Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/17 12:0 a.m.•35 views

JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...

4.8CVSS4.9AI score0.00362EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 12:0 a.m.•35 views

JVN#05288621: EasyMail vulnerable to cross-site scripting

EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the software Update the software to the latest version accordin...

6.1CVSS6AI score0.00508EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/06 12:0 a.m.•35 views

JVN#55675303: Digital Arts m-FILTER vulnerable to improper authentication

m-FILTER provided by Digital Arts Inc. is an emaill security product. m-FILTER contains an improper authentication vulnerability CWE-287 when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. Digital Arts Inc. states that attacks exploiting th...

5.3CVSS5.5AI score0.00706EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/24 12:0 a.m.•35 views

JVN#29657972: TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input

tdpServer of TP-Link RE300 V1 improperly processes its input, possibly resulting to crash CWE-228. Impact An attacker may be able to cause a denial-of-service DoS condition of the product's OneMesh function. Solution Update the software Update the software to the latest version according to the...

5.5CVSS5.3AI score0.00175EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/04 12:0 a.m.•35 views

JVN#32625020: LiteCart vulnerable to cross-site scripting

LiteCart contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update the software Update the software to the latest version according to the information provided by...

6.1CVSS6AI score0.01049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/27 12:0 a.m.•35 views

JVN#14134801: baserCMS vulnerable to cross-site scripting

baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the developer...

8.7CVSS5.6AI score0.00929EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 12:0 a.m.•35 views

JVN#73742314: RT-AC68U vulnerable to cross-site scripting

RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...

6.1CVSS6.1AI score0.00899EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/06 12:0 a.m.•35 views

JVN#36048131: Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection

"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability CWE-78. Impact An attacke...

7.7CVSS6.9AI score0.00668EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/26 12:0 a.m.•35 views

JVN#92422409: The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the...

8.8CVSS8.9AI score0.01356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 12:0 a.m.•35 views

JVN#75514460: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. ...

8.8CVSS8.8AI score0.01749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•35 views

JVN#12281353: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability CWE-79 due to an issue in "Messages" function of Cybozu Garoon Keitai. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

6.1CVSS6.3AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•35 views

JVN#13218253: Cybozu Garoon vulnerable to information disclosure

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability CWE-200. Impact Cybozu Garoon uses HTTPS communication, therefore an attacker can not eavesdrop on communication under normal operations. However, if a user conducts a specific...

8.8CVSS8.2AI score0.00818EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•35 views

JVN#17980240: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability CWE-89 due to an issue in "MultiReport" function. Impact A user may execute arbitrary SQL commands. Solution Update the Software Update to the latest version according to the information...

8.8CVSS9AI score0.01594EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•35 views

JVN#71462075: Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting

Splunk Enterprise and Splunk Lite contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser by an attacker who can log-in to the system as an administrator. Solution Update the Software Update to the latest version according t...

4.8CVSS4.8AI score0.00976EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 12:0 a.m.•35 views

JVN#48789425: Trend Micro Internet Security multiple vulnerabilities

Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...

6.5CVSS6.8AI score0.03462EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•35 views

JVN#37121456: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS5.8AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•35 views

JVN#49285177: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

5.4CVSS5.4AI score0.00802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/11 12:0 a.m.•35 views

JVN#41772178: Apache Cordova vulnerable to arbitrary plugin execution

Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where arbitrary plugins may be executed. Impact Accessing a specially crafted URL may result in...

4.4CVSS4.6AI score0.04623EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 12:0 a.m.•35 views

JVN#11458774: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Impact A logged in attacker may bypass access restrictions, or delete access restriction settings. Solution Apply the update or the patch Apply the update or the pat...

6.5CVSS5.4AI score0.009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 12:0 a.m.•35 views

JVN#13288761: baserCMS plugin "Recruit Plugin" multiple vulnerabilities

baserCMS plugin "Recruit Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forgery...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/02 12:0 a.m.•35 views

JVN#59349382: Multiple Corega wireless LAN routers vulnerable to cross-site request forgery

Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged into the management screen, various administrative functions may be performed. Solution Apply a workaround The following workaround...

8.8CVSS8.8AI score0.00616EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/22 12:0 a.m.•35 views

JVN#93535632: Log-Chat vulnerable to cross-site scripting

Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Log-Ch...

6.1CVSS6AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/12 12:0 a.m.•35 views

JVN#22578691: Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates

Akerun - Smart Lock Robot App for iOS provided by Photosynth Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information...

8.1CVSS7.7AI score0.00881EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/15 12:0 a.m.•35 views

JVN#50899877: acmailer vulnerable to OS command injection

acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability CWE-78. Impact An authenticated attacker may execute an arbitrary OS command on the server. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

9.1CVSS9.3AI score0.02411EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 12:0 a.m.•35 views

JVN#64625488: applican vulnerable to script injection

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. Impact When a user accesses a specially crafted URL through an application built using applican, an...

4.3CVSS6.2AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 12:0 a.m.•35 views

JVN#79633796: baserCMS vulnerable to SQL injection

baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements CWE-89. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version...

