Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/08/13 12:0 a.m.•42 views

JVN#21103639: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains a vulnerability that may display contents of another email in the subject field. Impact Contents of an email may be obtained by a user that does not have privileges to access that original email. Solution Update the Software Update to the latest version according to the...

3.5CVSS6.2AI score0.0097EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/07/26 12:0 a.m.•42 views

JVN#25280162: WordPress vulnerable to cross-site scripting

WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected...

10CVSS5.4AI score0.0868EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/28 12:0 a.m.•42 views

JVN#51305555: Lotus Domino vulnerable to denial-of-service (DoS)

Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Impact A remote attacker may cause the Domino service to crash. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS7.5AI score0.01336EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/30 12:0 a.m.•42 views

JVN#83907168: Multiple KYOCERA mobile devices may reboot during email reception

Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email. Impact When receiving an invalid email, the device will always reboot,...

7.8CVSS6.5AI score0.02572EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/08/31 12:0 a.m.•42 views

JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...

6.8CVSS6.6AI score0.02009EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/24 12:0 a.m.•42 views

JVN#88643450: Sleipnir Mobile for Android vulnerable in the WebView class

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...

5CVSS6.2AI score0.01918EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/19 12:0 a.m.•42 views

JVN#33171616: WEB PATIO vulnerable to cross-site scripting

WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS6.1AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/06 12:0 a.m.•42 views

JVN#15646988: WordPress plugin WassUp vulnerable to cross-site scripting

WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

4.3CVSS6AI score0.0212EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 12:0 a.m.•42 views

JVN#10745573: Janetter vulnerable to information disclosure

Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, session information used to communicate with Twitter may be disclosed. Solution Update the software...

5CVSS6.2AI score0.016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/02/28 12:0 a.m.•42 views

JVN#88991166: SEIL Series routers vulnerable to buffer overflow

The PPP Access Concentrator PPPAC contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets. Impact An attacker may be able to execute arbitrary code. Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 proce...

8.3CVSS7.4AI score0.02608EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/02/02 12:0 a.m.•42 views

JVN#84393059: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS6AI score0.01937EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/08 12:0 a.m.•42 views

JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed

When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. As a result, users that do not have permission to access that folder can gain access to that folder. Impact A user that does not have permission to...

4.6CVSS6.5AI score0.00311EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/02 12:0 a.m.•42 views

JVN#82465391: e-Pares vulnerable to cross-site request forgery

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into e-Pares, facility reservation data may be altered. Solution Update the Software Update to the latest...

2.6CVSS6.2AI score0.00824EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 12:0 a.m.•42 views

JVN#90872372 WebSAM DeploymentManager vulnerable to denial of service

WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for DPM" installed, a remote attacker may shut down or restart the operating...

7.8CVSS6.7AI score0.02727EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/06/25 12:0 a.m.•42 views

JVN#93827000 Tree BBS from Let's PHP! vulnerable to cross-site scripting

Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by t...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/12/12 12:0 a.m.•42 views

JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability. Impact A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access...

5.8CVSS6.3AI score0.0101EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 8:18 a.m.•41 views

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

9.8CVSS7.3AI score0.01335EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/06 12:0 a.m.•41 views

JVN#82749078: Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management

Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2024-21824 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base...

6.1CVSS6.7AI score0.00345EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/24 12:0 a.m.•41 views

JVN#03447226: "Skylark" App fails to restrict custom URL schemes properly

"Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939, CVE-2023-40530, CVE-2024-54014 which may be exploited to direct the App to access any sites. Impact An...

4.7CVSS4.4AI score0.0049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/09/02 12:0 a.m.•41 views

JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...

9.8CVSS9.7AI score0.01676EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/08 12:0 a.m.•41 views

JVN#23766146: Passage Drive vulnerable to insufficient data verification

Passage Drive provided by Yokogawa Rental & Lease Corporation contains an insufficient data verification vulnerability for interprocess communication CWE-20. Impact By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the...

7.8CVSS7.8AI score0.00201EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/09 12:0 a.m.•41 views

JVN#58266015: Multiple vulnerabilities in multiple MEIKYO ELECTRIC products

Multiple MEIKYO ELECTRIC products provided by MEIKYO ELECTRIC CO.,LTD. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-27632 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2|...

8.8CVSS6.8AI score0.0053EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/26 12:0 a.m.•41 views

JVN#81376414: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/Au:S/C:C/I:C/A:C| Base Score: 9.0...

9.1CVSS8.9AI score0.02174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/11 12:0 a.m.•41 views

JVN#75444925: Multiple vulnerabilities in EC-CUBE 2 series

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Improper access control in Management screen CWE-284 - CVE-2021-20841 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

6.5CVSS7.1AI score0.01276EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/08 12:0 a.m.•41 views

JVN#89054582: WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery

WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Upda...

8.8CVSS8.7AI score0.00871EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 12:0 a.m.•41 views

JVN#73559859: Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries

Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...

