Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 12:0 a.m.•40 views

JVN#83459967: Janetter vulnerable to cross-site request forgery

Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...

6.8CVSS6.5AI score0.00814EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 12:0 a.m.•40 views

JVN#41032068: Multiple SKYARC System Co., Ltd. products fail to restrict access permissions

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the appropriate privileges may alter settings and files. Solution Apply an update Update to the latest version according to the informati...

5.5CVSS6.4AI score0.01117EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•40 views

JVN#30221194: Sage vulnerable to arbitrary script execution

Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...

4.3CVSS9.3AI score0.00845EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 12:0 a.m.•40 views

JVN#02134508: WebsiteBaker vulnerable to cross-site scripting

WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to Lepton CMS according to the information provided by the developer. Products...

4.3CVSS5.8AI score0.00845EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•40 views

JVN#70984231: Mozilla Firefox vulnerable to denial-of-service (DoS)

Mozilla Firefox contains an issue in the validation of certificates, leading to a denial-of-service DoS vulnerability. Impact When accessing a HTTPS site with a specially crafted Certificate Authority CA certificate imported, a denial-of-service DoS may occur. Solution Update the Software Update ...

6.5CVSS6.2AI score0.00562EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 12:0 a.m.•40 views

JVN#54074460: Multiple Cybozu products vulnerable to cross-site scripting

Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the lates...

4.3CVSS5.7AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 12:0 a.m.•40 views

JVN#91740962: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN21471805 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

7.5CVSS7.2AI score0.03372EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/07 12:0 a.m.•40 views

JVN#49467403 Internet Explorer information disclosure vulnerability

Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Impact When a user opens specially crafted web page, an attacker may be able to obtain sensitive information. Solution Update the software Apply the...

6.5CVSS5.7AI score0.29229EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/01/12 12:0 a.m.•40 views

JVN#22247093 WebCalenderC3 vulnerable to directory traversal

WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Impact A remote attacker could view an arbitrary file on the server. Solution Update the Software Update to the latest version according to the information provided by the developer...

5CVSS6.5AI score0.01564EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/24 12:0 a.m.•40 views

JVN#97248625 Movable Type cross-site scripting vulnerability

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...

4.3CVSS5.7AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•40 views

MTCMS WYSIWYG Editor cross-site scripting vulnerability

Overview MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability. MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site...

4.3CVSS6.3AI score0.01065EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/01/28 12:0 a.m.•40 views

JVN#88575577 Multiple Yamaha routers vulnerable to cross-site request forgery

Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configuration...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/20 12:0 a.m.•40 views

JVN#50876069 Flash Player allows to send arbitrary HTTP headers

Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack...

5.8CVSS6.3AI score0.04743EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/02 12:0 a.m.•40 views

JVN#16018033 Safari URL spoofing vulnerability

Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings. Impact As it i...

4.3CVSS6.3AI score0.02444EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/05 12:0 a.m.•40 views

JVN#65500885 Serene Bach cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution Products Affected Serene Bach ver 2.05R and earlier Serene Bach ver 2.08D and earlier sb 1.13D and earlier sb 1.18R and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/16 12:0 a.m.•39 views

JVN#23835228: Proscend Communications M330-W and M330-W5 vulnerable to OS command injection

M330-W and M330-W5 provided by Proscend Communications Inc. are LTE Industrial Cellular Routers. M330-W and M330-W5 contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker who has access to the product. Solution Update the firmware The...

9.8CVSS8.3AI score0.02311EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/25 12:0 a.m.•39 views

JVN#46874970: 0ch BBS Script (0ch) vulnerable to cross-site scripting

0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be...

6.1CVSS6AI score0.00313EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/06 12:0 a.m.•39 views

JVN#34328023: FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery

Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logging in, the user information may be altered. In the case the user is an administrator, the settings such as the...

6.3CVSS6.2AI score0.00201EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/30 12:0 a.m.•39 views

JVN#48057522: Inkdrop vulnerable to code injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...

7.8CVSS7.8AI score0.00288EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/11 12:0 a.m.•39 views

JVN#41113329: Pyramid vulnerable to directory traversal

Pyramid provided by Pylons Project, which is a web framework for Python, contains a directory traversal vulnerability CWE-22. Impact index.html located one directory above the location of the static view's file system path can be accessed via a crafted request. Solution Update the software Update...

7.5CVSS5.8AI score0.02187EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/08 12:0 a.m.•39 views

JVN#13306058: JINS MEME CORE uses a hard-coded cryptographic key

JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. Impact A network-adjacent attacker may decrypt data acquired by a sensor of the affected product. Solution Update the firmware Update the firmware ...

6.5CVSS6.4AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/27 12:0 a.m.•39 views

JVN#40907489: "Hulu / フールー" App for Android uses a hard-coded API key for an external service

"Hulu / フールー" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

7.5CVSS7.5AI score0.00575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/15 12:0 a.m.•39 views

JVN#79254445: Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Impact...

6.1CVSS6.1AI score0.01121EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 12:0 a.m.•39 views

JVN#68244135: rNote vulnerable to cross-site scripting

rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing an website that uses rNote. Solution Consider stop using rNote 0.9.7.5 Since the...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/26 12:0 a.m.•39 views

JVN#26838191: WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery

WordPress Plugin "WP Spell Check" provided by WP Spell Check contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information...

