Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for acmailer by Seeds Co.,Ltd.

    JVNDB-2021-000004

    Vulnerability from jvndb - Published: 2021-01-14 16:22 - Updated:2021-01-14 16:22
    Severity
    Summary
    Multiple vulnerabilities in acmailer
    Details
    acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. *Improper Access Control (CWE-284) - CVE-2021-20617 *Privilege Chaining (CWE-268) - CVE-2021-20618 ma.la reported these vulnerabilities to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000004.html",
      "dc:date": "2021-01-14T16:22+09:00",
      "dcterms:issued": "2021-01-14T16:22+09:00",
      "dcterms:modified": "2021-01-14T16:22+09:00",
      "description": "acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Improper Access Control (CWE-284) - CVE-2021-20617\r\n*Privilege Chaining (CWE-268) - CVE-2021-20618\r\n\r\nma.la reported these vulnerabilities to the developer, and also to IPA in order to notify users of its solution through JVN.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000004.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:seeds:acmailer",
          "@product": "acmailer",
          "@vendor": "Seeds Co.,Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:seeds:acmailer_db",
          "@product": "acmailer DB",
          "@vendor": "Seeds Co.,Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "9.8",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000004",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN35906450/index.html",
          "@id": "JVN#35906450",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20617",
          "@id": "CVE-2021-20617",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20618",
          "@id": "CVE-2021-20618",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20617",
          "@id": "CVE-2021-20617",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20618",
          "@id": "CVE-2021-20618",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Multiple vulnerabilities in acmailer"
    }

    JVNDB-2016-000002

    Vulnerability from jvndb - Published: 2016-01-15 13:57 - Updated:2016-01-27 17:20
    Severity
    Summary
    acmailer vulnerable to OS command injection
    Details
    acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability (CWE-78). Kazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000002.html",
      "dc:date": "2016-01-27T17:20+09:00",
      "dcterms:issued": "2016-01-15T13:57+09:00",
      "dcterms:modified": "2016-01-27T17:20+09:00",
      "description": "acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability (CWE-78).\r\n\r\nKazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000002.html",
      "sec:cpe": {
        "#text": "cpe:/a:seeds:acmailer",
        "@product": "acmailer",
        "@vendor": "Seeds Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.5",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "4.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000002",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN50899877/index.html",
          "@id": "JVN#50899877",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1142",
          "@id": "CVE-2016-1142",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1142",
          "@id": "CVE-2016-1142",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "acmailer vulnerable to OS command injection"
    }

    JVNDB-2015-000098

    Vulnerability from jvndb - Published: 2015-07-15 15:53 - Updated:2015-07-27 15:12
    Severity
    N/A (UNKNOWN) - -
    Summary
    acmailer vulnerable to directory traversal
    Details
    acmailer provided by Seeds Co.,Ltd. contains a directory traversal (CWE-22) vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000098.html",
      "dc:date": "2015-07-27T15:12+09:00",
      "dcterms:issued": "2015-07-15T15:53+09:00",
      "dcterms:modified": "2015-07-27T15:12+09:00",
      "description": "acmailer provided by Seeds Co.,Ltd. contains a directory traversal (CWE-22) vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000098.html",
      "sec:cpe": {
        "#text": "cpe:/a:seeds:acmailer",
        "@product": "acmailer",
        "@vendor": "Seeds Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000098",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN64051989/index.html",
          "@id": "JVN#64051989",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2971",
          "@id": "CVE-2015-2971",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2971",
          "@id": "CVE-2015-2971",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "acmailer vulnerable to directory traversal"
    }

    JVNDB-2014-000089

    Vulnerability from jvndb - Published: 2014-07-29 14:15 - Updated:2014-08-01 18:29
    Severity
    N/A (UNKNOWN) - -
    Summary
    acmailer contains a cross-site request forgery vulnerability
    Details
    Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000089.html",
      "dc:date": "2014-08-01T18:29+09:00",
      "dcterms:issued": "2014-07-29T14:15+09:00",
      "dcterms:modified": "2014-08-01T18:29+09:00",
      "description": "Several cgi programs in acmailer contain a cross-site request forgery vulnerability.\r\n\r\nKazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000089.html",
      "sec:cpe": {
        "#text": "cpe:/a:seeds:acmailer",
        "@product": "acmailer",
        "@vendor": "Seeds Co.,Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.1",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000089",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN42511610/",
          "@id": "JVN#42511610",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3896",
          "@id": "CVE-2014-3896",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3896",
          "@id": "CVE-2014-3896",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "acmailer contains a cross-site request forgery vulnerability"
    }