Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/11/13 12:0 a.m.50 views

JVN#65280626: Movable Type vulnerable to open redirect

Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the...

6.1CVSS6.3AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.50 views

JVN#30864198: ArsenoL vulnerable to cross-site scripting

ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed when the...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/08 12:0 a.m.50 views

JVN#33527174: WordPress plugin "WP All Import" vulnerable to cross-site scripting

The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.01537EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/10/11 12:0 a.m.50 views

JVN#55516206: HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries

HIBUN Confidential File Decryption program provided by Hitachi Solutions, Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the user running HIBUN Confidential File...

9.3CVSS7.6AI score0.01008EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/04 12:0 a.m.50 views

JVN#95989300: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Impact An arbitrary script may be executed on the user's web browser. Solution Update th...

6.1CVSS6.2AI score0.07551EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/03 12:0 a.m.50 views

JVN#06120222: F21 JWT fails to verify token signatures

JWT provided by F21 is a PHP library for handling JSON Web Tokens. JWT contains a vulnerability where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the latest version according to t...

5CVSS6.2AI score0.03773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/02 12:0 a.m.50 views

JVN#35998716: SX-2000WG vulnerable to denial-of-service (DoS)

SX-2000WG provided by silex technology, Inc. is a product that provides wireless connectivity for USB devices such as printers and hard disk drives HDD. SX-2000WG contains an issue in the processing of IP packets, which may cause a denial-of-service DoS. Impact A remote attacker may cause the...

5CVSS6.3AI score0.01218EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/12/21 12:0 a.m.50 views

JVN#42625179: Loctouch for Android vulnerable in handling of implicit intents

Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains a vulnerability in the handling of implicit intents. Impact Location logs that include non-public information may be leaked to a third party through a malicious Android application...

4.3CVSS6.2AI score0.00997EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/04 12:0 a.m.50 views

JVN#97334690: IBM Lotus vulnerable to denial-of-service (DoS)

IBM Lotus product line contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products...

5CVSS9AI score0.2349EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/27 12:0 a.m.50 views

JVN#11396739 Cross-site scripting vulnerability in MiniBBS from CGI RESCUE

MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the vendor. Products...

4.3CVSS5.9AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/01/15 12:0 a.m.50 views

JVN#28344798 Cisco IOS cross-site scripting vulnerability

Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest firmware provided by...

4.3CVSS5.5AI score0.05449EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/28 12:0 a.m.50 views

JVN#20502807 Snoopy command injection vulnerability

Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...

10CVSS8.5AI score0.08985EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/20 12:0 a.m.50 views

JVN#55410403 Internet Explorer vulnerable in handling CDO protocol

When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field. This could cause a download dialog box not to be displayed prior to...

4.3CVSS5.9AI score0.24389EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/07 12:0 a.m.49 views

JVN#83334799: Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API

Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC contains multiple vulnerabilities listed below. Improper Authorization in Information Provision function CWE-285 - CVE-2023-38751...

4.3CVSS5AI score0.00376EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/31 12:0 a.m.49 views

JVN#38222042: DataSpider Servista uses a hard-coded cryptographic key

DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS,...

8.8CVSS8.8AI score0.00812EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/28 12:0 a.m.49 views

JVN#74285622: Multiple vulnerabilities in FUJI SOFT network devices

USB dongle +F FS040U and mobile routers +F FS020W/+F FS030W/+F FS040W provided by FUJI SOFT INCORPORATED contain multiple vulnerabilities listed below. Plaintext Storage of a Password CWE-256 - CVE-2022-43442 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

7.3CVSS6.3AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 12:0 a.m.49 views

JVN#10140834: AttacheCase may insecurely load Dynamic Link Libraries

AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege to run the software. Solution...

7.8CVSS7.6AI score0.00362EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/19 12:0 a.m.49 views

JVN#37607293: Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)

Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service DoS vulnerability. Impact An attacker may cause the products to be terminated by sending a specially crafted command. In order to restart the products, the physical power button on the devices must be...

