Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/15 12:0 a.m.56 views

JVN#94169589: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS v2|...

7.5CVSS7.7AI score0.02982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/11 12:0 a.m.56 views

JVN#46258789: Multiple vulnerabilities in CyberMail

CyberMail contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5540 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Open Redirect CWE-601 -...

6.1CVSS6.7AI score0.01501EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.56 views

JVN#01040170: WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting

The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by...

5.4CVSS5.3AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/15 12:0 a.m.56 views

JVN#39896275: The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries

PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic...

7.8CVSS7.6AI score0.00963EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.56 views

JVN#01312667: Multiple vulnerabilities in I-O DATA WN-AX1167GR

WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS8.7AI score0.00843EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/26 12:0 a.m.56 views

JVN#01775119: Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running...

9.8CVSS9.4AI score0.01468EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/20 12:0 a.m.56 views

JVN#73182875: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-2090 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2| AV:N/AC:L/Au:S/C:P/I:P/A:P|...

6.5CVSS6.4AI score0.0247EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/02 12:0 a.m.56 views

JVN#40613060: Multiple vulnerabilities in WNC01WH

WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains multiple vulnerabilities listed below. Denial-of-service DoS - CVE-2016-7821 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:H/Au:N/C:N/I:N/A:C| Base...

8.8CVSS6.5AI score0.02219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/06/09 12:0 a.m.56 views

JVN#87272440: Apache Tomcat denial of service (DoS) vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. If Tomcat receives a request with an invalid header via the Java AJP connector, it will not return an error and instead closes the AJP connection. In case this connecto...

5CVSS4.8AI score0.10053EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/18 12:0 a.m.55 views

JVN#94521208: Multiple vulnerabilities in FitNesse

FitNesse contains multiple vulnerabilities listed below. Multiple cross-site scripting CWE-79 - CVE-2024-23604, CVE-2024-28128 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Improper...

9.8CVSS8.5AI score0.00992EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/04 12:0 a.m.55 views

JVN#42883072: Kaitai Struct: compiler vulnerable to denial-of-service (DoS)

Kaitai Struct: compiler provided by Kaitai team contains SnakeYAML library version 1.25, which is used in parsing .ksy files. SnakeYAML version 1.25 expands recursive aliases unlimitedly CWE-674, hence Katai Struct: compiler is vulnerable to a denial-of-service DoS attack by Billion Laughs Attack...

7.5CVSS7.3AI score0.26723EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/13 12:0 a.m.55 views

JVN#46313661: EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the administrative page of the product. Solution Update the plug...

6.1CVSS6AI score0.00757EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.55 views

JVN#11438679: Kagemai vulnerable to cross-site request forgery

Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privilege views a...

8.8CVSS8.7AI score0.00558EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/10 12:0 a.m.55 views

JVN#80785288: Wekan vulnerable to cross-site scripting

Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Impact When a logged-in user store malicious value containing Javascript code to the system, that...

5.4CVSS5.2AI score0.00751EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/10/05 12:0 a.m.55 views

JVN#82892096: OS command injection vulnerability in multiple ELECOM LAN routers

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Impact A remote attacker who can access the management screen of the affected device may execute an arbitrary OS command with root privilege. Solution Apply the appropriate firmware updat...

8.8CVSS8.9AI score0.00614EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/09/11 12:0 a.m.55 views

JVN#09166495: Multiple vulnerabilities in Buffalo AirStation WHR-G54S

Buffalo AirStation WHR-G54S contains multiple vulnerabilities listed below. Directory Traversal - CVE-2020-5605 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N| Base Score: 4.1 CVSS v2| AV:A/AC:L/Au:S/C:P/I:N/A:N| Base Score: 2.7 Cross-site Scripting -...

6.1CVSS5.6AI score0.01054EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/29 12:0 a.m.55 views

JVN#72589538: LXR vulnerable to OS command injection

LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Impact On a server where the product is running, a remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version according to the information provided by the...

10CVSS9.7AI score0.03117EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.55 views

JVN#48774168: PHP 2chBBS vulnerable to cross-site scripting

PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. Impact Due to this vulnerability, a victim being tricked...

6.1CVSS5.8AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/11 12:0 a.m.55 views

JVN#57842148: Lhaplus vulnerable to improper verification when expanding ZIP64 archives

Lhaplus is file compression/decompression software. Lhaplus does not treat ZIP64 archives properly when expanding. Impact An unintended content may be extracted from a crafted ZIP64 archive. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS3.8AI score0.00634EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/08 12:0 a.m.55 views

JVN#52691241: Multiple installers of the software provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Multiple installers of the software provided by Geospatial Information Authority of Japan GSI contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

9.3CVSS7.5AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/25 12:0 a.m.55 views

JVN#71572107: Installer of Vivaldi for Windows may insecurely load executable files

The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest...

7.8CVSS7.7AI score0.02516EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/28 12:0 a.m.55 views

JVN#73083905: Multiple vulnerabilities in WBCE CMS

WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.6CVSS7.1AI score0.0351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/12 12:0 a.m.55 views

JVN#18146081: LoadLibrary function in Microsoft Windows fails to validate input properly

The LoadLibrary function in Microsoft Windows fails to validate input properly. As a result, it may load a specially crafted DLL file CWE-114. Impact An arbitrary code may be executed as a result of an application loads a specially crafted DLL file. Solution Update the Software This issue was...

6.9CVSS6.4AI score0.01996EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/15 12:0 a.m.55 views

JVN#71256611: ASP.NET vulnerable to open redirect

ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component. Therefore a web application that implements ASP.NET may be vulnerable. Impact The user who accesses the web application that implements ASP.NET may be redirected to an arbitrary website. ...

