5627 matches found
JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation
Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...
JVN#24035499: Cybozu Garoon vulnerable to session management
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management. Impact A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution For Cybozu Garoon 3.7: Apply the Patch...
JVN#52197991: Documents Pro (formerly Files HD) vulnerable to directory traversal
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a directory traversal vulnerability. Impact A guest user may view, delete or perform other actions on files that it does not have privileges to. Solution Update the software Update to...
JVN#99203127: Sage vulnerable to arbitrary script execution
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...
JVN#36921800: K2Editor may insecurely load executable files
K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privileg...
JVN#49704543 WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...
JVN#27203006 Internet Explorer vulnerable in MHTML handling
When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express...
JVN#04278547: Multiple vulnerabilities in home gateway HGW-BL1500HM
Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-27567 Stored cross-site scripting in the USB storage...
JVN#93541851: Oracle WebLogic Server vulnerable to HTTP header injection
Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability CWE-113. Impact This vulnerability could be exploited by a remote attacker to conduct a cross-site scripting attack, etc., and as a result, the displayed page may be altered or an arbitrary script may be...
JVN#22220399: Multiple vulnerabilities in CubeCart
CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6...
JVN#17806703: Multiple vulnerabilities in Cisco Firepower Management Center Software
Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-20219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.6 CVSS v2|...
JVN#05223215: Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2023-37560 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#40604023: Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Version| Vector| Score ---|---|--- CVSS v3|...
JVN#64453490: Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service
Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...
JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection
Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerability CWE-89. Impact An attacker may execute an arbitrary SQL command. Data in websites built using the product may be alter...
JVN#55917325: Multiple vulnerabilities in Aterm SA3500G
Aterm SA3500G provided by NEC Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5635 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| Base Score: 5.8 OS...
JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment
Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...
JVN#32415420: Multiple vulnerabiliteis in Shihonkanri Plus GOOUT
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter. Directory...
JVN#52319657: Multiple cross-site scripting vulnerabilities in Cybozu Mailwise
Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. Stored cross-site scripting vulnerability in "E-mail Details Screen" CWE-79 - CVE-2018-0557 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#48823557: Multiple Buffalo wireless LAN access point devices do not properly perform authentication
WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication CWE-287. Impact An attacker who can access the device may log in via telnet without authentication and access the configuration interface ...
JVN#79451345: Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...
JVN#40667528: Norton Download Manager may insecurely load Dynamic Link Libraries
Norton Download Manager provided by Symantec Japan, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the user running the application. Solution Use the latest Norton Download...
JVN#64636058: WinRAR may insecurely load executable files
WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file. WinRAR also contains a...
JVN#56210048: Apple OS X authentication issue when recovering from sleep mode
Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Impact When Apple Remote Desktop is used in full screen mode and the remote connection is...
JVN#77792759: Multiple ASUS wireless LAN routers vulnerable to OS command injection
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Impact An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN32631078, an arbitrary ...
JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Impact Processing a...
JVN#75492883: Pebble vulnerability where entries may become unviewable
Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability where blog entries may become unviewable. Impact A specially crafted comment being posted may cause an arbitrary blog entry to become...
JVN#18680611: Java Web Start may insecurely load dynamic libraries
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrar...
JVN#16308183: IBM DB2 vulnerable to denial-of-service (DoS)
IBM DB2 contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact An attacker that can create or execute stored procedures may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by th...
JVN#19445002 APOP password recovery vulnerability
Impact APOP passwords may be compromised. When the same password is used for other systems, those systems could be compromised as well. Solution Products Affected Mail clients with an APOP implementation As this is a protocol issue, software fixes cannot solve the issue essentially. Encrypted...
JVN#53682526: Multiple cross-site scripting vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base...
JVN#59576930: Zero-channel BBS Plus vulnerable to cross-site scripting
Zero-channel BBS Plus by Zero-Channel BBS Plus Developers is a bulletin board CGI script. Zero-channel BBS Plus contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the management screen of the product,...
JVN#88993473: Multiple vulnerabilities in multiple ELECOM LAN routers
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Buffer overflow CWE-121 - CVE-2021-20852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| Base Score...
JVN#98239374: Zettlr vulnerable to cross-site scripting
Zettlr provided by Hendrik Erz is a Markdown editor. Zettlr contains a cross-site scripting vulnerability CWE-79. Impact If a file or code snippet containing an invalid iframe is loaded into Zettlr, an arbitrary script may be executed on the system where it runs. Solution Update the Software Upda...
JVN#73236007: Archive collectively operation utility vulnerable to directory traversal
Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. Impact By expanding a malicious ZIP archive, arbitrary files may be created or overwritten with the...
JVN#08191557: WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection
WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access Paid Membership Pro may obtain and/or alter the information stored in the database. Solution Update the plugin Update the plugin according to the information provided by the...
JVN#73169744: Multiple vulnerabilities in multiple PHP Factory products
Multiple products provided by PHP Factory contain multiple vulnerabilities listed below. Cross-site Request Forgery CWE-352 - CVE-2020-5615 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2....
JVN#71816327: Installer of JTrim may insecurely load Dynamic Link Libraries
Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format JTrim When using JTrim, download the ZIP fi...
JVN#17523256: Installer of Tween may insecurely load Dynamic Link Libraries
Tween is a twitter client application. Installer of Tween contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer...
JVN#21612597: Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection
cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...
JVN#35998716: SX-2000WG vulnerable to denial-of-service (DoS)
SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service DoS. Impact A remote attacker may cause the...
JVN#33382534: AutoCAD vulnerable to arbitrary VBScript execution
AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. Impact Arbitrary VBScript code may be executed wi...
JVN#19847770: VMware ESX and ESXi vulnerable to buffer overflow
VMware ESX and ESXi contains a buffer overflow vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...
JVN#95863326: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser when the user is assigned the "logging" permission. Solution Update the Software Update to the latest version accordin...
JVN#35256978: cforms II vulnerable to cross-site scripting
cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#21120853: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by...
JVN#63832775: Apache Tomcat information disclosure vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. Impact A remote attacker cou...
JVN#68630618 QUICK CART cross-site scripting vulnerability
Impact An arbitrary script could be executed on the user's web browser. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...
JVN#15005948: Multiple vulnerabilities in LuxCal Web Calendar
LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2023-46700 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Cross-site...
JVN#98612206: Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G
Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-22370 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8...