7.8CVSS7.5AI score0.01549EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/10 12:0 a.m.49 views

JVN#12884935: FileZen vulnerable to directory traversal

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability CWE-22. Impact A remote attacker may upload an arbitrary file in the specific directory in the product. If a specialy...

10CVSS9.7AI score0.05009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/04 12:0 a.m.49 views

JVN#93226941: H2O vulnerable to buffer overflow

H2O is open source web server software. H2O contains a buffer overflow vulnerability CWE-119 due to a processing flaw in the output of Access Log. Impact A remote attacker may be able to cause a denial-of-service DoS condition or may execute arbitrary code. Solution Update the Software Update to...

9.8CVSS9.8AI score0.03815EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/09 12:0 a.m.49 views

JVN#34562916: RT-AC1200HP vulnerable to cross-site scripting

RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Firmware Apply the firmware update according to the information...

6.1CVSS6AI score0.00899EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/27 12:0 a.m.49 views

JVN#85901441: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Non-documented developer's screen CWE-912 - CVE-2017-2234 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.4 CVSS v2|...

10CVSS10AI score0.01979EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.49 views

JVN#79738260: Multiple vulnerabilities in WordPress plugin "WordPress Download Manager"

The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2216 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.6AI score0.01476EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/22 12:0 a.m.49 views

JVN#84995847: SKYSEA Client View vulnerable to arbitrary code execution

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client...

10CVSS9.9AI score0.1938EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/20 12:0 a.m.49 views

JVN#12352818: Apache Struts 2 vulnerable to denial-of-service (DoS)

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. Impact An unauthenticated remote...

5.3CVSS5.5AI score0.10638EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/08 12:0 a.m.49 views

JVN#15205734: DX Library vulnerable to remote code execution

DX Library is an open source library for creating Windows applications. DX Library contains a remote code execution vulnerability due to an issue in printfDx. Impact When processing a specially crafted string, an application built using DX Library may allow arbitrary code to be executed. Solution...

9.8CVSS9.8AI score0.03816EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/04/14 12:0 a.m.49 views

JVN#56297719: JBoss RichFaces vulnerable to remote Java code execution

JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Impact When a specially crafted input is processed, arbitrary Java code may be executed on the application...

6.8CVSS9.3AI score0.03929EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/10/26 12:0 a.m.49 views

JVN#75368899: Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks

Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol RFC4861, which may lead to a denial of service vulnerablility. Impact Reception of a large number of packets from a malicious third party that is on the same link within the network ma...

6.1CVSS6.1AI score0.00816EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/04/13 12:0 a.m.49 views

JVN#68630618 QUICK CART cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/27 12:0 a.m.48 views

JVN#40367518: SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running application. Solution Update the Software...

7.8CVSS6.5AI score0.00188EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/20 12:0 a.m.48 views

JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

8.8CVSS9.1AI score0.01289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/09 12:0 a.m.48 views

JVN#34232595: ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

ASUS Router RT-AX3000 provided by ASUSTeK COMPUTER INC. uses sensitive cookies without 'Secure' attribute CWE-614. Impact When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted 'http' connectio...

5.3CVSS5.4AI score0.0027EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/06 12:0 a.m.48 views

JVN#19872280: Multiple vulnerabilities in PostgreSQL extension module pg_ivm

pgivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pgivm contains multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2023-22847 An...

8.8CVSS6.4AI score0.00939EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/01 12:0 a.m.48 views

JVN#57224029: Multiple vulnerabilities in SS1 and Rakuraku PC Cloud

SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2023-22335 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS9.4AI score0.01099EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/14 12:0 a.m.48 views

JVN#94363766: Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc., with firmware versions prior to 12.250SY, improperly processes user input and generates error pages, leading to a cross-site scripting vulnerability CWE-79. The vulnerability has been addressed on 12.250SY released in 2011 Cisco...

6.1CVSS6.1AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/03 12:0 a.m.48 views

JVN#42199826: desknet's NEO vulnerable to cross-site scripting

desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the...

6.1CVSS6AI score0.00772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/31 12:0 a.m.48 views

JVN#06446084: CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)

CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain an XML external entity injection XXE vulnerability CWE-611. Impact By reading a specially crafted XML files, an arbitrary file on the server may be read by the attacker. Solution Update the Software The following updates are...