6.8CVSS6AI score0.24138EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/15 12:0 a.m.55 views

JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user'...

4.3CVSS7.3AI score0.77376EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/22 12:0 a.m.54 views

JVN#97197972: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 - CVE-2023-40219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.7 CVSS v2|...

8.8CVSS6.6AI score0.00949EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/31 12:0 a.m.54 views

JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client

VI Web Client provided by i-PRO Co., Ltd. is Video Insight’s video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7...

6.1CVSS6.1AI score0.00412EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.54 views

JVN#42220311: Kagemai vulnerable to cross-site scripting

Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user who can...

6.1CVSS6AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.54 views

JVN#12559271: Kagemai vulnerable to cross-site scripting

Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Consider sto...

6.1CVSS6AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/20 12:0 a.m.54 views

JVN#26835001: The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.5AI score0.00341EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/10 12:0 a.m.54 views

JVN#77753476: Hatena Bookmark App for iOS contains an address bar spoofing vulnerability

Hatena Bookmark App for iOS provided by Hatena Co., Ltd. contains a vulnerability where the address bar displays a different URL than the URL that is being accessed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution...

6.5CVSS6AI score0.01017EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.54 views

JVN#64990648: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user's...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/30 12:0 a.m.55 views

JVN#26115441: Installer of ”Remote Support Tool (Enkaku Support Tool)” may insecurely load Dynamic Link Libraries

Installer of ”Remote Support Tool Enkaku Support Tool” provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary...

9.3CVSS7.7AI score0.01231EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/24 12:0 a.m.54 views

JVN#58559719: WordPress plugin "BackupGuard" vulnerable to cross-site scripting

The WordPress plugin "BackupGuard" provided by BackupGuard contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.00923EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/23 12:0 a.m.54 views

JVN#30866130: The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed wi...

9.3CVSS7.8AI score0.01456EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/06 12:0 a.m.54 views

JVN#98617234: WordPress plugin "Multi Feed Reader" vulnerable to SQL injection

The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by an attacker. Solution Update the plugin Update the plugin...

8.8CVSS8.9AI score0.01617EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/24 12:0 a.m.54 views

JVN#63940326: Sophos Disk Encryption vulnerable to authentication bypass

Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC. Impact An...

6.9CVSS6.9AI score0.0051EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/07 12:0 a.m.54 views

JVN#28467717: Page Scroller vulnerable to cross-site scripting

Page Scroller from coliss is a script that uses jQuery. In addition to Page Scroller being avaliable just as a script, it is also available as a ZIP archive that includes jQuery and demo files. The jQuery included in the ZIP archive contains a known cross-site scripting vulnerability CVE-2011-496...

4.3CVSS6.1AI score0.19191EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/08/08 12:0 a.m.54 views

JVN#39519659: Sleipnir Mobile for Android vulnerable to arbitrary script execution

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary script execution vulnerability. Impact If a user uses a certain function of the affected product that called by other malicious Android application, an attacker may be able to execu...

4.3CVSS6.6AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/05/17 12:0 a.m.54 views

JVN#45898075: Drupal Form API fails to validate the redirect URL

Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Impact A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed...

5.8CVSS6.1AI score0.01378EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/21 12:0 a.m.54 views

JVN#48097065: TeraPad may insecurely load dynamic libraries

TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...

6.9CVSS7.2AI score0.00283EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/10 12:0 a.m.54 views

JVN#30732239: Apache Tomcat allows access from a non-permitted IP address

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. Impact Impact varies depending on t...

4.3CVSS5.9AI score0.04807EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/19 12:0 a.m.53 views

JVN#04278547: Multiple vulnerabilities in home gateway HGW-BL1500HM

Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-27567 Stored cross-site scripting in the USB storage...

8.8CVSS7.3AI score0.00878EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/27 12:0 a.m.53 views

JVN#61105618: baserCMS vulnerable to arbitrary file uploads

baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Impact An user with Operator privilege may upload arbitrary files. As a result, arbitrary PHP code may be executed. Solution Update the software Update the software to the latest version...

9.8CVSS9.5AI score0.01089EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/17 12:0 a.m.53 views

JVN#13464252: UNIVERGE DT Series vulnerable to missing encryption of sensitive data

UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers IP Phone Manager and Data Maintenance Tool provided by NEC Platforms, Ltd. contain a missing encryption vulnerability CWE-311. Impact If a remote attacker who can access to the internal network setting the product analyzes packets...

5.3CVSS5.2AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/28 12:0 a.m.53 views

JVN#28845872: Android App "MyPallete" vulnerable to improper server certificate verification

Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification CWE-295 and to improper host-matching validation CWE-297. Impact A man-in-the-midd...

7.4CVSS7.3AI score0.01175EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/05 12:0 a.m.53 views

JVN#01837169: Installer of WinShot may insecurely load Dynamic Link Libraries

Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format WinShot When using WinShot, download the...

9.3CVSS7.6AI score0.01076EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/02 12:0 a.m.53 views

JVN#15643848: Spring Security and Spring Framework vulnerable to authentication bypass

Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Impact A remote attacker can bypass authentication. As a result, the attacker gains access to the server and information may be disclosed. Solution Update the Software Update to...

5.3CVSS5.7AI score0.02857EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.53 views

JVN#51410509: I-O DATA WN-G300R31 uses hard-coded credentials

WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials CWE-798. Impact A user with access to the network that is connected to the affected device may execute arbitrary code on the device. Solution Update the Firmware Apply the appropriate...

8CVSS8AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 12:0 a.m.53 views

JVN#17633442: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.01678EPSS
Exploits0
Total number of security vulnerabilities5000