Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2154 | Improper Input Validation vulnerability in Justsystems products Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2153 | Improper Input Validation vulnerability in Seil products SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets. | 7.5 |
| 2017-04-28 | CVE-2017-2152 | OS Command Injection vulnerability in Buffalo INC Wnc01Wh Firmware 1.0.0.9 WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-04-28 | CVE-2017-2151 | Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-28 | CVE-2017-2150 | Path Traversal vulnerability in Booking Calendar Project Booking Calendar Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | 5.3 |
| 2017-04-28 | CVE-2017-2149 | Untrusted Search Path vulnerability in Toshiba Flashair Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 8.8 |
| 2017-04-28 | CVE-2017-2148 | Cross-site Scripting vulnerability in Iodata Wn-Ac1167Gr Firmware 1.04 Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-28 | CVE-2017-2147 | Cross-site Scripting vulnerability in Wp-Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-28 | CVE-2017-2143 | Forced Browsing vulnerability in Frogman Office INC products CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | 5.3 |
| 2017-04-28 | CVE-2017-2142 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata Wn-G300R3 Firmware 1.01/1.03 Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |