Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/18 12:0 a.m.42 views

JVN#85073657: 128 Technology Session Smart Router vulnerable to authentication bypass

128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may bypass the authentication and execute an arbitrary OS command with the root privilege. Solution Update the software Update the software to the lates...

9.8CVSS9.9AI score0.01666EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/28 12:0 a.m.42 views

JVN#60978548: WordPress plugin "Site Reviews" vulnerable to cross-site scripting

The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the develope...

6.1CVSS6AI score0.01309EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 12:0 a.m.42 views

JVN#25078144: Source code security studying tool iCodeChecker vulnerable to cross-site scripting

Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Source code security studying tool...

6.1CVSS6.2AI score0.00713EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 12:0 a.m.42 views

JVN#65154137: Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries

Installer of Denshinouhin Check System for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.7AI score0.00911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/11 12:0 a.m.42 views

JVN#51978169: The installer of SOY CMS vulnerable to cross-site scripting

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Impact When a user accesses a malicious page that leads to where the SOY CMS...

6.1CVSS6.1AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/16 12:0 a.m.42 views

JVN#39926655: Splunk Enterprise and Splunk Light vulnerable to open redirect

Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...

6.1CVSS6.3AI score0.00812EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/27 12:0 a.m.42 views

JVN#81698369: Multiple Buffalo wireless LAN routers vulnerable to directory traversal

Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware update provided by the developer...

7.5CVSS7.6AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/16 12:0 a.m.42 views

JVN#11994518: Cybozu KUNAI App fails to verify SSL server certificates

Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.8CVSS6.4AI score0.01194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/13 5:27 a.m.42 views

WordPress plugin "Ninja Forms" vulnerable to PHP object injection

Overview WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according...

9.8CVSS7.4AI score0.61612EPSS
Exploits4References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/11 12:0 a.m.42 views

JVN#35341085: Apache Cordova fails to restrict access permissions

Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Impact Accessing a specially crafted URL may...

7.5CVSS5.1AI score0.02879EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/07 12:0 a.m.42 views

JVN#44541100: GANMA! App for iOS fails to verify SSL server certificates

GANMA! App for iOS provided by COMICSMART INC. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00696EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/28 12:0 a.m.42 views

JVN#25086409: ANA App fails to verify SSL server certificates

ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00898EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/09 12:0 a.m.42 views

JVN#55076671: Cacti vulnerable to cross-site request forgery

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software Update to the latest...

6.8CVSS8.4AI score0.02297EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/05 12:0 a.m.42 views

JVN#25598413: NetFlow Analyzer fails to restrict access permissions

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer fails to restrict access permissions. Impact Administrative operations, for example, changing passwords or user account deletion may be performed by a user with guest privileges. In addition, information...

7.5CVSS6.4AI score0.03409EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/22 12:0 a.m.42 views

JVN#93976566: SXF Common Library vulnerable to buffer overflow

SXF Common Library contains a buffer overflow vulnerability due to a flaw in processing an input data CWE-121. Impact By processing a specially crafted CAD file, arbitrary code may be executed. Solution Update the Software Update to the latest version according to the information provided by the...

6.8CVSS7.2AI score0.02781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/03 12:0 a.m.42 views

JVN#93727681: BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass

Captcha provided by BestWebSoft is a plugin for WordPress. Captcha contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an administrative interface without authentication...

5CVSS6.4AI score0.02351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/01/26 12:0 a.m.42 views

JVN#27142693: NP-BBRM vulnerable in UPnP functionality

NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution Disable UPnP Disable UPnP functionality from the management configuration in the settings screen...

7.8CVSS6.5AI score0.0155EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/03/18 12:0 a.m.42 views

JVN#81739241: sp mode mail issue when accessing attachments in incoming mail

sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Impact If a malicious Android application is installed on the device, attachments for...

4.3CVSS6.3AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/28 12:0 a.m.42 views

JVN#28011378: Sanshiro Series vulnerable to arbitrary code execution

The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution Update the software App...

7.5CVSS6.7AI score0.03498EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/12/25 12:0 a.m.42 views

JVN#60997973: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection. Impact A user who can log in to the system may alter information stored in the database. Solution Apply the Patch Apply the appropriate patch...

6.5CVSS6.5AI score0.01554EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/12/10 12:0 a.m.42 views

JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting

Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

4.3CVSS5.9AI score0.01284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/08/13 12:0 a.m.42 views

JVN#21103639: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field. Impact Contents of an email may be obtained by a user that does not have privileges to access that original email. Solution Update the Software Update to the latest version according to the...

3.5CVSS6.2AI score0.0097EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.42 views

JVN#26394323: POST-MAIL vulnerable to cross-site scripting

POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/03/28 12:0 a.m.42 views

JVN#51305555: Lotus Domino vulnerable to denial-of-service (DoS)

Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Impact A remote attacker may cause the Domino service to crash. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS7.5AI score0.01336EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/30 12:0 a.m.42 views

JVN#83907168: Multiple KYOCERA mobile devices may reboot during email reception

Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email. Impact When receiving an invalid email, the device will always reboot,...

7.8CVSS6.5AI score0.02572EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/08/31 12:0 a.m.42 views

JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...

6.8CVSS6.6AI score0.02009EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/06/19 12:0 a.m.42 views

JVN#33171616: WEB PATIO vulnerable to cross-site scripting

WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS6.1AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/06/06 12:0 a.m.42 views

JVN#15646988: WordPress plugin WassUp vulnerable to cross-site scripting

WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

4.3CVSS6AI score0.0212EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/03/19 12:0 a.m.42 views

JVN#10745573: Janetter vulnerable to information disclosure

Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, session information used to communicate with Twitter may be disclosed. Solution Update the software...

5CVSS6.2AI score0.016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/02/28 12:0 a.m.42 views

JVN#88991166: SEIL Series routers vulnerable to buffer overflow

The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 proce...

8.3CVSS7.4AI score0.02608EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/02/02 12:0 a.m.42 views

JVN#84393059: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS6AI score0.01937EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/15 12:0 a.m.42 views

JVN#62275332: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Products Affected Internet...

4.3CVSS5.9AI score0.13615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/06/02 12:0 a.m.42 views

JVN#82465391: e-Pares vulnerable to cross-site request forgery

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into e-Pares, facility reservation data may be altered. Solution Update the Software Update to the latest...

2.6CVSS6.2AI score0.00824EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/05/17 12:0 a.m.42 views

JVN#90872372 WebSAM DeploymentManager vulnerable to denial of service

WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for DPM" installed, a remote attacker may shut down or restart the operating...

7.8CVSS6.7AI score0.02727EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/06/25 12:0 a.m.42 views

JVN#93827000 Tree BBS from Let's PHP! vulnerable to cross-site scripting

Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by t...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/12/12 12:0 a.m.42 views

JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access...

5.8CVSS6.3AI score0.0101EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/29 12:0 a.m.41 views

JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration

OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when processing...

8.3CVSS6.1AI score0.00333EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/04 12:0 a.m.41 views

JVN#82758000: Multiple vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2023-36492 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score:...

8.8CVSS7.3AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/24 12:0 a.m.41 views

JVN#03447226: "Skylark" App fails to restrict custom URL schemes properly

"Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939, CVE-2023-40530, CVE-2024-54014 which may be exploited to direct the App to access any sites. Impact An...

4.7CVSS4.4AI score0.0049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/08 12:0 a.m.41 views

JVN#59663854: WordPress Plugin "Salon booking system" vulnerable to cross-site scripting

WordPress Plugin "Salon booking system" contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress administrative page where the product is installed. Solution Update the plugin Update the plug...

6.1CVSS6AI score0.00785EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/08 12:0 a.m.41 views

JVN#23766146: Passage Drive vulnerable to insufficient data verification

Passage Drive provided by Yokogawa Rental & Lease Corporation contains an insufficient data verification vulnerability for interprocess communication CWE-20. Impact By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the...

7.8CVSS7.8AI score0.00201EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/09 12:0 a.m.41 views

JVN#58266015: Multiple vulnerabilities in multiple MEIKYO ELECTRIC products

Multiple MEIKYO ELECTRIC products provided by MEIKYO ELECTRIC CO.,LTD. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-27632 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2|...

8.8CVSS6.8AI score0.0053EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/11 12:0 a.m.41 views

JVN#75444925: Multiple vulnerabilities in EC-CUBE 2 series

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Improper access control in Management screen CWE-284 - CVE-2021-20841 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

6.5CVSS7.1AI score0.01276EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/08 12:0 a.m.41 views

JVN#89054582: WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery

WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Upda...

8.8CVSS8.7AI score0.00871EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 12:0 a.m.41 views

JVN#73559859: Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries

Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...

9.3CVSS7.6AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.41 views

JVN#74554973: Installer of LhaForge may insecurely load Dynamic Link Libraries

LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution U...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/03/23 12:0 a.m.41 views

JVN#55294532: WordPress plugin "YOP Poll" vulnerable to cross-site scripting

The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the web browser of a user accessing the poll generated by the application. Solution Update the plugin Update the plugin according to the information provided ...

5.4CVSS5.3AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/09 12:0 a.m.41 views

JVN#71666779: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact If a user accesses a malicious web page, arbitrary code may b...

6.8CVSS6.9AI score0.01501EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/11/11 12:0 a.m.41 views

JVN#23823838: CG-WLR300NX vulnerable to cross-site request forgery

CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest version of...

8.8CVSS8.7AI score0.00913EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/19 12:0 a.m.41 views

JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the developer...

9.1CVSS9.4AI score0.01361EPSS
Exploits0
Total number of security vulnerabilities5000