Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. Date published : 2018-09-07 https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/ http://jvn.jp/en/jp/JVN18716340/index.html
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. Date published : 2018-09-07 https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/ http://jvn.jp/en/jp/JVN18716340/index.html
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. Date published : 2018-09-07 https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/ http://jvn.jp/en/jp/JVN18716340/index.html
The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs...
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published : 2018-09-07...
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Date published : 2018-09-07 http://jvn.jp/en/jp/JVN71329812/index.html https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. Date published : 2018-09-07 http://www.tinybeans.net/blog/2015/06/26-230919.html https://bit-part.net/news/2018/07/mtappjquery-20180717.html
Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2)...
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Date published : 2018-09-07 https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html http://jvn.jp/en/jp/JVN37376131/index.html
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2018-09-07 FV Flowplayer Video Player http://jvn.jp/en/jp/JVN70246549/index.html
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17...
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17...
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. Date published : 2018-09-06 http://www.securityfocus.com/bid/105303 https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01