Masaki Yoshikawa

**Name of the Vulnerable Software and Affected Versions** GigaCC OFFICE versions 2.3 and earlier **Description** The issue allows remote attackers to execute arbitrary OS commands via specially crafted mail templates. **Recommendations** For GigaCC OFFICE versions 2.3 and earlier, update to a version later than 2.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDDI HOME SPOT CUBE versions prior to 2 **Description** The issue allows remote attackers to redirect users to arbitrary web sites, potentially leading to phishing attacks. This is achieved via unspecified vectors. **Recommendations** For versions prior to 2, update to version 2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDDI HOME SPOT CUBE devices version 2 and earlier **Description** A CRLF injection issue allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. **Recommendations** For KDDI HOME SPOT CUBE devices version 2 and earlier, update to a version later than 2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDDI HOME SPOT CUBE devices version 2 and earlier **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For KDDI HOME SPOT CUBE devices version 2 and earlier, update to a version later than 2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDDI HOME SPOT CUBE devices versions prior to 2 **Description** The issue allows remote attackers to conduct clickjacking attacks via unspecified vectors. **Recommendations** For versions prior to 2, update to version 2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDDI HOME SPOT CUBE devices version 2 and earlier **Description** The issue allows remote authenticated users to execute arbitrary OS commands. **Recommendations** For versions prior to 2, update to version 2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDDI HOME SPOT CUBE versions prior to 2 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims via unknown vectors. **Recommendations** For versions prior to 2, update to version 2 or later to resolve the issue.