Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/22 12:0 a.m.43 views

JVN#83568336: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the "Messages" function. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest version according to t...

8.8CVSS8.8AI score0.01537EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/16 12:0 a.m.43 views

JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks

Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...

4.3CVSS4.8AI score0.01481EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/27 12:0 a.m.43 views

JVN#39594409: DMM Movie Player App fails to verify SSL server certificates

DMM Movie Player App provided by DMM.com Labo Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...

5.9CVSS5.5AI score0.00712EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/26 12:0 a.m.43 views

JVN#63384827: Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting

EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the...

6.1CVSS6AI score0.0102EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/13 12:0 a.m.43 views

JVN#00272277: Tokyo Star bank App fails to verify SSL server certificates

Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided...

5.9CVSS5.3AI score0.00989EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/19 12:0 a.m.43 views

JVN#78383854: Internet Explorer cross-domain policy bypass

Internet Explorer contains an information disclosure vulnerability due to a flaw in handling cross-domain policies. Impact When a specially crafted content is opened, cross-domain policies may be bypassed and then information of the URL that the user is accessing may be obtained by an attacker...

9.3CVSS8.1AI score0.19238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/03 12:0 a.m.43 views

JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection

BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability CWE-89. Impact A logged in attacker may execute SQL statements. According to the developer, this vulnerability affects availability of the server that EC-CUBE resides, bu...

4.3CVSS5.1AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/16 12:0 a.m.43 views

JVN#73346595: applican vulnerable to URL whitelist bypass

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the access...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/01 12:0 a.m.43 views

JVN#77193915: Twit BBS vulnerable to cross-site scripting

Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Twit BBS Twit BBS is no longer being developed or...

4.3CVSS6.1AI score0.0095EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/24 12:0 a.m.43 views

JVN#97971874: Welcart vulnerable to cross-site scripting

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Impact If a user views a malicious page while logged into WordPress with this plugin...

4.3CVSS5.8AI score0.02033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/05 12:0 a.m.43 views

JVN#17480391: shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting

shiromukuu1GUESTBOOK from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukuu1GUESTBOOK contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/29 12:0 a.m.43 views

JVN#94592501: Multiple I-O DATA IP Cameras vulnerable to authentication bypass

Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability. Impact An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. Solution Apply an update Update...

6.4CVSS6.9AI score0.02199EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/15 12:0 a.m.43 views

JVN#31082531: Cybozu Garoon 3 API access restriction bypass vulnerability

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version...

7.5CVSS7.1AI score0.02643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/13 12:0 a.m.43 views

JVN#10724763: SEIL Series routers vulnerable to denial-of-service (DoS)

The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC may be...

5CVSS6.4AI score0.02139EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/10 12:0 a.m.43 views

JVN#51285738: tetra filer vulnerable to directory traversal

tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.6AI score0.01249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/31 12:0 a.m.43 views

JVN#85812843: FileMaker Pro fails to verify SSL server certificates

FileMaker Pro contains a function to encrypt communications with the FileMaker Server. FileMaker Pro fails to verify the SSL server certificate. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Upgrade the software Upgrade to the latest...

5.8CVSS5.8AI score0.00521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/01/22 12:0 a.m.43 views

JVN#99681273: myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting

myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest product released on Feb.16, 2012 or a fixed myu-s according to the...

4.3CVSS6AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/20 12:0 a.m.43 views

JVN#50701493: Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service

Email Anti-virus formerly WebShield SMTP provided by McAfee Co., Ltd. is an anti-virus package that scans emails. Email Anti-virus formerly WebShield SMTP contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS. Solution Do not use Email...

7.8CVSS6.1AI score0.01895EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/13 12:0 a.m.43 views

JVN#03015214: KUNAI Browser for Remote Service beta vulnerable in the WebView class

KUNAI Browser for Remote Service beta is an Android browser software for using Cybozu. KUNAI Browser for Remote Service beta contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious fi...

4.3CVSS6.3AI score0.01191EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/08/17 12:0 a.m.43 views

JVN#92038939: mixi for Android information management vulnerability

mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Impact If a user of the affected product uses a malicious Android application, friends' comments may be...

4.3CVSS6.4AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/07 12:0 a.m.43 views

JVN#73162541: OTRS vulnerable to OS command injection

OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of OTRS on the server where it is installed. Solution Update the software Update to the latest version according...

7.5CVSS6.8AI score0.03001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/01/18 12:0 a.m.43 views

JVN#09115481: Cross-site scripting vulnerability in multiple Rocomotion products

Multiple products P board etc. provided by Rocomotion contain a cross-site scripting vulnerablility. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. This issue h...

4.3CVSS6AI score0.01516EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/18 12:0 a.m.43 views

JVN#50133036: Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server

Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into the Oracle iPlanet Web Server management console, an arbitrary instance may be...

5.8CVSS5.9AI score0.02371EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/08/12 12:0 a.m.43 views

JVN#66077895 Virus Security and Virus Security ZERO denial of service (DoS) vulnerability

Virus Security and Virus Security ZERO are anti-virus software provided by SOURCENEXT CORPORATION. Virus Security and Virus Security ZERO contain a denial of service DoS vulnerability as they do not properly handle malicious compressed files when scanning. Impact The software may not function aft...

10CVSS6.5AI score0.02566EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/02/05 12:0 a.m.42 views

JVN#66673020: Multiple vulnerabilities in Defense Platform Home Edition

Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Base Score 8.8 CVE-2025-20094 Execution with unnecessary privileges CWE-250...

