) provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000117https://jvn.jp/en/jp/JVN67305782/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2220https://nvd.nist.gov/vuln/detail/CVE-2017-2220https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:casl_ii_simulator2018-02-14T11:58+09:002017-06-09T13:49+09:002018-02-14T11:58+09:00Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000119.html
Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000119https://jvn.jp/en/jp/JVN24087303/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2209https://nvd.nist.gov/vuln/detail/CVE-2017-2209https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:kankyosyo_report_preparation_support_tool2018-01-17T13:49+09:002017-06-05T13:47+09:002018-01-17T13:49+09:00[Simeji for Windows] installer may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000120.html
[Simeji for Windows] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000120http://jvn.jp/en/jp/JVN31236539/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2219https://nvd.nist.gov/vuln/detail/CVE-2017-2219https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:baidu:simeji2017-06-21T18:15+09:002017-06-21T18:15+09:002017-06-21T18:15+09:00The installer of PatchJGD provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000121.html
The installer of PatchJGD (PatchJGD101.EXE) provided by Geospatial Information Authority of Japan (GSI) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000121https://jvn.jp/en/jp/JVN52691241/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2210https://nvd.nist.gov/vuln/detail/CVE-2017-2210https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gsi:patchjgd2018-01-24T12:15+09:002017-06-08T15:31+09:002018-01-24T12:15+09:00The installer of PatchJGD(Hyoko) provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000122.html
The installer of PatchJGD(Hyoko) (PatchJGDh101.EXE) provided by Geospatial Information Authority of Japan (GSI) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2017-000122https://jvn.jp/en/jp/JVN52691241/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2211https://nvd.nist.gov/vuln/detail/CVE-2017-2211https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gsi:patchjgdh2018-01-24T12:15+09:002017-06-08T15:31+09:002018-01-24T12:15+09:00The installer of TKY2JGD provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000123.html
The installer of TKY2JGD (TKY2JGD1379.EXE) provided by Geospatial Information Authority of Japan (GSI) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2017-000123https://jvn.jp/en/jp/JVN52691241/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2212https://nvd.nist.gov/vuln/detail/CVE-2017-2212https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gsi:tky2jgd2018-01-24T12:15+09:002017-06-08T15:31+09:002018-01-24T12:15+09:00The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000124.html
The installer of SemiDynaEXE (SemiDynaEXE2008.EXE) provided by Geospatial Information Authority of Japan (GSI) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JVNDB-2017-000124https://jvn.jp/en/jp/JVN52691241/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2213https://nvd.nist.gov/vuln/detail/CVE-2017-2213https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:gsi:semidynaexe2018-01-24T12:15+09:002017-06-08T15:31+09:002018-01-24T12:15+09:00AppCheck may insecurely invoke an executable file
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000125.html
AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file (CWE-427).
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000125https://jvn.jp/en/jp/JVN99737748/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2214https://nvd.nist.gov/vuln/detail/CVE-2017-2214https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:jiransoft:appcheckcpe:/a:jiransoft:appcheck_pro2018-01-24T12:15+09:002017-06-07T14:54+09:002018-01-24T12:15+09:00Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000126.html
Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000126http://jvn.jp/en/jp/JVN65154137/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2188https://nvd.nist.gov/vuln/detail/CVE-2017-2188https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:maff:electronic_delivery_check_system2018-02-14T14:00+09:002017-06-09T15:48+09:002018-02-14T14:00+09:00Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000127.html
The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability (CWE-79).
Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000127https://jvn.jp/en/jp/JVN79738260/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2216https://nvd.nist.gov/vuln/detail/CVE-2017-2216https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:w3_eden_wordpress_download_manager2018-01-24T12:24+09:002017-06-13T14:11+09:002018-01-24T12:24+09:00Open redirect vulnerability in WordPress plugin "WordPress Download Manager"
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000128.html
The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains an open redirect vulnerability (CWE-601).
Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000128https://jvn.jp/en/jp/JVN79738260/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2217https://nvd.nist.gov/vuln/detail/CVE-2017-2217https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:w3_eden_wordpress_download_manager2018-01-24T12:21+09:002017-06-13T14:11+09:002018-01-24T12:21+09:00Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000129.html
"Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website".
"Setup file of advance preparation"contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000129https://jvn.jp/en/jp/JVN34508179/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2215https://nvd.nist.gov/vuln/detail/CVE-2017-2215https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:national_tax_agency:nta_advance_preparation_setup_file2018-02-14T13:55+09:002017-06-09T15:59+09:002018-02-14T13:55+09:00Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000130.html
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file.
Note that this vulnerability is different from JVN#75514460.
DigiGnome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000130http://jvn.jp/en/jp/JVN27198823/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2208https://nvd.nist.gov/vuln/detail/CVE-2017-2208https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:atla:electronic_tendering_and_bid_opening_system2018-02-14T13:52+09:002017-06-12T14:49+09:002018-02-14T13:52+09:00Cybozu KUNAI for Android vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000131.html
Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability (CWE-79) due to an issue in mobile view mode.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000131http://jvn.jp/en/jp/JVN56588965/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2172https://nvd.nist.gov/vuln/detail/CVE-2017-2172https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:kunai2018-01-24T12:34+09:002017-06-12T13:36+09:002018-01-24T12:34+09:00WordPress plugin "WP-Members" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000132.html
The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000132http://jvn.jp/en/jp/JVN51355647/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2222https://nvd.nist.gov/vuln/detail/CVE-2017-2222https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wp-members_project:wp-members2018-02-07T11:52+09:002017-06-13T14:50+09:002018-02-07T11:52+09:00Source code security studying tool iCodeChecker vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000133.html
Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a cross-site scripting vulnerability (CWE-79).
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000133http://jvn.jp/en/jp/JVN25078144/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2194https://nvd.nist.gov/vuln/detail/CVE-2017-2194https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ipa:icodechecker2018-02-14T13:48+09:002017-06-13T14:50+09:002018-02-14T13:48+09:00HOME SPOT CUBE2 vulnerable to OS command injection in clock settings
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000135.html
HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in clock settings.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000135http://jvn.jp/en/jp/JVN24348065/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2183https://nvd.nist.gov/vuln/detail/CVE-2017-2183https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:kddi:home_spot_cube_2_firmware2018-02-14T11:54+09:002017-06-21T13:44+09:002018-02-14T11:54+09:00HOME SPOT CUBE2 vulnerable to buffer overflow in WebUI
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000136.html
HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains buffer overflow in WebUI.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000136http://jvn.jp/en/jp/JVN24348065/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2184https://nvd.nist.gov/vuln/detail/CVE-2017-2184https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:kddi:home_spot_cube_2_firmware2018-02-14T11:59+09:002017-06-21T13:44+09:002018-02-14T11:59+09:00HOME SPOT CUBE2 vulnerable to OS command injection in WebUI
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000137.html
HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in WebUI.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000137http://jvn.jp/en/jp/JVN24348065/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2185https://nvd.nist.gov/vuln/detail/CVE-2017-2185https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:kddi:home_spot_cube_2_firmware2018-02-14T11:59+09:002017-06-21T13:45+09:002018-02-14T11:59+09:00HOME SPOT CUBE2 vulnerable to improper authentication in WebUI
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000138.html
HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains improper authentication in WebUI.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000138http://jvn.jp/en/jp/JVN24348065/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2186https://nvd.nist.gov/vuln/detail/CVE-2017-2186https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:kddi:home_spot_cube_2_firmware2018-02-14T11:59+09:002017-06-21T13:45+09:002018-02-14T11:59+09:00WordPress plugin "WP Job Manager" fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000139.html
The WordPress plugin "WP Job Manager" provided by Automattic Inc. fails to restrict access permissions.
Katsunori Kumagai of Kumasan, LLC. reported this issue to IPA under Information Security Early Warning Partnership.JVNDB-2017-000139http://jvn.jp/en/jp/JVN56787058/index.htmlhttps://www.ipa.go.jp/security/ciadr/vul/20170615-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:automattic:wp_job_manager2017-06-15T14:32+09:002017-06-15T14:32+09:002017-06-15T14:32+09:00WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000140.html
The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000140http://jvn.jp/en/jp/JVN73550134/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2224https://nvd.nist.gov/vuln/detail/CVE-2017-2224https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:web-dorado:event_calendar_wd2018-02-14T12:10+09:002017-06-20T13:58+09:002018-02-14T12:10+09:00Multiple I-O DATA network camera products vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000141.html
Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352).