9.3CVSS7.6AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/27 12:0 a.m.•41 views

JVN#74554973: Installer of LhaForge may insecurely load Dynamic Link Libraries

LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution U...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/23 12:0 a.m.•41 views

JVN#55294532: WordPress plugin "YOP Poll" vulnerable to cross-site scripting

The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the web browser of a user accessing the poll generated by the application. Solution Update the plugin Update the plugin according to the information provided ...

5.4CVSS5.3AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•41 views

JVN#71666779: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact If a user accesses a malicious web page, arbitrary code may b...

6.8CVSS6.9AI score0.01501EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•41 views

JVN#23823838: CG-WLR300NX vulnerable to cross-site request forgery

CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest version of...

8.8CVSS8.7AI score0.00913EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 12:0 a.m.•41 views

JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the developer...

9.1CVSS9.4AI score0.01361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/19 12:0 a.m.•41 views

JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. Impact Decompressing a...

7.5CVSS9.4AI score0.2554EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 12:0 a.m.•41 views

JVN#13313061: TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery

e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If the administrator views a malicious page while logged into the...

6.8CVSS6.5AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 12:0 a.m.•41 views

JVN#63194482: IrfanView vulnerable to buffer overflow

IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Impact When processing a specially crafted file contained in a folder named using multi-byte...

7.6CVSS7.2AI score0.05749EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/13 12:0 a.m.•41 views

JVN#28436508: Juniper ScreenOS vulnerable to denial-of-service (DoS)

ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Impact When processing a malicious packet, the device may hang. Solution Enable the "Ping of Death Screen" Enable the "Ping of Death Screen" setting according to the information provided by the developer...

7.1CVSS6AI score0.01881EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/10 12:0 a.m.•41 views

JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting

Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

4.3CVSS5.9AI score0.01284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/07/29 12:0 a.m.•41 views

JVN#00065218: JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation

JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability. Impact Users without administrative privileges may obtain administrative privileges. Solution Update the software Update to the latest version according to the...

9CVSS6.6AI score0.01927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/18 12:0 a.m.•41 views

JVN#63428218: Cybozu Live for Android vulnerable to arbitrary Java method execution

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Impact When opening a specially crafted website, an attacker...

6.8CVSS6.8AI score0.01986EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/03 12:0 a.m.•41 views

JVN#48108258: HP ProCurve 1700 series switches vulnerable to cross-site request forgery

ProCurve 1700 series switches provided by Hewlett-Packard contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, product settings may be changed. Solution Update the software Update to the latest version according to the information provided b...

6.8CVSS6.1AI score0.00968EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/27 12:0 a.m.•42 views

JVN#31817913: Yahoo! Browser vulnerable to address bar spoofing

Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update...

5.8CVSS6.2AI score0.01516EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/18 12:0 a.m.•41 views

JVN#52492830: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

The SSH server IPSSH implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests. Impact Receiving a specially crafted pty request packet may cause SSH access to be unavailable until the next reboot. Solution Apply a patch Apply the appropriate...

6.8CVSS6.1AI score0.02176EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/02/28 12:0 a.m.•41 views

JVN#36339873: dopvSTAR* vulnerable to cross-site scripting

dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Modify the JavaScript Modify the JavaScript that enables to log accesses, according to...

4.3CVSS5.8AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/09/07 12:0 a.m.•41 views

JVN#23568423: Cybozu KUNAI for Android vulnerable to arbitrary Java method execution

Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...

9.3CVSS6.9AI score0.03117EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/08 12:0 a.m.•41 views

JVN#33861625: Iwate Portal Bar vulnerable to arbitrary script execution

Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An...

4.3CVSS6.3AI score0.0098EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/17 12:0 a.m.•41 views

JVN#41657660: Safari for iOS vulnerable to cross-site scripting

Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Impact Opening a maliciously crafted file may lead to an arbitrary script being executed on the user's web browser. Solution Update...

4.3CVSS5.2AI score0.01821EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:0 a.m.•41 views

JVN#89764731: WEB FORUM vulnerable to cross-site scripting

WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according ...

4.3CVSS5.8AI score0.01656EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/15 12:0 a.m.•41 views

JVN#62275332: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Products Affected Internet...

4.3CVSS5.9AI score0.13615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/05/29 12:0 a.m.•42 views

JVN#62527913 Directory traversal vulnerability in multiple Cisco Systems products

Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services. Impact A remote attacker could view or alter files on the target server. Solution Update the software Update to the latest version of CiscoWorks Common Services according the...

10CVSS6AI score0.12546EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/27 12:0 a.m.•41 views

JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection

Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...

4.3CVSS6.5AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/01/09 12:0 a.m.•41 views

JVN#66828183 MODx cross-site request forgery vulnerability

MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Impact A remote attacker may modify contents managed by MODx if the user views a malicious web page while logged in to MODx. Solution Update the software and change the configuration Apply the...

6CVSS6.1AI score0.00479EPSS
Exploits0
Total number of security vulnerabilities5000