5625 matches found
JVN#37417423: Multiple vulnerabilities in SolarView Compact
SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 3.5 CVSS v2|...
JVN#65082538: Multiple vulnerabilities in Panasonic BN-SDWBP3
BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2018-0676 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...
JVN#43534286: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper access restriction CWE-284 - CVE-2017-2144 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:P| Base Score: 4.0...
JVN#13555032: Multiple vulnerabilities in VAIO Update
VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below. Improper authorization process CWE-285 - CVE-2019-5981 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score...
JVN#63895206: Multiple vulnerabilities in Calsos CSDX and CSDJ series products
Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#13415512: Cybozu Garoon vulnerable to SQL injection
Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in application "Notifications". Impact A remote authenticated attacker may execute an arbitrary SQL command. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#89046645: A map plugin for Minecraft server "Dynmap" fails to restrict access permissions
A map plugin for Minecraft server "Dynmap" fails to restrict access permissions CWE-284. Impact Under the circumstance where a user is required to login Dynmap, a remote attacker may bypass the login authentication and be able to see a map image that requires authentication. Solution Update the...
JVN#29188908: Joruri CMS 2017 vulnerable to cross-site scripting
Joruri CMS 2017 provided by SiteBridge Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affect...
JVN#84876282: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Cross-site request forgery vulnerability in the process of updating user's "Basic Info" CWE-352 - CVE-2019-5968 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3...
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
KinagaCMS is an opensource Contents Management System CMS. KinagaCMS uses the old version of Bootstrap thus inherits multiple cross-site scripting vulnerabilities CWE-79: CVE-2018-14040, CVE-2018-14041, CVE-2019-8331 existed in Bootstrap. Impact The information on the system may be obtained or...
JVN#66542874: Multiple cross-site scripting vulnerabilities in Movable Type
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Role authority setting screen CWE-79 - CVE-2021-20663 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base...
JVN#58052567: Multiple vulnerabilities in Joruri Mail
Joruri Mail provided by SiteBridge Inc. contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2019-5965 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Session...
JVN#91881278: Documents Pro (formerly Files HD) vulnerable to cross-site scripting
Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Impact When a user uses Documents Pro through a web browser, an arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#37179202: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...
JVN#37230341: Multiple vulnerabilities in Access analysis CGI An-Analyzer
Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...
JVN#75615300: All in One SEO Pack information management vulnerability
All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected, therefore som...
JVN#83042295: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...
JVN#74871939: WSR-300HP vulnerable to arbitrary code execution
WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability. Impact By executing a specially crafted request prepared by a remote attacker, arbitrary code may be executed. Solution Update the Firmware Apply the firmware update accordin...
JVN#92510087: WordPress Plugin "Category Specific RSS feed Subscription" vulnerable to cross-site request forgery
WordPress Plugin "Category Specific RSS feed Subscription" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...
JVN#31406910: WordPress Plugin "Related YouTube Videos" vulnerable to cross-site request forgery
WordPress Plugin "Related YouTube Videos" provided by Chris Doerr contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...
JVN#88962935: Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"
WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-5962 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
JVN#49575131: WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery
WordPress Plugin ”HTML5 Maps” provided by Fla-Shop.com contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided b...
JVN#93833849: Panasonic Video Insight VMS vulnerable to SQL injection
Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability CWE-89. Impact A logged in user may execute an arbitrary SQL statement to the database. Solution Update the software Update the softwa...
JVN#72748502: Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries
Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" and attac...
JVN#29933378: WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery
WordPress Plugin "Custom CSS Pro" provided by WaspThemes contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided...
JVN#95685939: Multiple vulnerabilities in WordPress Plugin "Attendance Manager"
WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#78151490: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-10842 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...
JVN#00846677: Mailman vulnerable to cross-site scripting
Mailman provided by GNU Mailman contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...
JVN#55667175: QNAP QTS vulnerable to OS command injection
QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Impact A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. Solution Update...
JVN#80925867: WordPress Plugin "Contest Gallery” vulnerable to cross-site request forgery
WordPress Plugin "Contest Gallery” provided by Contest-Gallery contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...
JVN#25261088: GNU Wget vulnerable to buffer overflow
GNU Wget contains a buffer overflow vulnerability CWE-119. Impact An attacker may be able to cause a denial-of-service DoS or may execute an arbitrary code. Solution Apply the update Update GNU Wget according to the information provided by the developer. Products Affected GNU Wget 1.20.1 and earl...
JVN#62618482: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. DOM-based cross-site scripting in the application "Portal" CWE-79 - CVE-2019-5975 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.4 CVSS v2|...
JVN#94705238: Yomi-Search vulnerable to cross-site scripting
Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An arbitrary script may be executed on the web browser of the user who is...
JVN#60497148: "an" App for iOS vulnerable to directory traversal
"an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...
JVN#09409909: Multiple vulnerabilities in WordPress
WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature. Stored Cross-site scripting CWE-79 - CVE-2022-43497 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#47497535: M-System DL8 contains multiple vulnerabilities
DL8 provided by M-System contains the following vulnerabilities: Denial-of-Service CWE-400 - CVE-2021-20675 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:N/I:N/A:C| Base Score: 6.8 Improper Access Control CWE-28...
JVN#69903953: Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries
Electronic reception and examination of application for radio licenses Offline contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running software. Solution Update the...
JVN#93799513: WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting
Some of WordPress plugin "Fudousan plugin" series provided by nendeb contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the plugin Update the plugin according to th...
JVN#96988995: Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"
WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5972 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
JVN#88804335: WordPress Plugin "Personalized WooCommerce Cart Page” vulnerable to cross-site request forgery
WordPress Plugin "Personalized WooCommerce Cart Page” provided by N-MEDIA contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the...
JVN#34232719: Multiple vulnerabilities in KonaWiki2
KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below. SQL Injection CWE-89 - CVE-2021-20720 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Unrestricted upload...
JVN#83826673: The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting may insecurely load Dynamic Link Libraries
The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting provided by Micco use the old version of Self-Extracting Archives created by UNLHA32.DLL. They contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427, CVE-2018-16189. Impact Arbitrary...
JVN#91361851: Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries
Installer of Electronic reception and examination of application for radio licenses Online contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...
JVN#57806517: Android App "Tootdon for Mastodon" fails to verify SSL server certificates
Android App "Tootdon for Mastodon" provided by Tsukurito, Inc. fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter a content of communication. Solution Update the Application Update to the latest version according to the...
JVN#63860183: POWER EGG vulnerability where EL expression may be executed
POWER EGG provided by D-CIRCLE inc. is an integrated collaboration tool. POWER EGG contains a vulnerability where an arbitray EL expression may be executed CWE-20. Impact A remote attacker may execute an arbitrary EL expression from the server where the product is running. As a result, an arbitra...
JVN#97845465: Multiple integer overflow vulnerabilities in LINE(Android)
LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L| Base...
JVN#94889214: Central Dogma vulnerable to cross-site scripting
Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...
JVN#52168232: UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries
UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL provided by Micco contain vulnerabilities listed below. Self-Extracting Archives created by UNLHA32.DLL may insecurely load Dynamic Link Libraries CWE-427 - CVE-2018-16189 Version| Vector| Score ---|---|--- CVSS v3|...
JVN#47580234: Multiple vulnerabilities in multiple ELECOM products
Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:N/I:P/A:N| Base Score:...
JVN#71498764: Apache Camel vulnerable to XML external entity injection (XXE)
Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Impact By processing a specially crafted request, an arbitrary file on the server may be read. Solution Update the...