Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/06/10 12:0 a.m.35 views

JVN#88935101: X.Org Foundation X server buffer overflow vulnerability

The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts that can be exploited to cause a buffer overflow. Impact An attacker with an established,...

7.5CVSS7.3AI score0.05108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/13 12:0 a.m.35 views

JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server modules modimap and modimagemap are vulnerable to cross-site scripting. Impact An arbitrary script can be...

4.3CVSS9.3AI score0.46603EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/15 12:0 a.m.35 views

JVN#07100457 Apache Tomcat cross-site scripting vulnerability

Apache Tomcat, provided by the Apache Software Foundation, is an implementation of Java Servlets and JavaServer Pages technologies. Apache Tomcat Web Application Manager contains a cross-site scripting vulnerability. Impact When a user logs into Apache Tomcat Web Application Manager, an arbitrary...

3.5CVSS7.2AI score0.03291EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/29 12:0 a.m.34 views

JVN#16420523: SDoP vulnerable to stack-based buffer overflow

SDoP fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability CWE-121. Impact When a user of the affected product is tricked to process a specially crafted XML file, an arbitrary code may be executed on the user's environment...

8.8CVSS8.8AI score0.00567EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/18 12:0 a.m.34 views

JVN#65171386: Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR

ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below. Path Traversal CWE-36 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6 CVE-2024-33620 Missing Authentication CWE-306...

8.6CVSS8.7AI score0.00678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/24 12:0 a.m.34 views

JVN#62737544: Multiple vulnerabilities in RoamWiFi R10

RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-31406 Insertion of sensitive information into log file CWE-532...

8.8CVSS7.3AI score0.00326EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/27 12:0 a.m.34 views

JVN#73283159: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Reflected cross-site scripting vulnerability in Site search Feature CWE-79 - CVE-2023-44379 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

8.1CVSS6.4AI score0.01455EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/12 12:0 a.m.34 views

JVN#37326856: Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

WordPress Plugin "WordPress Quiz Maker Plugin" provided by AYS Pro Plugins contains an improper input validation vulnerability CWE-20. Impact A user of the product may use the product to perform a Denial of Service DoS attack against external services. Solution Update the plugin Update the plugin...

6.5CVSS6.3AI score0.00726EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/07 12:0 a.m.34 views

JVN#29195731: EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Impact Arbitrary code may be executed on the server where the product is running by a user with an administrative...

7.2CVSS7.3AI score0.01582EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/02 12:0 a.m.34 views

JVN#14762986: Improper restriction of XML external entity references (XXE) in e-Tax software

e-Tax software provided by National Tax Agency improperly restricts XML external entity references XXE CWE-611 due to the configuration of the embedded XML parser. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software...

5.5CVSS5.4AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/18 12:0 a.m.34 views

JVN#19661362: Multiple vulnerabilities in Proself

Proself provided by North Grid Corporation is an online storage server software. Proself contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-39415 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS...

7.5CVSS8.4AI score0.0087EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/26 12:0 a.m.34 views

JVN#19243534: ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal

ESS REC Agent Server Edition for Linux etc. provided by Encourage Technologies Co.,Ltd. contain a directory traversal vulnerability CWE-23. Impact Arbitrary files on the server may be viewed or altered by an attacker. Solution Update the software Update the software to the latest version accordin...

8.1CVSS8AI score0.00908EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/19 12:0 a.m.34 views

JVN#50862842: EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may alter the information stored in the system. Solution Stop using "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series "...

5.3CVSS5.4AI score0.007EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/16 12:0 a.m.34 views

JVN#37014768: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Improper Validation of Syntactic Correctness of Input CWE-1286 - CVE-2022-45113 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2|...

7.2CVSS7.1AI score0.00972EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/09 12:0 a.m.34 views

JVN#48120704: Movable Type plugin A-Form vulnerable to cross-site scripting

Movable Type plugin A-Form provided by ARK-Web co., ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the Software Update A-Form to the latest version...

6.1CVSS6.1AI score0.00749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/05 12:0 a.m.34 views

JVN#34205166: SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulnerability, it is require...