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000141http://jvn.jp/en/jp/JVN65411235/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2223https://nvd.nist.gov/vuln/detail/CVE-2017-2223https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmwarecpe:/o:i-o_data_device:ts-ptcam_firmwarecpe:/o:i-o_data_device:ts-wlc2_firmwarecpe:/o:i-o_data_device:ts-wlce_firmwarecpe:/o:i-o_data_device:ts-wptcam2_firmwarecpe:/o:i-o_data_device:ts-wptcam_firmwarecpe:/o:i-o_data_device:ts-wrlc_firmware2018-02-14T12:10+09:002017-06-20T13:59+09:002018-02-14T12:10+09:00Installer of Charamin OMP may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000142.html
The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000142http://jvn.jp/en/jp/JVN09293613/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2227https://nvd.nist.gov/vuln/detail/CVE-2017-2227https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:charamin:omp2018-02-07T12:32+09:002017-06-23T14:38+09:002018-02-07T12:32+09:00Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000144.html
Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology (MEXT) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000144http://jvn.jp/en/jp/JVN01775119/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2225https://nvd.nist.gov/vuln/detail/CVE-2017-2225https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mext:ebidsettingchecker2018-02-07T13:40+09:002017-06-26T14:28+09:002018-02-07T13:40+09:00Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000145.html
Installer of Setup file of advance preparation for e-Tax software (WEB version) provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000145http://jvn.jp/en/jp/JVN79451345/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2226https://nvd.nist.gov/vuln/detail/CVE-2017-2226https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:national_tax_agency:e-tax2018-02-07T13:40+09:002017-06-28T16:40+09:002018-02-07T13:40+09:00Marp vulnerable to improper access control in JavaScript execution
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000146.html
Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files (CWE-284).
Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000146http://jvn.jp/en/jp/JVN21174546/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2239https://nvd.nist.gov/vuln/detail/CVE-2017-2239https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:marp_project:marp2018-02-07T11:52+09:002017-09-29T13:54+09:002018-02-07T11:52+09:00Non-documented developer's screen in Toshiba Lighting & Technology Corporation Home gateway
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000147.html
Home gateway provided by Toshiba Lighting & Technology Corporation contains non-documented developer's screen.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000147http://jvn.jp/en/jp/JVN85901441/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2234https://nvd.nist.gov/vuln/detail/CVE-2017-2234https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:toshiba:hem-gw16a_firmwarecpe:/o:toshiba:hem-gw26a_firmware2018-02-14T12:10+09:002017-06-28T10:28+09:002018-02-14T12:10+09:00Improper access control vulnerability in Toshiba Lighting & Technology Corporation Home gateway
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000148.html
Home gateway provided by Toshiba Lighting & Technology Corporation contains improper access control.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000148http://jvn.jp/en/jp/JVN85901441/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2235https://nvd.nist.gov/vuln/detail/CVE-2017-2235https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:toshiba:hem-gw16a_firmwarecpe:/o:toshiba:hem-gw26a_firmware2018-02-14T12:10+09:002017-06-28T10:23+09:002018-02-14T12:10+09:00Hard-coded credentials vulnerability in Toshiba Lighting & Technology Corporation Home gateway
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000149.html
Home gateway provided by Toshiba Lighting & Technology Corporation contains hard-coded credentials.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000149http://jvn.jp/en/jp/JVN85901441/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2236https://nvd.nist.gov/vuln/detail/CVE-2017-2236https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:toshiba:hem-gw16a_firmwarecpe:/o:toshiba:hem-gw26a_firmware2018-02-14T12:10+09:002017-06-28T10:23+09:002018-02-14T12:10+09:00OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000150.html
Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000150http://jvn.jp/en/jp/JVN85901441/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2237https://nvd.nist.gov/vuln/detail/CVE-2017-2237https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:toshiba:hem-gw16a_firmwarecpe:/o:toshiba:hem-gw26a_firmware2018-02-14T12:10+09:002017-06-28T10:28+09:002018-02-14T12:10+09:00Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000151.html
Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000151http://jvn.jp/en/jp/JVN85901441/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2238https://nvd.nist.gov/vuln/detail/CVE-2017-2238https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:toshiba:hem-gw16a_firmwarecpe:/o:toshiba:hem-gw26a_firmware2018-02-14T12:10+09:002017-06-28T10:28+09:002018-02-14T12:10+09:00Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000152.html
Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications Corporation, and Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000152http://jvn.jp/en/jp/JVN23389212/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2232https://nvd.nist.gov/vuln/detail/CVE-2017-2232https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:moj:shinseiyo_sogo_soft2018-02-07T12:22+09:002017-06-30T14:19+09:002018-02-07T12:22+09:00Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000153.html
Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation and Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000153http://jvn.jp/en/jp/JVN45134765/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2233https://nvd.nist.gov/vuln/detail/CVE-2017-2233https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:moj:pdf_digital_signature2018-02-07T12:21+09:002017-06-30T14:18+09:002018-02-07T12:21+09:00Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000154.html
Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
The tool is provided as a ZIP archive. It is assumed that a user extracts the tool (the executable file) to the home directory. If a malicious DLL file is placed in the same directory as the tool and the user invokes the tool, then the malicious DLL is loaded and executed.
Takashi Yoshikawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000154https://jvn.jp/en/jp/JVN53292345/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2228https://nvd.nist.gov/vuln/detail/CVE-2017-2228https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:enecho.meti:teikihoukokusho_sakuseishien_tool2018-02-14T12:11+09:002017-08-17T15:31+09:002018-02-14T12:11+09:00Cybozu Garoon fails to restrict access permission
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000155.html
Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction.
Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JVNDB-2017-000155https://jvn.jp/en/jp/JVN43534286/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2144https://nvd.nist.gov/vuln/detail/CVE-2017-2144https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2018-02-14T11:54+09:002017-07-03T15:22+09:002018-02-14T11:54+09:00Cybozu Garoon vulnerable to session fixation
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000156.html
Cybozu Garoon provided by Cybozu, Inc. contains a session fixation.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.JVNDB-2017-000156https://jvn.jp/en/jp/JVN43534286/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2145https://nvd.nist.gov/vuln/detail/CVE-2017-2145https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2018-02-14T11:54+09:002017-07-03T15:22+09:002018-02-14T11:54+09:00Cybozu Garoon vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000157.html
Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JVNDB-2017-000157https://jvn.jp/en/jp/JVN43534286/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2146https://nvd.nist.gov/vuln/detail/CVE-2017-2146https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2018-02-07T11:52+09:002017-07-03T15:23+09:002018-02-07T11:52+09:00Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000158.html
The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000158http://jvn.jp/en/jp/JVN06337557/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2231https://nvd.nist.gov/vuln/detail/CVE-2017-2231https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mlit:denshiseikabutsusakuseishienkensa2018-02-07T12:20+09:002017-07-03T14:14+09:002018-02-07T12:20+09:00WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000159.html
The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000159http://jvn.jp/en/jp/JVN39819446/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2243https://nvd.nist.gov/vuln/detail/CVE-2017-2243https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:dfactory:responsive_lightbox2018-02-14T12:10+09:002017-07-04T14:02+09:002018-02-14T12:10+09:00MFC-J960DWN vulnerable to cross-site request forgery
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000160.html
MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability (CWE-352).
Taiga Asano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000160http://jvn.jp/en/jp/JVN95996423/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2244https://nvd.nist.gov/vuln/detail/CVE-2017-2244https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:brother:mfc-j960dwn_firmware2018-02-07T11:52+09:002017-07-04T13:59+09:002018-02-07T11:52+09:00Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000161.html
Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000161http://jvn.jp/en/jp/JVN82120115/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2230https://nvd.nist.gov/vuln/detail/CVE-2017-2230https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mlit:mlit_roadworks_completion_drawing_check_program2018-02-07T12:32+09:002017-07-04T14:43+09:002018-02-07T12:32+09:00Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000162.html
The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000162https://jvn.jp/ta/JVNTA91240916/http://jvn.jp/en/jp/JVN20409270/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2229https://nvd.nist.gov/vuln/detail/CVE-2017-2229https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mlit:mlit_road_infrastructure_basic_data_system2018-02-07T12:32+09:002017-07-04T14:43+09:002018-02-07T12:32+09:00WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000164.html
The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability (CWE-22) in the Examples page.
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000164https://jvn.jp/en/jp/JVN63249051/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2245https://nvd.nist.gov/vuln/detail/CVE-2017-2245https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:shortcodes_ultimate_project:shortcodes_ultimate2018-02-07T11:52+09:002017-07-06T13:41+09:002018-02-07T11:52+09:00Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000169.html
Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities.
* Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries (CWE-427) - CVE-2017-2246, CVE-2017-2248
* Self-extracting archive files created by Lhaz or Lhaz+ insecurely load Dynamic Link Libraries (CWE-427) - CVE-2017-2247, CVE-2017-2249
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000169http://jvn.jp/en/ta/JVNTA91240916/index.htmlhttp://jvn.jp/en/jp/JVN21369452/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2246https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2247https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2248https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2249https://nvd.nist.gov/vuln/detail/CVE-2017-2246https://nvd.nist.gov/vuln/detail/CVE-2017-2247https://nvd.nist.gov/vuln/detail/CVE-2017-2248https://nvd.nist.gov/vuln/detail/CVE-2017-2249https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:chitora:lhazcpe:/a:chitora:lhaz%2B2018-02-07T12:19+09:002017-07-07T14:18+09:002018-02-07T12:19+09:00Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000170.html
File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. and BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000170https://jvn.jp/en/jp/JVN29939155/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2252https://nvd.nist.gov/vuln/detail/CVE-2017-2252https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sourcenext:file_compact2018-02-16T13:26+09:002017-07-10T13:57+09:002018-02-16T13:26+09:00Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000171.html
Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000171https://jvn.jp/en/jp/JVN81676004/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755https://nvd.nist.gov/vuln/detail/CVE-2017-7755https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mozilla:firefoxcpe:/a:mozilla:firefox_esrcpe:/a:mozilla:thunderbird2018-08-30T18:03+09:002017-07-11T13:48+09:002018-08-30T18:03+09:00FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000172.html
FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities.
* FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries (CWE-427) - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269
* Encrypted files in self-decryption format created by FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries (CWE-427) - CVE-2017-2266, CVE-2017-2268, CVE-2017-2270
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000172https://jvn.jp/en/jp/JVN42031953/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2265https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2266https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2267https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2268https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2269https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2270https://nvd.nist.gov/vuln/detail/CVE-2017-2265https://nvd.nist.gov/vuln/detail/CVE-2017-2266https://nvd.nist.gov/vuln/detail/CVE-2017-2267https://nvd.nist.gov/vuln/detail/CVE-2017-2268https://nvd.nist.gov/vuln/detail/CVE-2017-2269https://nvd.nist.gov/vuln/detail/CVE-2017-2270https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:resume-next:filecapsule_deluxe_portable2018-02-07T16:48+09:002017-07-13T14:35+09:002018-02-07T16:48+09:00Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000173.html
Installer of Yahoo! Toolbar (for Internet explorer) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000173https://jvn.jp/en/jp/JVN02852421/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2253https://nvd.nist.gov/vuln/detail/CVE-2017-2253https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:yahoo_japan_yahoo_toolbar2018-02-07T16:48+09:002017-07-12T14:42+09:002018-02-07T16:48+09:00Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000174.html
AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000174https://jvn.jp/en/jp/JVN61502349/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2271https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2272https://nvd.nist.gov/vuln/detail/CVE-2017-2271https://nvd.nist.gov/vuln/detail/CVE-2017-2272https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hibara:attachecase2022-03-31T17:43+09:002017-07-14T13:38+09:002022-03-31T17:43+09:00Multiple vulnerabilities SONY Portable Wireless Server WG-C10
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000175.html
Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below.
* OS command injection (CWE-78) - CVE-2017-2275
* Buffer overflow (CWE-119) - CVE-2017-2276
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000175http://jvn.jp/en/jp/JVN14151222/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2275https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2276https://nvd.nist.gov/vuln/detail/CVE-2017-2275https://nvd.nist.gov/vuln/detail/CVE-2017-2276https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sony:wg-c102018-01-24T12:34+09:002017-07-19T15:07+09:002018-01-24T12:34+09:00SONY Portable Wireless Server WG-C10 fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000176.html
Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284).
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000176http://jvn.jp/en/jp/JVN77412145/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2277https://nvd.nist.gov/vuln/detail/CVE-2017-2277https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:sony:wg-c102018-02-14T12:02+09:002017-07-19T15:07+09:002018-02-14T12:02+09:00RBB SPEED TEST App fails to verify SSL server certificates
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000177.html
RBB SPEED TEST App provided by IID, Inc. fails to verify SSL server certificates.
DigiGnome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000177https://jvn.jp/en/jp/JVN24238648/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2278https://nvd.nist.gov/vuln/detail/CVE-2017-2278https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:iid:rbb_speed_test2018-01-24T14:03+09:002017-07-24T15:08+09:002018-01-24T14:03+09:00Multiple Buffalo wireless LAN access point devices do not properly perform authentication
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000179.html
WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication (CWE-287).
SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000179http://jvn.jp/en/jp/JVN48823557/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2126https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wapm-1166d_firmwarecpe:/o:buffalo_inc:wapm-apg600h_firmware2017-07-20T14:12+09:002017-07-20T14:12+09:002017-07-20T14:12+09:00Multiple vulnerabilities in multiple Buffalo wireless LAN routers
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000180.html
WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below.
* Cross-site Request Forgery (CWE-352) - CVE-2017-2273
* Reflected Cross-site Scripting (CWE-79) - CVE-2017-2274
Manabu Kobayashi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000180http://jvn.jp/en/jp/JVN48413726/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2273https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2274https://nvd.nist.gov/vuln/detail/CVE-2017-2273https://nvd.nist.gov/vuln/detail/CVE-2017-2274https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:buffalo_inc:wmr-433w_firmwarecpe:/o:buffalo_inc:wmr-433_firmware2018-01-24T12:34+09:002017-07-20T14:13+09:002018-01-24T12:34+09:00WordPress plugin "Popup Maker" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000181.html
The WordPress plugin "Popup Maker" provided by Popup Maker contains a reflected cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000181https://jvn.jp/en/jp/JVN92921024/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2284https://nvd.nist.gov/vuln/detail/CVE-2017-2284https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:wppopupmaker:popup_maker2018-01-24T14:03+09:002017-07-24T13:52+09:002018-01-24T14:03+09:00WordPress plugin "Simple Custom CSS and JS" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000182.html
The WordPress plugin "Simple Custom CSS and JS" provided by SilkyPress contains a reflected cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000182https://jvn.jp/en/jp/JVN31459091/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2285https://nvd.nist.gov/vuln/detail/CVE-2017-2285https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:silkypress:simple_custom_css_and_js2018-02-14T11:58+09:002017-07-24T13:52+09:002018-02-14T11:58+09:00Multiple cross-site scripting vulnerabilities in ScreenOS
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000183.html
ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities.
Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JVNDB-2017-000183https://jvn.jp/en/jp/JVN74247807/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2335https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2336https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2337https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2338https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2339https://nvd.nist.gov/vuln/detail/CVE-2017-2335https://nvd.nist.gov/vuln/detail/CVE-2017-2336https://nvd.nist.gov/vuln/detail/CVE-2017-2337https://nvd.nist.gov/vuln/detail/CVE-2017-2338https://nvd.nist.gov/vuln/detail/CVE-2017-2339https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:juniper:screenos2017-08-09T11:23+09:002017-07-24T13:52+09:002017-08-09T11:23+09:00Installer of Tween may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000184.html
Tween is a twitter client application. Installer of Tween contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000184https://jvn.jp/en/jp/JVN17523256/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2279https://nvd.nist.gov/vuln/detail/CVE-2017-2279https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:kiri:tween2018-01-24T14:03+09:002017-07-24T15:08+09:002018-01-24T14:03+09:00Multiple vulnerabilities in I-O DATA WN-AX1167GR
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000185.html
WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below.
* Hard-coded credentials (CWE-798) - CVE-2017-2280
* OS command injection (CWE-78) - CVE-2017-2281
* Buffer overflow (CWE-119) - CVE-2017-2282
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000185https://jvn.jp/en/jp/JVN01312667/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2280https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2281https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2282https://nvd.nist.gov/vuln/detail/CVE-2017-2280https://nvd.nist.gov/vuln/detail/CVE-2017-2281https://nvd.nist.gov/vuln/detail/CVE-2017-2282https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:wn-ax1167gr2018-01-24T13:56+09:002017-07-27T14:26+09:002018-01-24T13:56+09:00NFC Port Software remover may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000186.html
NFC Port Software remover provided by Sony Corporation is an application to remove NFC Port Software. NFC Port Software remover contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000186https://jvn.jp/en/jp/JVN33797604/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2287https://nvd.nist.gov/vuln/detail/CVE-2017-2287https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sony:nfc_port_software_remover2018-01-24T14:02+09:002017-07-27T15:38+09:002018-01-24T14:02+09:00Installer of LhaForge may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000187.html
LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000187http://jvn.jp/en/jp/JVN74554973/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2288https://nvd.nist.gov/vuln/detail/CVE-2017-2288https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:lhaforge_project:lhaforge2018-01-24T13:59+09:002017-07-27T14:31+09:002018-01-24T13:59+09:00I-O DATA WN-G300R31 uses hard-coded credentials
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000188.html
WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798).
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000188https://jvn.jp/en/jp/JVN51410509/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2283https://nvd.nist.gov/vuln/detail/CVE-2017-2283https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:i-o_data_device:wn-g300r3_firmware2018-01-24T14:03+09:002017-07-27T14:13+09:002018-01-24T14:03+09:00Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000189.html
PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000189http://jvn.jp/en/jp/JVN16136413/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2286https://nvd.nist.gov/vuln/detail/CVE-2017-2286https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sony:nfc_net_installercpe:/a:sony:nfc_port_software_%28formerly_felica_port_software%29cpe:/a:sony:pc%2Fsc_activator_for_type_bcpe:/a:sony:sfcard_viewer_22018-01-24T14:14+09:002017-07-27T15:38+09:002018-01-24T14:14+09:00Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000191.html
Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000191http://jvn.jp/en/jp/JVN81659403/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2289https://nvd.nist.gov/vuln/detail/CVE-2017-2289https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:kddi:qua_station2018-02-14T12:14+09:002017-08-08T15:35+09:002018-02-14T12:14+09:00WCR-1166DS vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000192.html
WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability (CWE-78).
Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000192http://jvn.jp/en/jp/JVN05340005/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10811https://nvd.nist.gov/vuln/detail/CVE-2017-10811https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:buffalo_inc:wcr-1166ds2018-02-14T12:21+09:002017-08-08T18:06+09:002018-02-14T12:21+09:00WSR-300HP vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000194.html
WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability.
WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability.JVNDB-2017-000194http://jvn.jp/en/jp/JVN74871939/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:buffalo_inc:wsr-300hp2017-08-08T18:07+09:002017-08-08T18:07+09:002017-08-08T18:07+09:00Installer of Baidu IME may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000195.html
Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000195http://jvn.jp/en/jp/JVN17788774/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2221https://nvd.nist.gov/vuln/detail/CVE-2017-2221https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:baidu:baidu_ime2018-01-24T14:34+09:002017-08-03T12:28+09:002018-01-24T14:34+09:00Installer of IP Messenger may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000196.html
IP Messenger is a LAN Messenger based on TCP/IP. IP Messenger contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000196http://jvn.jp/en/jp/JVN86724730/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10820https://nvd.nist.gov/vuln/detail/CVE-2017-10820https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hiroaki_shirouzu:ip_messenger2018-01-24T14:26+09:002017-08-03T14:35+09:002018-01-24T14:26+09:00Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000197.html
Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000197http://jvn.jp/en/jp/JVN67954465/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10812https://nvd.nist.gov/vuln/detail/CVE-2017-10812https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:nttdocomo:photo_collection_pc_software2018-02-28T12:13+09:002017-08-22T12:34+09:002018-02-28T12:13+09:00Installer and self-extracting archive containing the installer of TDB CA TypeA use software may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000198.html
TDB CA TypeA use software provided by Teikoku Databank, Ltd. is a software which provides environment for using system and management function of TDB electronic authentication service TypeA. The installer and the self-extracting archive containing the installer of TDB CA TypeA use software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000198https://jvn.jp/en/jp/JVN18641169/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10824https://nvd.nist.gov/vuln/detail/CVE-2017-10824https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:teikoku_databank:type_a2018-02-14T12:16+09:002017-08-18T13:41+09:002018-02-14T12:16+09:00Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000199.html
Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000199http://jvn.jp/en/jp/JVN73559859/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10821https://nvd.nist.gov/vuln/detail/CVE-2017-10821https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:enecho.meti:shin_kikan_toukei_houkoku_data_nyuryokuyou_program2018-02-14T12:19+09:002017-08-17T17:29+09:002018-02-14T12:19+09:00Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000200.html
Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000200http://jvn.jp/en/jp/JVN71104430/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10822https://nvd.nist.gov/vuln/detail/CVE-2017-10822https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:enecho.meti:shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program2018-02-14T12:05+09:002017-08-17T17:29+09:002018-02-14T12:05+09:00Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000201.html
Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000201http://jvn.jp/en/jp/JVN23546631/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10823https://nvd.nist.gov/vuln/detail/CVE-2017-10823https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:enecho.meti:shin_kinkyuji_houkoku_data_nyuryoku_program2018-02-14T12:08+09:002017-08-17T17:29+09:002018-02-14T12:08+09:00Multiple vulnerabilities in Cybozu Garoon
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000202.html
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* Denial-of-service (DoS) vulnerability in the application menu's edit function (CWE-20) - CVE-2017-2254
* Stored cross-site scripting in the "Rich text" function of the application "Space" (CWE-79) - CVE-2017-2255
* Stored cross-site scripting in the "Rich text" function of the application "Memo" (CWE-79) - CVE-2017-2256
* Cross-site scripting in the mail function (CWE-79) - CVE-2017-2257
* Directory traversal in the Garoon SOAP API "WorkflowHandleApplications" (CWE-22) - CVE-2017-2258
Cybozu, Inc. reported CVE-2017-2258 vulnerability to JPCERT/CC to notify users of its solution through JVN.
Jun Kokatsu reported CVE-2017-2254 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Masato Kinugawa reported CVE-2017-2255, CVE-2017-2256 and CVE-2017-2257 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.JVNDB-2017-000202http://jvn.jp/en/jp/JVN63564682/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2254https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2255https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2256https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2257https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2258https://nvd.nist.gov/vuln/detail/CVE-2017-2254https://nvd.nist.gov/vuln/detail/CVE-2017-2255https://nvd.nist.gov/vuln/detail/CVE-2017-2256https://nvd.nist.gov/vuln/detail/CVE-2017-2257https://nvd.nist.gov/vuln/detail/CVE-2017-2258https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:garoon2018-02-14T12:25+09:002017-08-21T14:30+09:002018-02-14T12:25+09:00Multiple vulnerabilities in baserCMS
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000203.html
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
* SQL injection (CWE-89) - CVE-2017-10842
* Arbitary files may be deleted - CVE-2017-10843
* Arbitary PHP code execution - CVE-2017-10844
Shoji Baba reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000203http://jvn.jp/en/jp/JVN78151490/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10842https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10843https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10844https://nvd.nist.gov/vuln/detail/CVE-2017-10842https://nvd.nist.gov/vuln/detail/CVE-2017-10843https://nvd.nist.gov/vuln/detail/CVE-2017-10844https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:basercms:basercms2018-02-28T11:45+09:002017-08-25T14:50+09:002018-02-28T11:45+09:00Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000204.html
Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below.
* OS command injection (CWE-78) - CVE-2017-10832
* Improper access restriction (CWE-425) - CVE-2017-10833
* Directory traversal (CWE-22) - CVE-2017-10834
* Arbitrary PHP code execution (CWE-94) - CVE-2017-10835
Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000204http://jvn.jp/en/jp/JVN87410770/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10832https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10833https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10834https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10835https://nvd.nist.gov/vuln/detail/CVE-2017-10832https://nvd.nist.gov/vuln/detail/CVE-2017-10833https://nvd.nist.gov/vuln/detail/CVE-2017-10834https://nvd.nist.gov/vuln/detail/CVE-2017-10835https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:nippon-antenna:scr02hd_firmware2018-02-28T14:28+09:002017-08-23T15:36+09:002018-02-28T14:28+09:00The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000205.html
The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
DigiGnome and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000205http://jvn.jp/en/jp/JVN30866130/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10831https://nvd.nist.gov/vuln/detail/CVE-2017-10831https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:moj:touki_denshi2018-02-28T14:04+09:002017-08-23T15:24+09:002018-02-28T14:04+09:00Multiple vulnerabilities in WebCalendar
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000206.html
WebCalendar provided by k5n.us contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2017-10840
* Directory traversal (CWE-22) - CVE-2017-10841
The following researchers reported vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2017-10840
Yuji Tounai of NTT Communications Corporation and ASAI Ken
CVE-2017-10841
ASAI KenJVNDB-2017-000206http://jvn.jp/en/jp/JVN23340457/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10840https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10841https://nvd.nist.gov/vuln/detail/CVE-2017-10840https://nvd.nist.gov/vuln/detail/CVE-2017-10841https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:k5n:webcalendar2018-02-28T12:07+09:002017-08-24T14:03+09:002018-02-28T12:07+09:00Multiple vulnerabilities in SEO Panel
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000207.html
SEO Panel provided by SEO Panel contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2017-10838
* SQL injection (CWE-89) - CVE-2017-10839
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000207http://jvn.jp/en/jp/JVN39628662/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10838https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10839https://nvd.nist.gov/vuln/detail/CVE-2017-10838https://nvd.nist.gov/vuln/detail/CVE-2017-10839https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:seopanel:seo_panel2018-02-28T12:19+09:002017-08-24T14:03+09:002018-02-28T12:19+09:00WordPress plugin "BackupGuard" vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000208.html
The WordPress plugin "BackupGuard" provided by BackupGuard contains a reflected cross-site scripting vulnerability (CWE-79).