8.8CVSS8.6AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/24 12:0 a.m.•39 views

JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal

HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

8.6CVSS7.7AI score0.03305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/08 12:0 a.m.•39 views

JVN#15462187: MP Form Mail CGI eCommerce Edition vulnerable to OS command injection

MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Update the Software Update t...

10CVSS9.8AI score0.02337EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/16 12:0 a.m.•39 views

JVN#76382932: Robotic appliance COCOROBO vulnerable to session management

Robotic appliance COCOROBO provided by Sharp Corporation is a robot with cleaning function. Robotic appliance COCOROBO contains a vulnerability in session management CWE-639. Impact An attacker on the same LAN may impersonate a user to accessing product. As a result, there is a possibility that a...

4.6CVSS4.7AI score0.00421EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/13 12:0 a.m.•39 views

JVN#94771799: Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries

Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Do not use Installer of QuickTime for Windows T...

7.8CVSS7.7AI score0.00733EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/21 12:0 a.m.•39 views

JVN#48790793: WNC01WH vulnerable to OS command injection

WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an authenticated attacker. Solution Update the Firmware Update to the latest version of firmware according to the information...

6.8CVSS6.8AI score0.00567EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/20 12:0 a.m.•39 views

JVN#18739672: WordPress plugin "Booking Calendar" vulnerable to directory traversal

The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability CWE-22. Impact A local file outside of the application on the server may be accessed by a remote attacker. Solution Update the Software Update to the latest version according to the...

5.3CVSS5.2AI score0.02397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/13 12:0 a.m.•39 views

JVN#77253951: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the plugin Update the plugin accordi...

6.1CVSS6AI score0.01278EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/03 12:0 a.m.•39 views

JVN#21114208: Business LaLa Call App for Android fails to verify SSL server certificates

Business LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the informati...

5.9CVSS5.5AI score0.00667EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•39 views

JVN#15222211: Cybozu Garoon vulnerable to cross-site request forgery

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the user may be forced to log out. Solution Update the Software Update to the latest version according to the...

4.3CVSS4.9AI score0.01262EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•39 views

JVN#25060672: Multiple Corega wireless LAN routers vulnerable to cross-site scripting

Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Use CG-WLR300NX or CG-WFR600 CG-WLBARGMH and CG-WLBARGNL are no longer being supported, therefore fix for this vulnerability wil...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•39 views

JVN#92237169: CG-WLR300NX vulnerable to cross-site scripting

CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update to the latest version of firmware according to the information...

4.8CVSS4.9AI score0.00765EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 12:0 a.m.•39 views

JVN#91002412: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...

9.3CVSS7.7AI score0.01829EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 12:0 a.m.•39 views

JVN#27260483: mobiGate App fails to verify SSL server certificates

mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/26 12:0 a.m.•39 views

JVN#76780067: Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries

7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.7AI score0.01811EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 12:0 a.m.•39 views

JVN#94779084: H2O use of externally-controlled format string

H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.5AI score0.01802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•39 views

JVN#67595539: Cybozu Garoon multiple cross-site scripting vulnerabilities

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Cross-site scripting in the "Response request" function - CVE-2016-1214 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score:...

6.1CVSS6.5AI score0.01152EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•39 views

JVN#67266823: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the "Scheduler" function. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack...

6.1CVSS6.4AI score0.01331EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 12:0 a.m.•39 views

JVN#58455472: OSSEC Web UI vulnerable to cross-site scripting

OSSEC Web UI is a web interface for use with Open Source HIDS Security OSSEC. OSSEC Web UI contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

6.1CVSS6.1AI score0.01286EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 12:0 a.m.•39 views

JVN#28386124: ClipBucket vulnerable to cross-site scripting

Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the vendor...

6.1CVSS6AI score0.01627EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 12:0 a.m.•39 views

JVN#01353821: Cybozu Mailwise vulnerable to mail header injection

Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Impact If a user is tricked into sending a specially crafted request, the header of the email to be sent may be altered. Solution Update the Software Update to the latest version according to the...

4.3CVSS4.8AI score0.01481EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/04 12:0 a.m.•39 views

JVN#06920277: Coordinate Plus App fails to verify SSL server certificates

Coordinate Plus App provided by Toshiba Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by th...

5.9CVSS5.3AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•39 views

JVN#25765762: Cybozu Garoon vulnerable to information disclosure

Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Impact By sending a specially crafted email, an attacker may be convinced that the user read the email. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.2AI score0.01552EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/05 12:0 a.m.•39 views

JVN#49476817: DX Library vulnerable to buffer overflow

DX Library is an open source library for creating Windows application. DX Library contains a buffer overflow vulnerability due to a flaw in processing an inner function CLvsprintf. Impact When processing a specially crafted string, an application built using DX Library may allow an arbitrary code...

7.8CVSS8AI score0.02217EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/11 12:0 a.m.•39 views

JVN#71730320: Zend Framework vulnerable to SQL injection

Zend Framework is an open source web application framework. Zend Framework contains an SQL injection vulnerability CWE-89 due to the argument of the ORDER BY clause. Impact An attacker who can access the product may execute SQL commands. Solution Update the Software Update to the latest version...

9.8CVSS8.2AI score0.02332EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/02 12:0 a.m.•39 views

JVN#04281281: ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection

ISUCON5 qualifier portal web application eventapp provided by ISUCON organizers contains an OS command injection CWE-78 vulnerability. Impact A logged in attacker may execute arbitrary OS commands on the server. Solution Update the Software Update to the latest version according to the informatio...

6.5CVSS7.5AI score0.02454EPSS
Exploits0
Total number of security vulnerabilities5000