Lucene search
K

16 matches found

Patchstack
Patchstack
added 2022/10/18 12:0 a.m.24 views

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability via wp-mail.php discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.19 views

WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability

Sender’s Email Address Exposure vulnerability via wp-mail.php was discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in the WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/06/01 12:0 a.m.22 views

WordPress Modern Events Calendar Lite plugin < 6.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tsutomu Aramaki Mitsui Bussan Secure Directions, Inc in WordPress Modern Events Calendar Lite plugin versions 6.3.0. Solution Fixed in version 6.3.0, but the plugin is closed. This plugin has been closed as of May 11, 2022...

5.4CVSS2.6AI score0.00529EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 5:0 a.m.4 views

AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...

7.8CVSS6.9AI score0.00362EPSS
Exploits0References8
Patchstack
Patchstack
added 2021/11/10 12:0 a.m.17 views

WordPress Booking Package plugin <= 1.5.10 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Gen Sato Mitsui Bussan Secure Directions, Inc in WordPress Booking Package plugin versions = 1.5.10. Solution Update the WordPress Booking Package plugin to the latest available version at least 1.5.11...

6.1CVSS1.8AI score0.01243EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/05 5:2 p.m.52 views

URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal

Impact Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like https://example.org is not in the portal. But the url https:example.org without slashes tricks our code and it is considered to be in the portal. When...

6.5CVSS0.3AI score0.01028EPSS
Exploits0References6Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/19 5:5 a.m.1 views

GROWI vulnerable to cross-site scripting

Overview GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.01044EPSS
Exploits0References5
Patchstack
Patchstack
added 2020/10/21 12:0 a.m.16 views

WordPress Simple Download Monitor plugin <= 3.8.8 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

8.8CVSS3.4AI score0.01487EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/10/21 12:0 a.m.18 views

WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

6.1CVSS2.7AI score0.00931EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/10/21 12:0 a.m.18 views

WordPress Simple Download Monitor plugin <= 3.8.8 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

8.8CVSS3.4AI score0.01487EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/21 12:0 a.m.14 views

Simple Download Monitor < 3.8.9 - Unauthenticated Cross-Site Scripting

Gen Sato of Mitsui Bussan Secure Directions, discovered an unauthenticated Cross-Site Scripting issue...

4.3CVSS3.3AI score0.00931EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 1:28 a.m.3 views

Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.8AI score0.00769EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2013/08/13 12:0 a.m.34 views

CakePHP 2.3.7 / 2.2.8 Local File Inclusion

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/25 4:40 a.m.4 views

ATOK for Android issue in the access permissions for the learning information file

Overview ATOK for Android provided by JUST Systems, contains an issue in the access permissions for the learning information file. ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings. Gaku...

4.3CVSS6.5AI score0.01204EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/11 10:24 a.m.5 views

WEB FORUM vulnerable to cross-site scripting

Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui...

5CVSS5.8AI score0.01029EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/09/18 2:48 a.m.2 views

Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Overview Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to...

4.3CVSS7AI score0.01065EPSS
Exploits0References8
Rows per page
Query Builder