Chris Liu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000208http://jvn.jp/en/jp/JVN58559719/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10837https://nvd.nist.gov/vuln/detail/CVE-2017-10837https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:backup-guard:backupguard2018-02-28T12:26+09:002017-08-24T14:03+09:002018-02-28T12:26+09:00Installer of Optimal Guard may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000209.html
Installer of Optimal Guard provided by OPTiM Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000209https://jvn.jp/en/ta/JVNTA91240916/http://jvn.jp/en/jp/JVN87540575/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10836https://nvd.nist.gov/vuln/detail/CVE-2017-10836https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:optim:optimal_guard2018-02-28T12:23+09:002017-08-25T14:50+09:002018-02-28T12:23+09:00Installer of "Security Kinou Mihariban" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000210.html
Installer of "Security Kinou Mihariban" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000210http://jvn.jp/en/jp/JVN11601216/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10826https://nvd.nist.gov/vuln/detail/CVE-2017-10826https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_west:security_kinou_mihariban2018-02-28T14:04+09:002017-08-25T14:50+09:002018-02-28T14:04+09:00Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000211.html
Installer of "Remote Support Tool (Enkaku Support Tool)" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000211https://jvn.jp/en/ta/JVNTA91240916/http://jvn.jp/en/jp/JVN26115441/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10829https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_east:remote_support_toolcpe:/a:ntt_west:remote_support_tool2017-08-30T15:10+09:002017-08-30T15:10+09:002017-08-30T15:10+09:00Installer of "Flets Azukeru for Windows Auto Backup Tool" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000212.html
Installer of "Flets Azukeru for Windows Auto Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000212http://jvn.jp/en/jp/JVN14658714/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10827https://nvd.nist.gov/vuln/detail/CVE-2017-10827https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_west:flet%27s_azukeru_pc_autobackup_tool2018-02-28T14:07+09:002017-08-25T15:02+09:002018-02-28T14:07+09:00Installer of "Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000213.html
Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000213http://jvn.jp/en/jp/JVN97243511/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10825https://nvd.nist.gov/vuln/detail/CVE-2017-10825https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_west:flet%27s_kantan_setup_tool2018-03-14T13:48+09:002017-11-02T13:57+09:002018-03-14T13:48+09:00Installer of "Flets Install Tool" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000214.html
Installer of "Flets Install Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000214http://jvn.jp/en/jp/JVN14926025/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10828https://nvd.nist.gov/vuln/detail/CVE-2017-10828https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_west:flet%27s_install_tool2018-02-28T14:07+09:002017-08-25T15:02+09:002018-02-28T14:07+09:00Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000215.html
The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000215http://jvn.jp/en/jp/JVN36303528/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10830https://nvd.nist.gov/vuln/detail/CVE-2017-10830https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_west:secutity_setup_tool2018-02-28T14:28+09:002017-08-25T14:50+09:002018-02-28T14:28+09:00Installer of "Flets Setsuzoku Tool" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000216.html
Installer of "Flets Setsuzoku Tool"provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000216https://jvn.jp/en/jp/JVN22272314/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2242https://nvd.nist.gov/vuln/detail/CVE-2017-2242https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_west:flet%27s_connection_tool2018-02-28T11:39+09:002017-08-25T14:52+09:002018-02-28T11:39+09:00Backdoor access issue in Wi-Fi STATION L-02F
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000217.html
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue.
Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000217https://jvn.jp/en/jp/JVN68922465/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10845https://nvd.nist.gov/vuln/detail/CVE-2017-10845https://www.ipa.go.jp/security/ciadr/vul/20170912-jvn.htmlhttps://www.jpcert.or.jp/at/2017/at170034.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:nttdocomo:wi-fi_station_l-02f2018-02-28T14:11+09:002017-09-12T14:34+09:002018-02-28T14:11+09:00Wi-Fi STATION L-02F fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000218.html
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions.
Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000218https://jvn.jp/en/jp/JVN03044183/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10846https://nvd.nist.gov/vuln/detail/CVE-2017-10846https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:nttdocomo:wi-fi_station_l-02f2018-02-28T14:09+09:002017-09-12T14:35+09:002018-02-28T14:09+09:00Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000219.html
Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000219http://jvn.jp/en/jp/JVN09769017/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10848https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10849https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10850https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10851https://nvd.nist.gov/vuln/detail/CVE-2017-10848https://nvd.nist.gov/vuln/detail/CVE-2017-10849https://nvd.nist.gov/vuln/detail/CVE-2017-10850https://nvd.nist.gov/vuln/detail/CVE-2017-10851https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fuji_xerox:contentsbridge_utilitycpe:/a:fuji_xerox:docuworkscpe:/a:fuji_xerox:docuworks_viewer_lightcpe:/h:fuji_xerox:apeosport-vicpe:/h:fuji_xerox:docucentre-vi2021-04-12T13:30+09:002017-08-31T16:35+09:002021-04-12T13:30+09:00Multiple vulnerabilities in CG-WLR300NM
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000220.html
CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000220http://jvn.jp/en/jp/JVN00719891/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10813https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10814https://nvd.nist.gov/vuln/detail/CVE-2017-10813https://nvd.nist.gov/vuln/detail/CVE-2017-10814https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:corega:cg-wlr300nm_firmware2018-02-28T12:21+09:002017-09-08T14:14+09:002018-02-28T12:21+09:00Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000221.html
FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000221http://jvn.jp/en/jp/JVN57205588/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10855https://nvd.nist.gov/vuln/detail/CVE-2017-10855https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:fence-explorer2018-02-28T13:58+09:002017-09-11T14:55+09:002018-02-28T13:58+09:00SEIL Series routers vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000222.html
The IPsec/IKE function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to a flaw in processing certain packets.
Internet Initiative Japan Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Internet Initiative Japan Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000222http://jvn.jp/en/jp/JVN76692689/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10856https://nvd.nist.gov/vuln/detail/CVE-2017-10856https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:iij:seil%2Fb1cpe:/h:iij:seil%2Fbpv4cpe:/h:iij:seil%2Fxcpe:/h:iij:seil%2Fx862018-02-28T14:12+09:002017-09-11T15:19+09:002018-02-28T14:12+09:00Install program and Installer of i-filter 6.0 may insecurely load Dynamic Link Libraries and invoke executable files
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000223.html
i-filter 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-filter 6.0 install program and installer contain the following vulnerabilities.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000223http://jvn.jp/en/jp/JVN75929834/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10858https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10859https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10860https://nvd.nist.gov/vuln/detail/CVE-2017-10858https://nvd.nist.gov/vuln/detail/CVE-2017-10859https://nvd.nist.gov/vuln/detail/CVE-2017-10860https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:daj:i-filter_installer2017-09-29T13:54+09:002017-09-29T13:54+09:002017-09-29T13:54+09:00Cybozu Office fails to restrict access permissions
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000225.html
Cybozu Office fails to restrict access permissions.
Cybozu Office provided by Cybozu, Inc. fails to restrict access permissions (CWE-284) due to an issue in "Cabinet" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000225http://jvn.jp/en/jp/JVN14658424/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10857https://nvd.nist.gov/vuln/detail/CVE-2017-10857https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:cybozu:office2018-03-07T12:21+09:002017-10-11T14:28+09:002018-03-07T12:21+09:00HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000226.html
HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Note that this vulnerability is different from JVN#58909026.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JVNDB-2017-000226http://jvn.jp/en/ta/JVNTA91240916/index.htmlhttp://jvn.jp/en/jp/JVN55516206/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10865https://nvd.nist.gov/vuln/detail/CVE-2017-10865https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi-solutions:confidential_file_decryption2018-03-07T12:12+09:002017-10-11T16:43+09:002018-03-07T12:12+09:00HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000227.html
HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Note that this vulnerability is different from JVN#55516206.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JVNDB-2017-000227http://jvn.jp/en/jp/JVN58909026/index.htmlhttp://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10863https://nvd.nist.gov/vuln/detail/CVE-2017-10863https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi-solutions:confidential_file_decryption2018-03-07T12:06+09:002017-10-11T16:43+09:002018-03-07T12:06+09:00Installer of HIBUN Confidential File Viewer may insecurely load Dynamic Link Libraries and invoke executable files
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000228.html
Installer of HIBUN Confidential File Viewer provided by Hitachi Solutions, Ltd. contains an issue with the search path for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000228http://jvn.jp/en/jp/JVN94056834/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10864https://nvd.nist.gov/vuln/detail/CVE-2017-10864https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi-solutions:confidential_file_viewer2018-03-07T12:09+09:002017-10-11T16:43+09:002018-03-07T12:09+09:00Home unit KX-HJB1000 contains multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000229.html
Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000229http://jvn.jp/en/jp/JVN54795166/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2131https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2132https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2133https://nvd.nist.gov/vuln/detail/CVE-2017-2131https://nvd.nist.gov/vuln/detail/CVE-2017-2132https://nvd.nist.gov/vuln/detail/CVE-2017-2133https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:panasonic:kx-hjb1000_firmware2018-03-07T14:24+09:002017-10-17T17:22+09:002018-03-07T14:24+09:00OpenAM (Open Source Edition) vulnerable to authentication bypass
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000231.html
OpenAM (Open Source Edition) contains an authentication bypass vulnerability.
Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JVNDB-2017-000231http://jvn.jp/en/jp/JVN79546124/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10873https://nvd.nist.gov/vuln/detail/CVE-2017-10873https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:open_source_solution_technology:openam2018-03-14T14:03+09:002017-11-01T15:36+09:002018-03-14T14:03+09:00Wi-Fi STATION L-02F vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000232.html
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability.
Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000232https://jvn.jp/en/jp/JVN23367475/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10871https://nvd.nist.gov/vuln/detail/CVE-2017-10871https://www.ipa.go.jp/security/ciadr/vul/20171106-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:nttdocomo:wi-fi_station_l-02f2018-03-07T14:00+09:002017-11-06T13:48+09:002018-03-07T14:00+09:00I-O DATA LAN DISK Connect vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000233.html
LAN DISK Connect provided by I-O DATA DEVICE, INC. contains a denial-of-service (DoS) vulnerability (CWE-119) due to a flaw in processing certain packets.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000233https://jvn.jp/en/jp/JVN87886530/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10875https://nvd.nist.gov/vuln/detail/CVE-2017-10875https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:i-o_data_device:lan_disk_connect2018-03-07T14:01+09:002017-11-06T13:48+09:002018-03-07T14:01+09:00Installer of HYPER SBI may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000234.html
HYPER SBI provided by SBI SECURITIES Co.,Ltd. is a trading tool. Installer of HYPER SBI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuto Iso of NTT Security (Japan) KK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000234https://jvn.jp/en/jp/JVN71284826/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10885https://nvd.nist.gov/vuln/detail/CVE-2017-10885https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sbisec:hyper_sbi2018-03-07T14:01+09:002017-11-09T12:29+09:002018-03-07T14:01+09:00CS-Cart Japanese Edition vulnerable to cross-site scripting
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000235.html
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site scripting vulnerabulity (CWE-79).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000235https://jvn.jp/en/jp/JVN29602086/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10886https://nvd.nist.gov/vuln/detail/CVE-2017-10886https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:misc:simtech_ltd_cs-cart2018-03-07T13:36+09:002017-11-13T15:30+09:002018-03-07T13:36+09:00WordPress plugin "TablePress" vulnerable to improper restriction of XML external entity (XXE) references
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000236.html
The WordPress plugin "TablePress" is a plugin to create and manage tables on WordPress site. TablePress contains a vulnerability where XML external entity (XXE) references are not properly restricted (CWE-611).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000236https://jvn.jp/en/jp/JVN05398317/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10889https://nvd.nist.gov/vuln/detail/CVE-2017-10889https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:tablepress:tablepress2018-03-07T13:36+09:002017-11-14T13:26+09:002018-03-07T13:36+09:00Multiple vulnerabilities in BOOK WALKER for Windows/Mac
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000237.html
BOOK WALKER for Windows/Mac provided by BOOK WALKER Co.,Ltd. are applications to view e-books. Installer of BOOK WALKER for Windows contains a vulnerabirity, which may lead to insecurely loading Dynamic Link Libraries.
Also BOOK WALKER for Windows/Mac contain a vulnerability which may lead to information disclosure as a result of reading a specially crafted file.
* DLL preloading vulnerability (CWE-427) - CVE-2017-10887
* Information disclosure vulnerability (CWE-200) - CVE-2017-10888
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000237http://jvn.jp/en/jp/JVN18420340/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10887https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10888https://nvd.nist.gov/vuln/detail/CVE-2017-10887https://nvd.nist.gov/vuln/detail/CVE-2017-10888https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:bookwalker:book_walker2018-03-07T13:36+09:002017-11-14T15:19+09:002018-03-07T13:36+09:00Robotic appliance COCOROBO vulnerable to session management
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000238.html
Robotic appliance COCOROBO provided by Sharp Corporation is a robot with cleaning function. Robotic appliance COCOROBO contains a vulnerability in session management (CWE-639).
Kiyotaka ATSUMI of IoT Technology Laboratory, Cyber Grid Japan, LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000238http://jvn.jp/en/jp/JVN76382932/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10890https://nvd.nist.gov/vuln/detail/CVE-2017-10890https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:sharp:rx-clv1-p_firmwarecpe:/o:sharp:rx-clv2-b_firmwarecpe:/o:sharp:rx-clv3-n_firmwarecpe:/o:sharp:rx-v100_firmwarecpe:/o:sharp:rx-v200_firmware2018-03-14T14:09+09:002017-11-16T14:03+09:002018-03-14T14:09+09:00The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000239.html
Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. and Shun Suzaki reported CVE-2017-10891 vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000239http://jvn.jp/en/jp/JVN08517069/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10891https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10892https://nvd.nist.gov/vuln/detail/CVE-2017-10891https://nvd.nist.gov/vuln/detail/CVE-2017-10892https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sony:media-gocpe:/a:sony:music_center2018-03-14T14:25+09:002017-11-21T15:40+09:002018-03-14T14:25+09:00PWR-Q200 vulnerable to DNS cache poisoning attacks
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000240.html
PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port (CWE-330).
Toshifumi Sakaguchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000240https://jvn.jp/en/jp/JVN73141967/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10874https://nvd.nist.gov/vuln/detail/CVE-2017-10874https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ntt_east:pwr-q2002018-03-14T14:19+09:002017-11-22T13:51+09:002018-03-14T14:19+09:00Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000241.html
Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below.
* Improper Access Restriction (CWE-284) - CVE-2017-10900
* Buffer Overflow (CWE-119) - CVE-2017-10901
* OS Command Injection (CWE-78) - CVE-2017-10902
* Improper Authentication (CWE-287) - CVE-2017-10903
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000241https://jvn.jp/en/jp/JVN98295787/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10900https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10901https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10902https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10903https://nvd.nist.gov/vuln/detail/CVE-2017-10900https://nvd.nist.gov/vuln/detail/CVE-2017-10901https://nvd.nist.gov/vuln/detail/CVE-2017-10902https://nvd.nist.gov/vuln/detail/CVE-2017-10903https://www.ipa.go.jp/security/ciadr/vul/20171130-1-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/o:princeton:ptw-wms1_firmware2018-03-14T14:13+09:002017-11-30T15:45+09:002018-03-14T14:13+09:00StreamRelay.net.exe and sDNSProxy.exe vulnerable to denial-of-service (DoS)
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000242.html
StreamRelay.net.exe and sDNSProxy.exe fail to properly process ICMP Port Unreachable message (CWE-703).
Tomoki Sanaki reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Tomoki Sanaki coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000242https://jvn.jp/en/jp/JVN71291160/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10894https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10895https://nvd.nist.gov/vuln/detail/CVE-2017-10894https://nvd.nist.gov/vuln/detail/CVE-2017-10895https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:rocketeer.dip:sdnsproxycpe:/a:rocketeer.dip:streamrelay_net2018-03-14T14:26+09:002017-11-29T14:54+09:002018-03-14T14:26+09:00Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000243.html
A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection (CWE-89) vulnerability due to the issue in processing cookie values.
Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000243https://jvn.jp/en/jp/JVN78501037/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10898https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10899https://nvd.nist.gov/vuln/detail/CVE-2017-10898https://nvd.nist.gov/vuln/detail/CVE-2017-10899https://www.ipa.go.jp/security/ciadr/vul/20171130-2-jvn.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:ark-web:a-membercpe:/a:ark-web:a-reserve2018-03-14T14:20+09:002017-11-30T15:50+09:002018-03-14T14:20+09:00Multiple vulnerabilities in multiple Buffalo broadband routers
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000244.html
BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2017-10896
* Improper Input Validation (CWE-20) - CVE-2017-10897
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000244https://jvn.jp/en/jp/JVN65994435/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10896https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10897https://nvd.nist.gov/vuln/detail/CVE-2017-10896https://nvd.nist.gov/vuln/detail/CVE-2017-10897https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/h:buffalo_inc:bbr-4hgcpe:/h:buffalo_inc:bbr-4mg2018-03-14T14:15+09:002017-12-01T16:17+09:002018-03-14T14:15+09:00The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000245.html
The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems (J-LIS) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Note that this vulnerability is different from JVN#91002412 and JVN#39605485.
BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000245http://jvn.jp/en/jp/JVN30352845/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10893https://nvd.nist.gov/vuln/detail/CVE-2017-10893https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:j-lis:the_public_certification_service_for_individuals2018-03-14T14:07+09:002017-12-06T14:42+09:002018-03-14T14:07+09:00Qt for Android vulnerable to OS command injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000246.html
Qt for Android provided by The Qt Company contains an OS command injection vulnerability (CWE-78).
Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000246https://jvn.jp/en/jp/JVN67389262/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10904https://nvd.nist.gov/vuln/detail/CVE-2017-10904https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:qt:qt2018-03-14T13:48+09:002017-12-11T13:40+09:002018-03-14T13:48+09:00Qt for Android environment variables alteration
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000247.html
Qt for Android contains an information alteration vulnerability.
Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000247https://jvn.jp/en/jp/JVN27342829/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10905https://nvd.nist.gov/vuln/detail/CVE-2017-10905https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:qt:qt2018-03-14T13:44+09:002017-12-11T13:40+09:002018-03-14T13:44+09:00OneThird CMS vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000248.html
OneThird CMS provided by SpiQe Software is a Contents Management System (CMS). OneThird CMS contains a directory traversal vulnerability (CWE-22).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000248http://jvn.jp/en/jp/JVN93333702/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10907https://nvd.nist.gov/vuln/detail/CVE-2017-10907https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:spiqe:onethird2018-04-04T13:58+09:002017-12-19T13:48+09:002018-04-04T13:58+09:00Multiple vulnerabilities in H2O
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000249.html
H2O is an open source web server software. H2O contains multiple vulnerabilities listed below.
* A Denial-of-service (DoS) due to a flaw in processing HTTP/1 header (CWE-20) - CVE-2017-10868
* Stack-based buffer overflow (CWE-121) - CVE-2017-10869
* A Denial-of-service (DoS) due to a flaw in outputting of the access log (CWE-118) - CVE-2017-10872
* A Denial-of-service (DoS) due to a flaw in processing HTTP/2 header (CWE-20) - CVE-2017-10908
Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership.JVNDB-2017-000249http://jvn.jp/en/jp/JVN84182676/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10868https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10869https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10872https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10908https://nvd.nist.gov/vuln/detail/CVE-2017-10868https://nvd.nist.gov/vuln/detail/CVE-2017-10869https://nvd.nist.gov/vuln/detail/CVE-2017-10872https://nvd.nist.gov/vuln/detail/CVE-2017-10908https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:h2o_project:h2o2018-04-04T13:49+09:002017-12-18T15:17+09:002018-04-04T13:49+09:00The installer of Music Center for PC may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000250.html
Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Note that this vulnerability is different from JVN#08517069.
DigiGnome(@biz4g) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000250http://jvn.jp/en/jp/JVN60695371/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10909https://nvd.nist.gov/vuln/detail/CVE-2017-10909https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sony:music_center2018-04-04T13:53+09:002017-12-22T15:50+09:002018-04-04T13:53+09:00The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000251.html
Content Manager Assistant for PlayStation provided by Sony Interactive Entertainment Inc. is a data transfer tool. The installer of Content Manager Assistant for PlayStation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Shun Suzaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000251http://jvn.jp/en/jp/JVN95423049/index.htmlhttps://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17010https://nvd.nist.gov/vuln/detail/CVE-2017-17010https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:sony:content_manager_assistant2018-04-04T14:04+09:002017-12-22T15:50+09:002018-04-04T14:04+09:00MQTT.js issue in handling PUBLISH packets
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000252.html
MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker.
Masataka Sakaguchi, Bintatsu Noda and Hisashi Kojima of Fujitsu Laboratories Ltd.reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.JVNDB-2017-000252http://jvn.jp/en/jp/JVN45494523/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10910https://nvd.nist.gov/vuln/detail/CVE-2017-10910https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:mqtt.js_project:mqtt.js2018-04-04T14:02+09:002017-12-25T14:00+09:002018-04-04T14:02+09:00Mis-configuration of Apache Velocity template engine used to send emails in GigaCC OFFICE
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-001053.html
GigaCC OFFICE provided by WAM!NET Japan K.K. contains mis-configuration of Apache Velocity template engine which is used to send emails.
WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership.
Dongjoo Ha and Heaeun Moon of NSHC Pre., Ltd.
Masaki Yoshikawa of Recruit Technologies Co.,Ltd.JVNDB-2017-001053http://jvn.jp/en/vu/JVNVU91417143http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7844https://nvd.nist.gov/vuln/detail/CVE-2016-7844cpe:/a:gigaccsecure:gigacc_office2018-02-28T11:35+09:002017-01-23T17:57+09:002018-02-28T11:35+09:00Arbitrary file upload vulnerability in GigaCC OFFICE
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-001054.html
GigaCC OFFICE provided by WAM!NET Japan K.K. contains a vulnerability where arbitrary files may be uploaded.
WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership.
Dongjoo Ha and Heaeun Moon of NSHC Pre., Ltd.
Masaki Yoshikawa of Recruit Technologies Co.,Ltd.JVNDB-2017-001054http://jvn.jp/en/vu/JVNVU91417143/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7845https://nvd.nist.gov/vuln/detail/CVE-2016-7845cpe:/a:gigaccsecure:gigacc_office2018-02-28T11:25+09:002017-01-23T17:57+09:002018-02-28T11:25+09:00Cross-site Scripting Vulnerability in multiple Hitachi products
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-002225.html
A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform.
JVNDB-2017-002225cpe:/a:hitachi:groupmax_collaboration_portalcpe:/a:hitachi:groupmax_collaboration_web_clientcpe:/a:hitachi:groupmax_collaboration_web_client_mail_schedulecpe:/a:hitachi:hitachi_navigation_platformcpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:jp1_navigation_platformcpe:/a:hitachi:ucosminexus_collaboration_portalcpe:/a:hitachi:ucosminexus_navigationcpe:/a:hitachi:ucosminexus_navigation_platformcpe:/a:hitachi:ucosminexus_portal_framework2017-06-30T15:56+09:002017-06-30T15:56+09:002017-06-30T15:56+09:00Trend Micro Control Manager vulnerable to SQL injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-002290.html
Trend Micro Control Manager contains multiple SQL injection vulnerabilities.
This advisory refers to the vulnerabilities that are disclosed on the TippingPoint Zero Day Initiative advisories listed below.
TippingPoint Zero Day Initiative
http://www.zerodayinitiative.com/advisories/published/
ZDI-17-180, ZDI-17-181, ZDI-17-182, ZDI-17-183, ZDI-17-184, ZDI-17-185, ZDI-17-186JVNDB-2017-002290http://jvn.jp/en/vu/JVNVU91290407/index.htmlhttp://www.zerodayinitiative.com/advisories/published/http://www.zerodayinitiative.com/advisories/ZDI-17-180/http://www.zerodayinitiative.com/advisories/ZDI-17-181/http://www.zerodayinitiative.com/advisories/ZDI-17-182/http://www.zerodayinitiative.com/advisories/ZDI-17-183/http://www.zerodayinitiative.com/advisories/ZDI-17-184/http://www.zerodayinitiative.com/advisories/ZDI-17-185/http://www.zerodayinitiative.com/advisories/ZDI-17-186/cpe:/a:trendmicro:control_manager2018-01-17T16:15+09:002018-01-17T16:15+09:002018-01-17T16:15+09:00Multiple Vulnerabilities in Hitachi IT Operations Director and JP1/IT Desktop Management
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-003108.html
A cross-site scripting and an XML external entity (XXE) vulnerability have been found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager.JVNDB-2017-003108https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:it_operations_directorcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_managementcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-managercpe:/a:hitachi:jp1%2Fit_desktop_management-managercpe:/a:hitachi:jp1_it_desktop_management2017-06-30T15:55+09:002017-06-30T15:55+09:002017-06-30T15:55+09:00Deep Discovery Email Inspector vulnerable to arbitrary code execution
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-004607.html
Deep Discovery Email Inspector provided by Trend Micro Incorporated contains an arbitrary code execution vulnerability due to an issue in uploading files.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.JVNDB-2017-004607http://jvn.jp/en/vu/JVNVU95587881/http://zerodayinitiative.com/advisories/ZDI-17-283/http://www.zerodayinitiative.com/advisories/published/cpe:/a:trendmicro:deep_discovery2018-01-31T13:43+09:002018-01-31T13:43+09:002018-01-31T13:43+09:00Cross-site Scripting Vulnerability in Fujitsu Interstage List Works
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-004687.html
A cross-suite scripting vulnerability has been found in web functionality of Fujitsu Interstage List Works.JVNDB-2017-004687https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:interstage_list_works2018-01-12T14:58+09:002018-01-12T14:58+09:002018-01-12T14:58+09:00Multiple Vulnerabilities in Hitachi Automation Director and Hitachi Infrastructure Analytics Advisor
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-005137.html
Multiple vulnerabilities have been found in Hitachi Automation Director and Hitachi Infrastructure Analytics Advisor. JVNDB-2017-005137https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:automation_directorcpe:/a:hitachi:infrastructure_analytics_advisor2017-07-19T15:44+09:002017-07-19T15:44+09:002017-07-19T15:44+09:00gSOAP vulnerable to stack-based buffer overflow
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-005208.html
gSOAP library provided by Genivia contains a stack-based buffer overflow(CWE-121). Processing a crafted SOAP message sent by a remote attacker may result in code execution.JVNDB-2017-005208http://jvn.jp/en/vu/JVNVU98807587/index.htmlhttps://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9765https://nvd.nist.gov/vuln/detail/CVE-2017-9765http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millionshttp://blog.senr.io/devilsivy.htmlcpe:/a:genivia:gsoap2018-02-14T13:44+09:002017-07-21T13:39+09:002018-02-14T13:44+09:00Multiple vulnerabilities in Deep Discovery Email Inspector
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-005606.html
Deep Discovery Email Inspector provided by Trend Micro Incorporated contains multiple vulnerabilities.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.JVNDB-2017-005606http://jvn.jp/en/vu/JVNVU95303354/index.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-17-151http://www.zerodayinitiative.com/advisories/ZDI-17-152http://www.zerodayinitiative.com/advisories/ZDI-17-153http://www.zerodayinitiative.com/advisories/ZDI-17-154http://www.zerodayinitiative.com/advisories/ZDI-17-155http://www.zerodayinitiative.com/advisories/ZDI-17-156http://www.zerodayinitiative.com/advisories/ZDI-17-157http://www.zerodayinitiative.com/advisories/ZDI-17-158http://www.zerodayinitiative.com/advisories/ZDI-17-159cpe:/a:trendmicro:deep_discovery_email_inspector2018-01-17T16:15+09:002018-01-17T16:15+09:002018-01-17T16:15+09:00Denial-of-service (DoS) Vulnerability in HiRDB
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-006466.html
A vulnerability to denial-of-service attacks was found in HiRDB.JVNDB-2017-006466https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:hirdbcpe:/a:hitachi:hirdb_parallel_servercpe:/a:hitachi:hirdb_single_server2017-09-05T10:46+09:002017-08-28T13:46+09:002017-09-05T10:46+09:00Denial-of-service (DoS) Vulnerability in JP1 and Hitachi IT Operations Director
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-006769.html
A vulnerability to denial-of-service attacks was found in JP1 and Hitachi IT Operations Director.JVNDB-2017-006769https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:it_operations_directorcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_managementcpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-managercpe:/a:hitachi:job_management_partner_1_asset_information_managercpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_2cpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_3cpe:/a:hitachi:job_management_partner_1_integrated_managementcpe:/a:hitachi:job_management_partner_1_it_service_level_managementcpe:/a:hitachi:job_management_partner_1_software_distribution_managercpe:/a:hitachi:jp1%2Fit_desktop_management-managercpe:/a:hitachi:jp1_automatic_job_management_system_2cpe:/a:hitachi:jp1_automatic_job_management_system_3cpe:/a:hitachi:jp1_automatic_operationcpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:jp1_integrated_managercpe:/a:hitachi:jp1_it_desktop_managementcpe:/a:hitachi:jp1_it_service_level_managementcpe:/a:hitachi:jp1_netm_asset_information_managercpe:/a:hitachi:jp1_netm_dmcpe:/a:hitachi:jp1_operation_analyticscpe:/a:hitachi:jp1_performance_analysiscpe:/a:hitachi:jp1_performance_managementcpe:/a:hitachi:jp1_serverconductor_control_managercpe:/a:hitachi:jp1_service_level_managementcpe:/a:hitachi:jp1_service_support2017-09-05T10:46+09:002017-09-04T12:14+09:002017-09-05T10:46+09:00InterScan Web Security Virtual Appliance vulnerable to code injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-007422.html
InterScan Web Security Virtual Appliance provided by Trend Micro Incorporated contains code injection vulnerability.JVNDB-2017-007422http://jvn.jp/en/vu/JVNVU90447827/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11396https://nvd.nist.gov/vuln/detail/CVE-2017-11396cpe:/a:trendmicro:interscan_web_security_virtual_appliance2018-03-07T14:32+09:002017-09-21T15:58+09:002018-03-07T14:32+09:00jwt-scala fails to verify token signatures
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-007582.html
jwt-scala contains a vulnerability where it fails to verify token signatures correctly.
