Lucene search
K

42 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/25 12:0 a.m.34 views

JVN#75514460: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. ...

8.8CVSS8.8AI score0.01749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/24 12:0 a.m.40 views

JVN#85112513: php-contact-form vulnerable to cross-site scripting

php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS6AI score0.01633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/29 12:0 a.m.33 views

JVN#12165579: Vine MV vulnerable to cross-site scripting

Vine MV contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Vine MV prior to commit...

6.1CVSS6AI score0.01417EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/10 12:0 a.m.44 views

JVN#67540183: Simple Oekaki BBS vulnerable to cross-site scripting

Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

4.3CVSS5.9AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/04 12:0 a.m.27 views

JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting

Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

4.3CVSS6AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/07/29 12:0 a.m.41 views

JVN#00065218: JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation

JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability. Impact Users without administrative privileges may obtain administrative privileges. Solution Update the software Update to the latest version according to the...

9CVSS6.6AI score0.01927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/29 12:0 a.m.22 views

JVN#22756333: Sleipnir Mobile for Android vulnerable to address bar spoofing

Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest...

5.8CVSS6.1AI score0.01528EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/27 12:0 a.m.42 views

JVN#31817913: Yahoo! Browser vulnerable to address bar spoofing

Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update...

5.8CVSS6.2AI score0.01516EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/07/06 12:0 a.m.64 views

JVN#03582364: YY-BOARD vulnerable to cross-site scripting

YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS6.2AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/06/07 12:0 a.m.22 views

JVN#18397171: FeedDemon vulnerable to arbitrary script execution

FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...

2.6CVSS6.3AI score0.01803EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/05/21 12:0 a.m.36 views

JVN#86044443: iLunascape for Android vulnerable in the WebView class

iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...

5CVSS6.2AI score0.01513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/03/13 12:0 a.m.30 views

JVN#31860555: twicca fails to restrict access permissions

twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...

5CVSS6.4AI score0.01563EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/12/09 12:0 a.m.42 views

JVN#94002296: FFFTP may insecurely load executable files

FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...

9.3CVSS7.2AI score0.02192EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/04/08 12:0 a.m.38 views

JVN#11424086: Password Vault Web Access vulnerable to cross-site scripting

Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Apply a patch Apply t...

4.3CVSS5.8AI score0.01053EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/01/18 12:0 a.m.35 views

JVN#30414126: Ruby Version Manager escape sequence injection vulnerability

Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As a result, the string that is output on the terminal may contain an arbitrary escap...

6.8CVSS6.6AI score0.01786EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/11/26 12:0 a.m.33 views

JVN#46026251: Safari address bar spoofing vulnerability

Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed...

4.3CVSS5.8AI score0.02981EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/20 12:0 a.m.37 views

JVN#68536660: Archive Decoder may insecurely load executable files

Archive Decoder is a file extraction software that supports multiple file formats. Archive Decoder loads certain executables .exe when extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary cod...

6.9CVSS7.2AI score0.00283EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/01/06 12:0 a.m.18 views

JVN#09872874 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/11/19 12:0 a.m.24 views

JVN#01245481 Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...

4.3CVSS5.8AI score0.01523EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/08/24 12:0 a.m.29 views

JVN#31035930 SugarCRM vulnerable to SQL injection

SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Impact As a result of SQL injection, contents within the database can be compromised. Solution Update the Software Update to the latest version according to the information provided by th...

7.5CVSS7AI score0.01359EPSS
Exploits0
Rows per page
Query Builder