Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:38 a.m.•2 views

Multiple directory traversal vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below. Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request CWE-22 - CVE-2018-0703 Directory traversal vulnerability due to a flaw in processing parameter...

8.6CVSS7AI score0.01947EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:34 a.m.•2 views

Cybozu Mailwise vulnerable to directory traversal

Overview Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of it...

8.6CVSS6.8AI score0.01947EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 5:56 a.m.•2 views

WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Yuta Kitaoka of TokyoDenkiUniversity Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS5.9AI score0.01204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/23 6:15 a.m.•2 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...

9.8CVSS7AI score0.04767EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/19 5:45 a.m.•2 views

Web Isolation vulnerable to cross-site scripting

Overview Web Isolation provided by Symantec Corporation contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provide...

6.1CVSS6AI score0.00999EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/26 5:58 a.m.•2 views

LINE MUSIC for Android fails to verify SSL server certificates

Overview LINE MUSIC for Android provided by LINE MUSIC CORPORATION fails to verify SSL server certificates CWE-295. LINE MUSIC CORPORATION reported this vulnerability to JPCERT/CC to notify users of respective solutions through JVN. Impact A man-in-the-middle attack may allow an attacker to...

7.4CVSS6.5AI score0.00633EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/20 6:41 a.m.•2 views

WL-330NUL vulnerable to cross-site request forgery

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability CWE-352. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.5AI score0.00558EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/18 6:35 a.m.•2 views

Movable Type plugin MTAppjQuery vulnerable to PHP code execution

Overview MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file CWE-434, which may lead to arbitrary PHP...

9.8CVSS7.9AI score0.02409EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 6:4 a.m.•2 views

Multiple vulnerabilities in Aterm W300P

Overview Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 Buffer Overflow CWE-119 - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this...

9CVSS7.5AI score0.018EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 6:4 a.m.•2 views

Multiple OS command injection vulnerabilities in Aterm WG1200HP

Overview Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities CWE-78. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9CVSS7.6AI score0.01399EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/06 5:36 a.m.•2 views

DHC Online Shop App for Android fails to verify SSL server certificates

Overview DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Sho Ueshima and Tsuyoshi Ogawa of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

7.4CVSS6.5AI score0.00607EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/03 4:42 a.m.•2 views

Installer of Glary Utilities may insecurely load Dynamic Link Libraries

Overview Installer of Glary Utilities provided by Glarysoft Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

7.8CVSS6.9AI score0.00794EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/13 6:11 a.m.•2 views

Local File Inclusion vulnerability in Zenphoto

Overview Zenphoto is a content management system CMS. Zenphoto contains a Local File Inclusion vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Sensitive information may be obtained or...

7.2CVSS7.2AI score0.01846EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/31 5:7 a.m.•2 views

Multiple vulnerabilities in Pixelpost

Overview Pixelpost provided by Pixelpost.org contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0604 Cross-site scripting CWE-79 - CVE-2018-0605 SQL injection CWE-89 - CVE-2018-0606 ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.2CVSS8.9AI score0.01796EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/29 4:47 a.m.•2 views

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file

Overview The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file...

9.3CVSS6.9AI score0.01052EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 5:30 a.m.•2 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Information disclosure in the application "Message" when viewing an external image CWE-200 - CVE-2018-0526 Stored cross-site scripting in "E-mail Details Screen" of the application "E-mail" CWE-79 -...

6.5CVSS6.1AI score0.01069EPSS
Exploits0References26
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 6:18 a.m.•2 views

Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries

Overview Multiple Windows applications and installers provided by Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory where applications and/or installers reside CWE-427. Microsoft states that the root cause of thi...

7.8CVSS7.2AI score0.0513EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 5:57 a.m.•2 views

The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries

Overview The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer CWE-427. Microsoft states that the root cause of this vulnerability is "Applicatio...

9.3CVSS7.1AI score0.04589EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/11 5:34 a.m.•2 views

KINEPASS App fails to verify SSL server certificates

Overview KINEPASS App provided by T-JOY CO.,LTD fails to verify SSL server certificates. Seigo Yamamoto of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow a...

5.9CVSS6.5AI score0.00873EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/11 5:34 a.m.•2 views

IIJ SmartKey App for Android vulnerable to authentication bypass

Overview IIJ SmartKey App for Android contains an authentication bypass vulnerability. IIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication two-factor authentication for a website from an Android device. IIJ SmartKey App fo...

7.5CVSS6.8AI score0.01622EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/10 6:30 a.m.•2 views

Access Control Vulnerability in Hitachi Infrastructure Analytics Advisor

Overview An Access Control Vulnerability was found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

7.5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 5:0 a.m.•2 views

WordPress plugin "Events Manager" vulnerable to cross-site scripting

Overview The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC...

5.4CVSS5.8AI score0.01517EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/10 4:39 a.m.•2 views

Hatena Bookmark App for iOS contains an address bar spoofing vulnerability

Overview Hatena Bookmark App for iOS provided by Hatena Co., Ltd. contains a vulnerability where the address bar displays a different URL than the URL that is being accessed. Kenichiro Wakitani reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS6.4AI score0.01017EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:48 a.m.•2 views

TinyFTP Daemon vulnerable to buffer overflow

Overview TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that an...

