Kusano Kazuhiko

**Nome do software vulnerável e versões afetadas: Todas as versões do Everything, da 1.0 à 1.2, exceto a versão Lite Descrição: A vulnerabilidade permite que um invasor remoto injete um script arbitrário ou altere o site que utiliza o produto. Isso se deve a uma vulnerabilidade de injeção de cabeçalho HTTP. Recomendações: Para as versões 1.0 a 1.2, exceto a versão Lite, atualize para uma versão que inclua uma correção para este problema, uma vez que não há solução alternativa específica disponível para essas versões. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** GNU Wget versions 1.20.1 and earlier **Description** The issue is related to a buffer overflow in the Wget console utility, which can be exploited by a remote attacker to execute arbitrary code or cause a denial-of-service. The vulnerability is associated with the handling of specially crafted data in multibyte encoding returned by a server. **Recommendations** For GNU Wget versions 1.20.1 and earlier, update to version 1.20.3 to resolve the issue. As a temporary workaround, consider restricting the use of Wget until the update is applied.

**Name of the Vulnerable Software and Affected Versions** kkcald versions 0.7.19 and earlier **Description** The issue allows remote attackers to perform unintended operations or execute denial of service attacks via unspecified vectors. **Recommendations** For versions 0.7.19 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** kkcald versions 0.7.21 and earlier **Description** A cross-site request forgery (CSRF) issue allows an attacker to hijack the authentication of administrators via unspecified vectors. **Recommendations** For versions 0.7.21 and earlier, update to a version later than 0.7.21 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** kkcald versions 0.7.21 and earlier **Description** A cross-site scripting issue allows an attacker to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions 0.7.21 and earlier, update to a version later than 0.7.21 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Yodobashi App for Android versions 1.2.1.0 and earlier **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the app does not verify X.509 certificates from SSL servers. **Recommendations** For versions 1.2.1.0 and earlier, update to a version that properly verifies X.509 certificates to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** Kintone mobile for Android versions 1.0.0 through 1.0.5 **Description** The issue is related to the failure of verifying SSL server certificates. This could potentially allow for man-in-the-middle attacks. **Recommendations** For versions 1.0.0 through 1.0.5, update to a version that properly verifies SSL server certificates to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cybozu KUNAI for iPhone versions 2.0.3 through 3.1.5 Cybozu KUNAI for Android versions 2.1.2 through 3.0.4 **Description** The issue is related to the failure of Cybozu KUNAI to verify SSL certificates. This could potentially allow for man-in-the-middle attacks. **Recommendations** For Cybozu KUNAI for iPhone versions 2.0.3 through 3.1.5, update to a version that properly verifies SSL certificates. For Cybozu KUNAI for Android versions 2.1.2 through 3.0.4, update to a version that properly verifies SSL certificates.

**Name of the Vulnerable Software and Affected Versions** Cybozu Office versions 9.0.0 through 10.4.0 **Description** A cross-site scripting issue allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. **Recommendations** For Cybozu Office versions 9.0.0 through 10.4.0, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AKABEi SOFT2 games (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary OS commands via crafted saved data. This has been demonstrated using Happy Wardrobe, indicating a potential for exploitation in specific scenarios. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPE-MOON Fate/stay night (affected versions not specified) TYPE-MOON Fate/hollow ataraxia (affected versions not specified) TYPE-MOON Witch on the Holy Night (affected versions not specified) TYPE-MOON Fate/stay night + hollow ataraxia set (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary OS commands via crafted saved data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NScripter versions prior to 3.00 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via crafted save data. **Recommendations** For versions prior to 3.00, update to version 3.00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Yodobashi application versions 1.2.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary Java methods via a crafted HTML document, potentially obtaining sensitive information or executing OS commands. **Recommendations** For Yodobashi application versions 1.2.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Igreks MilkyStep Light versions 0.94 and earlier Igreks MilkyStep Professional versions 1.82 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Igreks MilkyStep Light versions 0.94 and earlier, update to a version later than 0.94 to resolve the issue. For Igreks MilkyStep Professional versions 1.82 and earlier, update to a version later than 1.82 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Igreks MilkyStep Light versions 0.94 and earlier Igreks MilkyStep Professional versions 1.82 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Igreks MilkyStep Light versions 0.94 and earlier, update to a version later than 0.94 to resolve the issue. For Igreks MilkyStep Professional versions 1.82 and earlier, update to a version later than 1.82 to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Igreks MilkyStep Light versions 0.94 and earlier Igreks MilkyStep Professional versions 1.82 and earlier **Description** The issue allows remote attackers to execute arbitrary OS commands. **Recommendations** For Igreks MilkyStep Light versions 0.94 and earlier, update to a version later than 0.94 to resolve the issue. For Igreks MilkyStep Professional versions 1.82 and earlier, update to a version later than 1.82 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Igreks MilkyStep Light versions 0.94 and earlier Igreks MilkyStep Professional versions 1.82 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. This can be exploited by tricking a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Igreks MilkyStep Light versions 0.94 and earlier, update to a version later than 0.94 to resolve the issue. For Igreks MilkyStep Professional versions 1.82 and earlier, update to a version later than 1.82 to resolve the issue. As a temporary workaround, consider implementing CSRF tokens or restricting access to sensitive functionality to minimize the risk of exploitation.

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958.

The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953.