jwt-scala is a Scala library to handle JSON Web Token (JWT). jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers.
Toshiharu Sugiyama of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to the developer and JPCERT/CC and directly coordinated with the developer. JPCERT/CC published this advisory as the developer agreed with the publication on JVN.JVNDB-2017-007582http://jvn.jp/en/vu/JVNVU90916766/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10862https://nvd.nist.gov/vuln/detail/CVE-2017-10862https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:really:jwt-scala2018-03-07T12:23+09:002017-09-26T15:37+09:002018-03-07T12:23+09:00Self-Decrypting Confidential Files created by JP1/HIBUN may insecurely load Dynamic Link Libraries
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-007767.html
Self-decrypting confidential files created by JP1/HIBUN contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. JVNDB-2017-007767https://jvn.jp/en/ta/JVNTA91240916/index.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_hibun2017-10-06T11:36+09:002017-10-03T11:18+09:002017-10-06T11:36+09:00Information Disclosure Vulnerability in Hitachi Global Link Manager
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008363.html
An Information Disclosure Vulnerability was found in Hitachi Global Link Manager.JVNDB-2017-008363https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:global_link_manager2017-10-18T12:31+09:002017-10-17T16:26+09:002017-10-18T12:31+09:00RMI Vulnerability in Hitachi Tuning Manager
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008364.html
A RMI Vulnerability was found in Hitachi Tuning Manager.JVNDB-2017-008364https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:tuning_manager2017-10-18T12:31+09:002017-10-17T16:26+09:002017-10-18T12:31+09:00Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008369.html
Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor.
* Cross-site Scripting
* Access Control
For Access Control, Hitachi Data Center Analytics v8.0.0, v8.0.2, v8.1.0, and v8.1.3 will be affected.JVNDB-2017-008369https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:infrastructure_analytics_advisor2017-10-18T12:31+09:002017-10-17T16:58+09:002017-10-18T12:31+09:00Information Disclosure Vulnerability in Hitachi Automation Director
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008370.html
An Information Disclosure Vulnerability was found in Hitachi Automation Director.JVNDB-2017-008370https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:automation_director2017-10-18T12:31+09:002017-10-17T17:01+09:002017-10-18T12:31+09:00XXE Vulnerability in Hitachi Command Suite
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008411.html
An XXE (XML External Entity) Vulnerability was found in Hitachi Command Suite.JVNDB-2017-008411https://cwe.mitre.org/data/definitions/611.htmlcpe:/a:hitachi:device_managercpe:/a:hitachi:dynamic_link_managercpe:/a:hitachi:replication_manager2017-11-07T15:06+09:002017-10-18T14:22+09:002017-11-07T15:06+09:00Memory corruption vulnerability in Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-008629.html
Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro contain a memory corruption vulnerability.JVNDB-2017-008629http://jvn.jp/en/vu/JVNVU93703434/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10870https://nvd.nist.gov/vuln/detail/CVE-2017-10870cpe:/a:justsystems:ichitarocpe:/a:justsystems:ichitaro_governmentcpe:/a:justsystems:ichitaro_procpe:/a:justsystems:rakuraku_hagaki2018-03-14T14:01+09:002017-10-25T12:17+09:002018-03-14T14:01+09:00QND Advance/Standard vulnerable to directory traversal
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-009884.html
QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability.
QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability (CWE-22) in an administrative server due to the issue in processing input from an agent program.
An administrative server does not require authentication in the communication between a server and an agent program either, therefore an arbitrary request from an arbitrary device with access to an administrative server can be sent and processed.
Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.JVNDB-2017-009884http://jvn.jp/en/vu/JVNVU94198685/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10861https://nvd.nist.gov/vuln/detail/CVE-2017-10861https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:qualitysoft:qnd_advance%2Fstandard2018-03-14T14:17+09:002017-11-28T11:26+09:002018-03-14T14:17+09:00Cross-site Scripting Vulnerability in JP1/Operations Analytics
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010043.html
A cross-site scripting vulnerability was found in JP1/Operations Analytics. JVNDB-2017-010043https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:jp1_operation_analytics2017-12-20T11:09+09:002017-12-01T14:59+09:002017-12-20T11:09+09:00Cross-site Scripting Vulnerability in Fujitsu NetCOBOL
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010236.html
A cross-site scripting vulnerability was found in MeFt/Web Service manager function in Fujitsu NetCOBOL.JVNDB-2017-010236https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:fujitsu:netcobol2018-01-12T15:07+09:002018-01-12T15:07+09:002018-01-12T15:07+09:00Cross-site Scripting Vulnerability in JP1/Service Support and JP1/Integrated Management - Service Support
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010275.html
A cross-site scripting vulnerability was found in JP1/Service Support and JP1/Integrated Management - Service Support. JVNDB-2017-010275https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlcpe:/a:hitachi:job_management_partner_1_integrated_managementcpe:/a:hitachi:jp1_integrated_managementcpe:/a:hitachi:jp1_service_support2017-12-20T11:09+09:002017-12-11T11:46+09:002017-12-20T11:09+09:00Fluentd vulenrable to escape sequence injection
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010280.html
Fluentd provided by Cloud Native Computing Foundation (CNCF) contains an escape sequence injection vulnerability.
Fluentd is an open source data collector provided by Cloud Native Computing Foundation (CNCF). The parse Filter Plugin for Fluentd contains an escape sequence injection vulnerability (CWE-150) due to a flaw in processing logs.
Teppei Fukuda reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.JVNDB-2017-010280http://jvn.jp/en/vu/JVNVU95124098/index.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10906https://nvd.nist.gov/vuln/detail/CVE-2017-10906https://cwe.mitre.org/data/definitions/150.htmlcpe:/a:fluentd:fluentd2017-12-11T14:13+09:002017-12-11T14:13+09:002017-12-11T14:13+09:00AssetView and AssetView PLATINUM contain multiple vulnerabilities
https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010584.html
AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below.
* Use of Hard-coded Cryptographic Key (CWE-321) - CVE-2017-10866
* Improper Input Validation (CWE-20) - CVE-2017-10867
Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.JVNDB-2017-010584http://jvn.jp/en/vu/JVNVU91625548/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10866https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10867https://www.ipa.go.jp/en/security/vulnerabilities/cwe.htmlhttps://cwe.mitre.org/data/definitions/321.htmlcpe:/a:hammock:assetview2018-01-12T15:32+09:002018-01-12T15:32+09:002018-01-12T15:32+09:00