10CVSS7.6AI score0.0323EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:48 a.m.•2 views

ViX may insecurely load Dynamic Link Libraries

Overview ViX provided by KOKADA is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file CWE-427. During the meeting of Committee for authorizing the...

7.8CVSS6.9AI score0.00961EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/09 4:56 a.m.•2 views

Multiple vulnerabilities in CG-WGR1200

Overview CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Buffer Overflow CWE-78 - CVE-2017-10853 Authentication bypass CWE-306 - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure...

8.8CVSS8.1AI score0.00868EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/05 6:10 a.m.•2 views

Installer of WinShot may insecurely load Dynamic Link Libraries

Overview Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.3CVSS6.8AI score0.01076EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/05 5:7 a.m.•2 views

Installer of JTrim may insecurely load Dynamic Link Libraries

Overview Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.3CVSS6.8AI score0.00925EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/13 6:37 a.m.•2 views

Installer of "FLET'S Azukeru Backup Tool" may insecurely load Dynamic Link Libraries

Overview "FLET'S Azukeru Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is software to automatically back up files in the user's computer to "FLET'S Azukeru" service. Installer of "FLET'S Azukeru Backup Tool" contains an issue with the DLL search path, which may lead to...

7.8CVSS6.8AI score0.00928EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/12 6:7 a.m.•2 views

Cross-site Scripting Vulnerability in Fujitsu NetCOBOL

Overview A cross-site scripting vulnerability was found in MeFt/Web Service manager function in Fujitsu NetCOBOL. Impact By creating a malicious webpage that exploits this vulnerability, an attacker could execute arbitrary code on the user's computer used to access the malicious webpage. Solution...

3.5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/17 7:58 a.m.•2 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Cross-site Scripting Access Control For Access Control, Hitachi Data Center Analytics v8.0.0, v8.0.2, v8.1.0, and v8.1.3 will be affected. Impact Regarding the impact of the vulnerability, please refer ...

7.5CVSS6.6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/17 7:26 a.m.•2 views

Information Disclosure Vulnerability in Hitachi Global Link Manager

Overview An Information Disclosure Vulnerability was found in Hitachi Global Link Manager. Impact Information might be disclosed. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/11 7:43 a.m.•2 views

HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries

Overview HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from JVN58909026. Eili Masami of Tachibana Lab. report...

9.3CVSS6.8AI score0.01008EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/11 7:43 a.m.•2 views

HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries

Overview HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from JVN55516206. Yuji Tounai of NTT Communications...

9.3CVSS6.8AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/12 5:35 a.m.•2 views

Wi-Fi STATION L-02F fails to restrict access permissions

Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS6.7AI score0.01585EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/23 6:36 a.m.•2 views

Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Overview Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Improper access restriction CWE-425 - CVE-2017-10833 Directory traversal CWE-22 - CVE-2017-10834 Arbitrary PHP...

10CVSS8.1AI score0.0295EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 6:31 a.m.•2 views

Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries

Overview Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. The tool is provided as a ZIP archive. It is assumed that a user extracts the too...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/24 6:8 a.m.•2 views

RBB SPEED TEST App fails to verify SSL server certificates

Overview RBB SPEED TEST App provided by IID, Inc. fails to verify SSL server certificates. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...

5.9CVSS6.5AI score0.00632EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/24 4:52 a.m.•2 views

WordPress plugin "Popup Maker" vulnerable to cross-site scripting

Overview The WordPress plugin "Popup Maker" provided by Popup Maker contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary scri...

6.1CVSS5.9AI score0.01634EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/11 4:48 a.m.•2 views

Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries

Overview Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.8CVSS8.7AI score0.01407EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/21 4:45 a.m.•2 views

HOME SPOT CUBE2 vulnerable to improper authentication in WebUI

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains improper authentication in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS6.9AI score0.01033EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/12 5:49 a.m.•2 views

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file

Overview Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Note that this vulnerability is different from JVN7551446...

7.8CVSS7.1AI score0.01374EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/08 6:31 a.m.•2 views

The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

9.3CVSS7.2AI score0.01059EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:19 a.m.•2 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN20870477...

8.8CVSS7.9AI score0.02325EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:19 a.m.•2 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN80238098...

8.8CVSS7.9AI score0.01507EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/02 5:0 a.m.•2 views

Installer of SaAT Personal may insecurely load Dynamic Link Libraries

Overview The installer of SaAT Personal provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

8.8CVSS7AI score0.01636EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 5:53 a.m.•2 views

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. report...

5.4CVSS6.1AI score0.00891EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/12 4:36 a.m.•2 views

PrimeDrive Desktop Application Installer may insecurely load executable files

Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Eili Masami of...

7.8CVSS6.8AI score0.01881EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/18 4:42 a.m.•2 views

NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control

Overview ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for...

4.3CVSS6.5AI score0.01261EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/13 4:49 a.m.•2 views

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Note that this vulnerability is different from JVN77253951. Gen Sato of Mitsui Bussan Secure...

6.1CVSS5.8AI score0.02603EPSS
Exploits0References6
Total number of security vulnerabilities5000