Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for QND Advance/Standard by QualitySoft Corporation

    CVE-2017-10861 (GCVE-0-2017-10861)

    Vulnerability from nvd – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Date Public
    2017-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.qualitysoft.com/qnd_vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QND Advance/Standard",
              "vendor": "QualitySoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-01T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.qualitysoft.com/qnd_vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10861",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QND Advance/Standard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QualitySoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU94198685/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
                },
                {
                  "name": "http://www.qualitysoft.com/qnd_vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.qualitysoft.com/qnd_vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10861",
        "datePublished": "2017-12-01T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10861 (GCVE-0-2017-10861)

    Vulnerability from cvelistv5 – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Date Public
    2017-11-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.qualitysoft.com/qnd_vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "QND Advance/Standard",
              "vendor": "QualitySoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-11-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-01T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.qualitysoft.com/qnd_vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10861",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QND Advance/Standard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QualitySoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU94198685/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
                },
                {
                  "name": "http://www.qualitysoft.com/qnd_vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.qualitysoft.com/qnd_vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10861",
        "datePublished": "2017-12-01T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2017-009884

    Vulnerability from jvndb - Published: 2017-11-28 11:26 - Updated:2018-03-14 14:17
    Severity
    Summary
    QND Advance/Standard vulnerable to directory traversal
    Details
    QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability. QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability (CWE-22) in an administrative server due to the issue in processing input from an agent program. An administrative server does not require authentication in the communication between a server and an agent program either, therefore an arbitrary request from an arbitrary device with access to an administrative server can be sent and processed. Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-009884.html",
      "dc:date": "2018-03-14T14:17+09:00",
      "dcterms:issued": "2017-11-28T11:26+09:00",
      "dcterms:modified": "2018-03-14T14:17+09:00",
      "description": "QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability.\r\n\r\nQND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability (CWE-22) in an administrative server due to the issue in processing input from an agent program.\r\nAn administrative  server does not require authentication in the communication between a server and an agent program either, therefore an arbitrary request from an arbitrary device with access to an administrative server can be sent and processed.\r\n\r\nMuneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-009884.html",
      "sec:cpe": {
        "#text": "cpe:/a:qualitysoft:qnd_advance%2Fstandard",
        "@product": "QND Advance/Standard",
        "@vendor": "QualitySoft Corporation",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "9.4",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
          "@version": "2.0"
        },
        {
          "@score": "9.1",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-009884",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU94198685/index.html",
          "@id": "JVNVU#94198685",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10861",
          "@id": "CVE-2017-10861",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10861",
          "@id": "CVE-2017-10861",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "QND Advance/Standard vulnerable to directory traversal"
    }