5.9CVSS5.5AI score0.01244EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/13 12:0 a.m.34 views

JVN#46241173: EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

EC-CUBE plugin "Easy Blog for EC-CUBE4" provided by COREMOBILE Co. Ltd. contains a cross-site request forgery vulnerability CWE-352. Impact If a site administrator who is logging in to the management screen of EC-CUBE on which the plug-in is installed accesses a specially crafted page, a blog...

4.3CVSS4.5AI score0.00431EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/04/22 12:0 a.m.34 views

JVN#54857505: Hammock AssetView missing authentication for critical functions

AssetView provided by Hammock Corporation misses authentication for some critical functions CWE-306 on the managing server. Impact With some knowledge on the system configuration, a remote attacker may upload a crafted configuration file to the managing server, which results in the managed client...

9.8CVSS9.9AI score0.04273EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/25 12:0 a.m.34 views

JVN#93562098: WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery

WordPress Plugin "Browser and Operating System Finder" provided by Aftab Muni contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin...

8.8CVSS8.7AI score0.00759EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/18 12:0 a.m.34 views

JVN#77458946: EC-CUBE vulnerable to directory traversal

EC-CUBE provided by EC-CUBE CO.,LTD. contains a directory traversal vulnerability CWE-22. Impact A user who can login to the management screen of the product may delete arbitrary files and/or directories on the server. Solution Update the Software The update for EC-CUBE 4 is available. Update the...

8.1CVSS8.1AI score0.02059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/25 5:0 a.m.34 views

MQTT.js issue in handling PUBLISH packets

Overview MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Masataka Sakaguchi, Bintatsu Noda and Hisashi Kojima of Fujitsu Laboratories Ltd.reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.5CVSS6.9AI score0.02214EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/02 12:0 a.m.34 views

JVN#08020381: Installer of SaAT Personal may insecurely load Dynamic Link Libraries

The installer of SaAT Personal provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

8.8CVSS8.8AI score0.01636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/22 12:0 a.m.34 views

JVN#44566208: H2O use-after-free vulnerability

H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition or obtain arbitrary information which may include t...

9.1CVSS9.3AI score0.02184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/01 12:0 a.m.34 views

JVN#08868688: The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries

The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, an arbitrary code m...

7.8CVSS7.8AI score0.00956EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/20 12:0 a.m.34 views

JVN#14567604: Multiple vulnerabilities in WordPress plugin WP-OliveCart

WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains the following vulnerabilities. Cross-site scripting CWE-79 - CVE-2016-4903 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

9.8CVSS7.8AI score0.01918EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/27 12:0 a.m.34 views

JVN#45034304: Multiple Hikari Denwa routers vulnerable to cross-site request forgery

Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Products Affecte...

8.8CVSS8.8AI score0.01208EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/04 12:0 a.m.34 views

JVN#41875357: ActiveX control for EVA Animator vulnerable to buffer overflow

ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Impact If a user views a malicious page, arbitrary code may be executed. Solution Remove ActiveX control for EVA Animator The EVA Animator service ended and the related website for its service...

6.8CVSS6.8AI score0.01147EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/15 12:0 a.m.34 views

JVN#47296923: Cybozu Office vulnerable to information disclosure

Cybozu Office contains an information disclosure vulnerability. Impact If a user views a malicious page while logged in, token used for cross-site request forgery CSRF protection may be disclosed. As a result, an attacker who obtains the CSRF token can perform further attacks. Solution Update the...

4.3CVSS4.7AI score0.01154EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/29 12:0 a.m.34 views

JVN#58615092: Enisys Gw vulnerable to SQL injection

Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote unauthenticated attacker. Solution Update the Software Update to the latest versio...

7.5CVSS7.2AI score0.01271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/01 12:0 a.m.34 views

JVN#07676450: Canary Labs Trend Web Server vulnerable to buffer overflow

Trend Web Server provided by Canary Labs is a solution used for data visualization. Trend Web Server contains a buffer overflow CWE-119 vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code when sending a specially crafted TCP packet. Solution Stop...