6.5CVSS7.2AI score0.01566EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 12:0 a.m.•35 views

JVN#00015036: OpenDocMan vulnerable to cross-site scripting

OpenDocMan is a document management system DMS. OpenDocMan contains a cross-site scripting vulnerability due to a processing flaw in the "redirection" parameter. Impact An arbitrary script may be executed on the user's Mozilla Firefox. Solution Update the software Update to the latest version...

4.3CVSS5.8AI score0.22789EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 12:0 a.m.•35 views

JVN#96439865: EasyCTF vulnerable to session management

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability in session management CWE-639. Impact A remote attacker without login credentials may log in. As a result, information may be disclosed. Solution Update the Software Update to the latest version...

5CVSS6.4AI score0.01704EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/13 12:0 a.m.•35 views

JVN#14522790: Smartphone Passbook fails to verify SSL server certificates

Smartphone Passbook provided by Ogaki Kyoritsu bank Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...

5.9CVSS5.5AI score0.00828EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/09 12:0 a.m.•35 views

JVN#87910097: i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained. It is...

4.3CVSS5.9AI score0.01502EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 12:0 a.m.•35 views

JVN#61593104: ARROWS Me F-11D vulnerability where arbitrary areas may be accessed

ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed. Impact An attacker with local access may obtain or alter contents in the flash memory of the device. Solution Apply an Update Apply the update according to the information provided by the provider...

4.6CVSS6.2AI score0.00343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/18 12:0 a.m.•35 views

JVN#84335912: File Explorer vulnerable to directory traversal

File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileg...

5CVSS6.5AI score0.01859EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/18 12:0 a.m.•35 views

JVN#10603428: JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates

JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...

5.8CVSS6.1AI score0.00582EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 12:0 a.m.•35 views

JVN#44392991: Security File Manager vulnerable to directory traversal

Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.6AI score0.01249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/18 12:0 a.m.•35 views

JVN#19740283: Cybozu Live for Android vulnerable in the WebView class

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN77393797. Impact When there is a malicious file in the user's Android device,...

6.8CVSS6.2AI score0.01085EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/07 12:0 a.m.•35 views

JVN#05132866: Multiple Cisco products vulnerable to denial-of-service (DoS)

The SSH implementation in multiple Cisco products contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected ...

5CVSS6.2AI score0.01553EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/02/21 12:0 a.m.•35 views

JVN#75585394: NEC Universal RAID Utility fails to restrict access permissions

NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted. Impact A remote unauthenticated attacker may conduct arbitrary operations against the HDD on the vulunerable RAID system. Solution Update...

9CVSS6.7AI score0.01751EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/08/16 12:0 a.m.•35 views

JVN#99192898: Multiple GREE Android applications vulnerable in the WebView class

Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Updat...

4.3CVSS6.1AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 12:0 a.m.•35 views

JVN#60887968: Movable Type Plugin MailForm vulnerable to cross-site scripting

MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the fixed version according to the information provided by the developer. Products Affected...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/06 8:45 a.m.•35 views

Etomite vulnerable to cross-site scripting

Overview Etomite contains a cross-site scripting vulnerability. Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

4.3CVSS5.8AI score0.00921EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•35 views

JVN#58019849: GTK+ may insecurely load dynamic libraries

GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact In an application that uses GTK+, arbitrary code may be executed with the privilege of that application. Solution Solution for...

6.9CVSS6.8AI score0.0039EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 12:0 a.m.•35 views

JVN#80877328: Multiple Cybozu products vulnerable to cross-site scripting

Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to...

4.3CVSS5.8AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/07 12:0 a.m.•35 views

JVN#30881447: SquirrelMail vulnerable to cross-site request forgery

SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery. Impact A remote attacker may send an arbitrary email or change the settings...

6.8CVSS7.3AI score0.01517EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/26 12:0 a.m.•35 views

JVN#46026251: Safari address bar spoofing vulnerability

Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed...

4.3CVSS5.8AI score0.02981EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/19 12:0 a.m.•35 views

JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass

Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product. Impact A remote attacker may view or modify information stored b...

5.8CVSS6.5AI score0.01374EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/10/28 12:0 a.m.•35 views

JVN#13011682 SEIL/X Series and SEIL/B1 denial of service vulnerability

SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the NAT function, which may lead to a denial of service DoS vulnerability. Impact When processing a specially crafted packet, a remote attacker may cause a denial of service. Solution Update the...

7.1CVSS6.5AI score0.01684EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/06/24 12:0 a.m.•35 views

JVN#08369659 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. Impact A remote attacker may send unsolicited email to arbitrary addresses or view information stored in Movable Type. Solution Update the Software Update to the...

5.8CVSS6.3AI score0.01233EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/27 12:0 a.m.•35 views

JVN#18405927 Multiple Cybozu products vulnerable to cross-site request forgery

Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged onto the Cybozu web interface, the user's schedules and other configuration settings may be altered. Solution Update the Software Apply the latest updates provided...

6.8CVSS6.4AI score0.01044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/10 12:0 a.m.•35 views

JVN#88935101: X.Org Foundation X server buffer overflow vulnerability

The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts that can be exploited to cause a buffer overflow. Impact An attacker with an established,...

7.5CVSS7.3AI score0.05108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/13 12:0 a.m.•35 views

JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...

4.3CVSS9.3AI score0.46603EPSS
Exploits1
Total number of security vulnerabilities5000