Takayoshi Isayama

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 3.0 **Description** The issue allows remote attackers to obtain sensitive information via a crafted web site due to improper handling of XML documents. **Recommendations** For versions prior to 3.0, update to version 3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TS-WPTCAM versions 1.19 and earlier TS-PTCAM versions 1.19 and earlier TS-PTCAM/POE versions 1.19 and earlier TS-WLC2 versions 1.19 and earlier TS-WLCE versions 1.19 and earlier TS-WRLC versions 1.19 and earlier TS-WPTCAM2 versions 1.01 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators via unspecified vectors. **Recommendations** For TS-WPTCAM versions 1.19 and earlier, update to a version later than 1.19. For TS-PTCAM versions 1.19 and earlier, update to a version later than 1.19. For TS-PTCAM/POE versions 1.19 and earlier, update to a version later than 1.19. For TS-WLC2 versions 1.19 and earlier, update to a version later than 1.19. For TS-WLCE versions 1.19 and earlier, update to a version later than 1.19. For TS-WRLC versions 1.19 and earlier, update to a version later than 1.19. For TS-WPTCAM2 versions 1.01 and earlier, update to a version later than 1.01.

**Name of the Vulnerable Software and Affected Versions** FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) versions V3.00.02 and earlier FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) versions V2.00.04 and earlier **Description** The issue allows default credentials to be set for wireless LAN connections when the PhotoShare function is enabled through a web browser. This could potentially allow unauthorized access to the device. **Recommendations** For FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) versions V3.00.02 and earlier, change the default credentials to secure ones as soon as possible. For FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) versions V2.00.04 and earlier, update the credentials to secure ones to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) versions V3.00.02 and earlier FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) versions V2.00.04 and earlier **Description** The issue allows authenticated attackers to bypass access restrictions and obtain unauthorized image data. The exact vectors used for the bypass are not specified. **Recommendations** For FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) versions V3.00.02 and earlier, update to a version later than V3.00.02 to resolve the issue. For FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) versions V2.00.04 and earlier, update to a version later than V2.00.04 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ProSAFE Plus Configuration Utility versions prior to 2.3.29 **Description** The issue allows remote attackers to bypass access restrictions and modify switch configurations via SOAP requests. **Recommendations** For versions prior to 2.3.29, update to version 2.3.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions prior to 4.2.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.3.20 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the implementation of the debug mode (devMode) in Apache Struts. This vulnerability can be exploited by a remote attacker to conduct inter-site script attacks. When the Struts2 debug mode is turned on, under certain conditions, an arbitrary script may be executed in the 'Problem Report' screen. Additionally, if JSP files are exposed to be accessed directly, it's possible to execute an arbitrary script. **Recommendations** For versions prior to 2.3.20, turn off the debug mode in production setup to mitigate the risk. Always hide JSP files inside the WEB-INF folder or define dedicated security constraints to block access to raw JSP files. Consider upgrading to Struts 2.3.20 or higher if turning off debug mode is not possible.

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.3.20 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It is associated with the debug mode (devMode) of the Apache Struts platform, where the structure of web pages is not properly protected. This could allow a remote attacker to perform inter-site script attacks. The vulnerability can be exploited when the Struts2 debug mode is turned on under certain conditions, allowing an arbitrary script to be executed in the 'Problem Report' screen. Additionally, if JSP files are directly accessible, it is possible to execute an arbitrary script. **Recommendations** For versions prior to 2.3.20, upgrade to Apache Struts 2.3.20 or higher. As a temporary workaround, consider turning off the debug mode in production setups. Restrict access to JSP files by hiding them inside the WEB-INF folder or defining dedicated security constraints to block access to raw JSP files.

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.3.20 **Description** The issue is related to the ParametersInterceptor in Apache Struts, which does not properly restrict access to the getClass method. This allows remote attackers to manipulate the ClassLoader and execute arbitrary code via a crafted request. The vulnerability exists due to an incomplete fix for a previous issue. It is related to the implementation of the getClass method, which has access control deficiencies when using the ParametersInterceptor with the class parameter. Exploitation of this vulnerability can allow a remote attacker to execute arbitrary code by sending a specially crafted request. **Recommendations** For Apache Struts versions prior to 2.3.20, update to version 2.3.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the `getClass()` method via the ParametersInterceptor to minimize the risk of exploitation. Restrict access to the `class` parameter in the affected API endpoint to prevent manipulation of the ClassLoader.

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.3.20 **Description** The issue is related to the CookieInterceptor in Apache Struts, where an incomplete fix for a previous issue has led to a vulnerability. This vulnerability allows remote attackers to manipulate the ClassLoader and execute arbitrary code via a crafted request, due to insufficient access restrictions when handling wildcard cookiesName values. The exploitation requires the application to be configured to accept all cookies, allowing access to the class parameter directly mapped to the getClass() method. **Recommendations** For Apache Struts versions prior to 2.3.20, update to version 2.3.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the getClass method in the CookieInterceptor class until a patch is available. Avoid using wildcard values for the cookiesName parameter in the CookieInterceptor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpspot PHP BBS versions prior to 20090914 PHP Image Capture BBS versions prior to 20090914 PHP & CSS BBS versions prior to 20090914 PHP BBS CE versions prior to 20090914 PHP RSS Builder versions prior to 20090914 webshot versions prior to 20090914 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies. **Recommendations** For phpspot PHP BBS versions prior to 20090914, update to a version released after 20090914. For PHP Image Capture BBS versions prior to 20090914, update to a version released after 20090914. For PHP & CSS BBS versions prior to 20090914, update to a version released after 20090914. For PHP BBS CE versions prior to 20090914, update to a version released after 20090914. For PHP RSS Builder versions prior to 20090914, update to a version released after 20090914. For webshot versions prior to 20090914, update to a version released after 20090914.

**Name of the Vulnerable Software and Affected Versions** phpspot PHP BBS versions prior to 20090914 PHP Image Capture BBS versions prior to 20090914 PHP & CSS BBS versions prior to 20090914 PHP BBS CE versions prior to 20090914 PHP RSS Builder versions prior to 20090914 webshot versions prior to 20090914 **Description** A directory traversal issue allows remote attackers to read arbitrary files via unspecified vectors. **Recommendations** For phpspot PHP BBS versions prior to 20090914, update to a version released after 20090914. For PHP Image Capture BBS versions prior to 20090914, update to a version released after 20090914. For PHP & CSS BBS versions prior to 20090914, update to a version released after 20090914. For PHP BBS CE versions prior to 20090914, update to a version released after 20090914. For PHP RSS Builder versions prior to 20090914, update to a version released after 20090914. For webshot versions prior to 20090914, update to a version released after 20090914.