7.5CVSS8AI score0.02891EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/16 12:0 a.m.34 views

JVN#24517322: Koritore vulnerable to URL whitelist bypass

Koritore provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Koritore contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to b...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/08/18 12:0 a.m.34 views

JVN#17964918: Multiple I-O DATA LAN routers vulnerable in UPnP functionality

A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution For NP-BBRS: Do not use NP-BBRS The developer has stated that the suppo...

5CVSS6.3AI score0.016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/05 12:0 a.m.34 views

JVN#50447904: Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Impact An authenticated attacker may be able to execute arbitrary OS commands. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Products Affected...

7.7CVSS7.6AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/06 12:0 a.m.34 views

JVN#30832515: All In One WP Security & Firewall vulnerable to SQL injection

All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability CWE-89. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Update...

6CVSS7.1AI score0.01539EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/27 12:0 a.m.34 views

JVN#77718330: Vulnerability in the jBCrypt key stretching process

jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Impact When the hash value for a password ...

5CVSS5.4AI score0.04803EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/25 12:0 a.m.34 views

JVN#30135729: SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution

Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Impact Arbitrary code may be executed on the server. Solution Update the Software Update to the latest version according to the information provided by th...

6.8CVSS6.6AI score0.02293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/25 12:0 a.m.34 views

JVN#44544694: Zen Cart Japanese version vulnerable to cross-site scripting

Zen Cart is an open source system for creating shopping websites. Zen Cart Japanese version contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution For Zen Cart v1.5 ja variants: Update t...

4.3CVSS6AI score0.02188EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/01 12:0 a.m.34 views

JVN#21907573: SEIL Series routers vulnerable to denial-of-service (DoS)

SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Impact By receiving a large volume of NTP request in a short time, the device might continue sending response packets. As a result, the device's...

7.5CVSS7.5AI score0.03172EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/10/16 12:0 a.m.34 views

JVN#87373393: BirdBlog vulnerable to cross-site scripting

BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use BirdBlog BirdBlog is no longer being developed or maintained, therefore it is recommended to stop using BirdBlog. Produc...

4.3CVSS6.1AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/25 12:0 a.m.34 views

JVN#16485017: SLFileManager for Android vulnerable to directory traversal

SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges ...

6.4CVSS6.5AI score0.01847EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/22 12:0 a.m.34 views

JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates

Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...

5.4CVSS6.2AI score0.00248EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/29 12:0 a.m.35 views

JVN#42511610: acmailer contains a cross-site request forgery vulnerability

Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information registered in the product may be altered or deleted, or in some cases, the authorization privilege can be stolen. Solution Update the Software...

6.8CVSS6.3AI score0.00924EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/16 12:0 a.m.34 views

JVN#41028866: Multifunctional MailForm Free vulnerable to cross-site scripting

Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting. Impact By opening a specially crafted HTML document, an arbitrary sctipt may be executed. Solution Update the software Update to the latest version according to the informatio...

4.3CVSS6.1AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/15 12:0 a.m.34 views

JVN#94838679: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Softwa...

3.5CVSS5.8AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/04/18 12:0 a.m.34 views

JVN#00058727: Cybozu Remote Service Manager vulnerable to session fixation

Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result...

6.8CVSS6.5AI score0.01734EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/21 12:0 a.m.34 views

JVN#43254599: AutoCAD may insecurely load dynamic libraries

AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Upgrade t...

4.4CVSS6.3AI score0.00428EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/07 12:0 a.m.34 views

JVN#50943964: phpMyFAQ vulnerable to cross-site request forgery

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information provided by t...

6.8CVSS6AI score0.01071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/07 12:0 a.m.34 views

JVN#30050348: phpMyFAQ vulnerable to cross-site scripting

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of the...

4.3CVSS5.9AI score0.01951EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/12/03 12:0 a.m.34 views

JVN#94245330: Cybozu Garoon vulnerable to denial-of-service (DoS)

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact A denial-of-service DoS attack via Garoon 3 Keitai may cause high CPU usage on the server. Solution Update the Software Update to the latest version according to the...

5CVSS6.2AI score0.0157EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.34 views

JVN#43886811: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

5CVSS6.3AI score0.01862EPSS
Exploits0
Total number of security vulnerabilities5000