Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for LogonTracer by JPCERT Coordination Center
JVNDB-2026-000059
Vulnerability from jvndb - Published: 2026-04-23 16:57 - Updated:2026-04-23 16:57
Severity ?
Summary
Multiple vulnerabilities in LogonTracer
Details
LogonTracer provided by Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs.
LogonTracer contains multiple vulnerabilities listed below.
- OS command injection (CWE-78) - CVE-2026-33277
- Improper neutralization of special elements in data query logic (CWE-943) - CVE-2026-33566
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000059.html",
"dc:date": "2026-04-23T16:57+09:00",
"dcterms:issued": "2026-04-23T16:57+09:00",
"dcterms:modified": "2026-04-23T16:57+09:00",
"description": "LogonTracer provided by Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs.\r\nLogonTracer contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/943.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-33277\u003c/li\u003e\u003cli\u003eImproper neutralization of special elements in data query logic (CWE-943) - CVE-2026-33566\u003c/li\u003e\u003c/ul\u003eYuki Matsuhashi reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated internally under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000059.html",
"sec:cpe": {
"#text": "cpe:/a:jpcert:logontracer",
"@product": "LogonTracer",
"@vendor": "JPCERT Coordination Center",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000059",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN57877356/index.html",
"@id": "JVN#57877356",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-33277",
"@id": "CVE-2026-33277",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-33566",
"@id": "CVE-2026-33566",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in LogonTracer"
}
JVNDB-2018-009127
Vulnerability from jvndb - Published: 2024-08-21 17:37 - Updated:2024-08-21 17:37
Severity ?
Summary
Multiple vulnerabilities in LogonTracer
Details
LogonTracer provided by JPCERT Coordination Center is a tool to investigate malicious Windows logon by visualizing and analyzing Windows event log. LogonTracer contains multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2018-16165
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3
* XXE (XML External Entity) Injection (CWE-611) - CVE-2018-16166
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L Base Score: 6.1
CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0
* OS Command Injection (CWE-78) - CVE-2018-16167
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
* Code Injection (CWE-94) - CVE-2018-16168
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
Shoji Baba of Kobe Digital Labo, Inc. reported these vulnerabilities to JPCERT/CC, and JPCERT/CC fixed those vulnerabilities and released the updated version of software.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009127.html",
"dc:date": "2024-08-21T17:37+09:00",
"dcterms:issued": "2024-08-21T17:37+09:00",
"dcterms:modified": "2024-08-21T17:37+09:00",
"description": "LogonTracer provided by JPCERT Coordination Center is a tool to investigate malicious Windows logon by visualizing and analyzing Windows event log. LogonTracer contains multiple vulnerabilities listed below.\r\n\r\n * Cross-site Scripting (CWE-79) - CVE-2018-16165\r\n CVSS v3\tCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\tBase Score: 6.1\r\n CVSS v2\tAV:N/AC:M/Au:N/C:N/I:P/A:N\tBase Score: 4.3\r\n * XXE (XML External Entity) Injection (CWE-611) - CVE-2018-16166\r\n CVSS v3\tCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L\tBase Score: 6.1\r\n CVSS v2\tAV:N/AC:L/Au:N/C:P/I:N/A:N\tBase Score: 5.0\r\n * OS Command Injection (CWE-78) - CVE-2018-16167\r\n CVSS v3\tCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\tBase Score: 10.0\r\n CVSS v2\tAV:N/AC:L/Au:N/C:P/I:P/A:P\tBase Score: 7.5\r\n * Code Injection (CWE-94) - CVE-2018-16168\r\n CVSS v3\tCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\tBase Score: 10.0\r\n CVSS v2\tAV:N/AC:L/Au:N/C:P/I:P/A:P\tBase Score: 7.5\r\n\r\nShoji Baba of Kobe Digital Labo, Inc. reported these vulnerabilities to JPCERT/CC, and JPCERT/CC fixed those vulnerabilities and released the updated version of software.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009127.html",
"sec:cpe": {
"#text": "cpe:/a:jpcert:logontracer",
"@product": "LogonTracer",
"@vendor": "JPCERT Coordination Center",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "10.0",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-009127",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"@id": "JVNVU#98026636",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16165",
"@id": "CVE-2018-16165",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16166",
"@id": "CVE-2018-16166",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16168",
"@id": "CVE-2018-16168",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16167",
"@id": "CVE-2018-16167",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16165",
"@id": "CVE-2018-16165",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16166",
"@id": "CVE-2018-16166",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16167",
"@id": "CVE-2018-16167",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16168",
"@id": "CVE-2018-16168",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/611.html",
"@id": "CWE-611",
"@title": "Improper Restriction of XML External Entity Reference(CWE-611)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in LogonTracer"
}
CVE-2018-16168 (GCVE-0-2018-16168)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Code injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16168",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16167 (GCVE-0-2018-16167)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16167",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16166 (GCVE-0-2018-16166)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16166",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16165 (GCVE-0-2018-16165)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16165",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16166 (GCVE-0-2018-16166)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16166",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16165 (GCVE-0-2018-16165)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16165",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16168 (GCVE-0-2018-16168)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Code injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16168",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16167 (GCVE-0-2018-16167)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JPCERT Coordination Center | LogonTracer |
Affected:
1.2.0 and earlier
|
Date Public ?
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LogonTracer",
"vendor": "JPCERT Coordination Center",
"versions": [
{
"status": "affected",
"version": "1.2.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16167",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}