8.8CVSS7.4AI score0.00189EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/18 12:0 a.m.42 views

JVN#50132400: Multiple vulnerabilities in WordPress Plugin "Forminator"

WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2024-28890 SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H...

7.2CVSS6.5AI score0.30361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/27 12:0 a.m.42 views

JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"

WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-34423 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.8AI score0.00356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/19 12:0 a.m.42 views

JVN#10921428: Lemon8 App fails to restrict access permissions

Lemon8 by ByteDance K.K. provides the function to access a requested URL using Custom URL Scheme/DeepLink. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an arbitrar...

6.5CVSS6.2AI score0.00858EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/29 12:0 a.m.42 views

JVN#17625382: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-36381 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P|...

7.2CVSS7.9AI score0.0146EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/17 12:0 a.m.42 views

JVN#93667442: Gitlab vulnerable to server-side request forgery

Gitlab contains a server-side request forgery vulnerability CWE-918 through the Project Import feature. Impact The vulnerability allows an attacker to make arbitrary HTTP/HTTPS or git requests inside a GitLab instance's network. Solution Update the software Update the software to the latest versi...

8.1CVSS6.3AI score0.00828EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 12:0 a.m.42 views

JVN#13878856: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the...

4.3CVSS3.8AI score0.00344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/03 12:0 a.m.42 views

JVN#89524240: MarkText vulnerable to cross-site scripting

MarkText is a Markdown editor. MarkText contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the PC of the user using the product. Solution Update the Software Update the software to the latest version according to the information provided by the...

5.4CVSS5.3AI score0.00526EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 12:0 a.m.42 views

JVN#60553023: ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)

ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service DoS vulnerability CWE-404. Impact If it is exploited, an attacker may cause a denial-of-service DoS to stop the applications and all daemons of t...

5.5CVSS5.3AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/18 12:0 a.m.42 views

JVN#85073657: 128 Technology Session Smart Router vulnerable to authentication bypass

128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may bypass the authentication and execute an arbitrary OS command with the root privilege. Solution Update the software Update the software to the lates...

9.8CVSS9.9AI score0.01666EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/28 12:0 a.m.42 views

JVN#60978548: WordPress plugin "Site Reviews" vulnerable to cross-site scripting

The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the develope...

6.1CVSS6AI score0.01309EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.42 views

JVN#25078144: Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Source code security studying tool...

6.1CVSS6.2AI score0.00713EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 12:0 a.m.42 views

JVN#65154137: Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries

Installer of Denshinouhin Check System for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.7AI score0.00911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/11 12:0 a.m.42 views

JVN#51978169: The installer of SOY CMS vulnerable to cross-site scripting

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Impact When a user accesses a malicious page that leads to where the SOY CMS...

6.1CVSS6.1AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/16 12:0 a.m.42 views

JVN#39926655: Splunk Enterprise and Splunk Light vulnerable to open redirect

Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...

6.1CVSS6.3AI score0.00812EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/27 12:0 a.m.42 views

JVN#81698369: Multiple Buffalo wireless LAN routers vulnerable to directory traversal

Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware update provided by the developer...

7.5CVSS7.6AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/16 12:0 a.m.42 views

JVN#11994518: Cybozu KUNAI App fails to verify SSL server certificates

Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.8CVSS6.4AI score0.01194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/11 12:0 a.m.42 views

JVN#35341085: Apache Cordova fails to restrict access permissions

Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Impact Accessing a specially crafted URL may...

7.5CVSS5.1AI score0.02879EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/07 12:0 a.m.42 views

JVN#44541100: GANMA! App for iOS fails to verify SSL server certificates

GANMA! App for iOS provided by COMICSMART INC. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00696EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/28 12:0 a.m.42 views

JVN#25086409: ANA App fails to verify SSL server certificates

ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00898EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/09 12:0 a.m.42 views

JVN#55076671: Cacti vulnerable to cross-site request forgery

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software Update to the latest...

6.8CVSS8.4AI score0.02297EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/05 12:0 a.m.42 views

JVN#25598413: NetFlow Analyzer fails to restrict access permissions

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer fails to restrict access permissions. Impact Administrative operations, for example, changing passwords or user account deletion may be performed by a user with guest privileges. In addition, information...

7.5CVSS6.4AI score0.03409EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/22 12:0 a.m.42 views

JVN#93976566: SXF Common Library vulnerable to buffer overflow

SXF Common Library contains a buffer overflow vulnerability due to a flaw in processing an input data CWE-121. Impact By processing a specially crafted CAD file, arbitrary code may be executed. Solution Update the Software Update to the latest version according to the information provided by the...

6.8CVSS7.2AI score0.02781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/03 12:0 a.m.42 views

JVN#93727681: BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass

Captcha provided by BestWebSoft is a plugin for WordPress. Captcha contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an administrative interface without authentication...

5CVSS6.4AI score0.02351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/01/26 12:0 a.m.42 views

JVN#27142693: NP-BBRM vulnerable in UPnP functionality

NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution Disable UPnP Disable UPnP functionality from the management configuration in the settings screen...

7.8CVSS6.5AI score0.0155EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/28 12:0 a.m.42 views

JVN#28011378: Sanshiro Series vulnerable to arbitrary code execution

The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution Update the software App...

7.5CVSS6.7AI score0.03498EPSS
Exploits0
Total number of security vulnerabilities5000