7.5CVSS7.7AI score0.73962EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/28 12:0 a.m.48 views

JVN#29903998: Multiple NETGEAR switching hubs vulnerable to cross-site request forgery

GS716Tv2 and GS724Tv3 switching hubs provided by NETGEAR contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in to the management screen, the product's settings may be changed unintentionally. Solution Apply a workaround Applying the following...

4.3CVSS4.6AI score0.00789EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/26 12:0 a.m.48 views

JVN#95589314: Joruri Gw vulnerable to arbitrary file upload

Joruri Gw provided by SiteBridge Inc. is groupware which runs on Ruby on Rails. Joruri Gw contains a vulnerability that may allow an attacker to upload arbitrary files CWE-434. Impact A user may upload arbitrary files. When PHP code execution is enabled on the server, a user may execute arbitrary...

8.8CVSS9.1AI score0.01721EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/16 12:0 a.m.48 views

JVN#24834813: Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting

Multiple WordPress Plugins provided by BestWebSoft use a common function for displaying the BestWebSoft menu. This function contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the...

6.1CVSS6AI score0.00886EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/03/16 12:0 a.m.48 views

JVN#11448789: Security guide for website operators vulnerable to OS command injection

Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Do...

8.8CVSS8.9AI score0.01596EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/22 12:0 a.m.48 views

JVN#38755305: BlueZ userland utilities vulnerable to buffer overflow

BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities. parseline function used in some userland utilities contains a buffer overflow vulnerability. Impact An attacker who can access the product may execute arbitrary code. Solution Update the Software Update to the late...

7.8CVSS7.4AI score0.00556EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/11/02 12:0 a.m.48 views

JVN#18228200: Multiple vulnerabilities in WFS-SR01

WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains multiple vulnerabilities in "Pocket Router Function" listed below. Command injection - CVE-2016-7806 Version| Vector| Score ---|---|--- CVSS v3|...

10CVSS8.8AI score0.03977EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/07/20 12:0 a.m.48 views

JVN#01956993: Vtiger CRM does not properly restrict access to application data

Vtiger CRM is a customer relationship management CRM software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Impact A user with user privileges may create new users or alter existing user information. Solution Update the software Update t...

8.1CVSS7.9AI score0.02207EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/07 12:0 a.m.48 views

JVN#65044642: Apache Struts 1 vulnerable to input validation bypass

The Apache Struts 1 Validator contains a vulnerability where input validation configurations validation rules, error messages, etc. may be modified. This occurs when the following ActionForm including its subclasses are in the session scope. ValidatorForm ValidatorActionForm Impact Effects vary...

8.2CVSS7.9AI score0.25737EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/16 12:0 a.m.48 views

JVN#03975805: a-blog cms vulnerable to session management

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Impact An arbitrary comment posted may be deleted or a commenter's e-mail address may be obtained by an unauthenticated remote attacker...

6.5CVSS6.6AI score0.01277EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/11/27 12:0 a.m.48 views

JVN#12991684: ManageEngine Firewall Analyzer fails to restrict access permissions

ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a vulnerability where access permissions are not restricted. Impact An attacker may be able to obtain server...

7.5CVSS7.4AI score0.07097EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/27 12:0 a.m.48 views

JVN#61328139: Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. Impact An arbitrary...

4.3CVSS5.7AI score0.06297EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/01/29 12:0 a.m.48 views

JVN#88252465: Arbitrary files may be overwritten in multiple VMware products

Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten. Impact A user that can modify the configuration file for the virtual machine may overwrite arbitrary files on the host OS. As a result, privileges may be escalated in the hos...

6.4CVSS3.6AI score0.04189EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/18 12:0 a.m.48 views

JVN#94791545: FuelPHP vulnerable to remote code execution

FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Impact When specially crafted input is processed, arbitrary files may be deleted or arbitrary code may be executed on the...

7.5CVSS7AI score0.02718EPSS
Exploits0
Total number of security vulnerabilities5000