Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/05 12:0 a.m.•32 views

JVN#17844633: XnView may insecurely load executable files

XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...

6.9CVSS7.1AI score0.00344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 12:0 a.m.•32 views

JVN#01547302: ALZip vulnerable to buffer overflow

ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...

9.3CVSS7.1AI score0.05539EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 12:0 a.m.•32 views

JVN#29212182: Java Web Start may insecurely load policy files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load policy files. Impact An attacker may execute arbitrary code with the...

7.6CVSS8.7AI score0.02347EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/25 12:0 a.m.•32 views

JVN#45658190: Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS6AI score0.0105EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/25 12:0 a.m.•32 views

JVN#99977321: Picasa may insecurely load executable files

Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the runni...

6.9CVSS7.1AI score0.0032EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/12/08 12:0 a.m.•32 views

JVN#85821104 Active! mail 2003 session ID disclosure vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...

5.8CVSS6.2AI score0.01083EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/10/20 12:0 a.m.•32 views

JVN#33822756 Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting

Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by...

4.3CVSS5.9AI score0.01801EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/08/21 12:0 a.m.•32 views

JVN#20478978 Site Calendar 'mycaljp' vulnerable to cross-site scripting

Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

4.3CVSS5.9AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/08/19 12:0 a.m.•32 views

JVN#21388501 ColdFusion vulnerable to cross-site scripting

ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the...

4.3CVSS5.8AI score0.01773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/05/11 12:0 a.m.•32 views

JVN#43233160 Cross-site scripting vulnerability in SKIP from SKIP User Group

SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on certain web browsers. Solution Update the software Update to the latest version according to the information provid...

4.3CVSS5.8AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/07 12:0 a.m.•32 views

JVN#33846134 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of...

9.3CVSS7.7AI score0.03475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/27 12:0 a.m.•32 views

JVN#18700809 Cybozu Garoon session fixation vulnerability

Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker. Impact A remote attacker impersonating a logged in user may execute arbitrary code...

6.8CVSS7.3AI score0.01524EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/20 12:0 a.m.•32 views

JVN#45675516 Flash Player vulnerable in handling cross-domain policy files

Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automaticall...

9.3CVSS5.8AI score0.08467EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/04 12:0 a.m.•32 views

JVN#66291445 SonicStage CP buffer overflow vulnerability

Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a specially crafted playlist file with the .m3u extension can cau...

9.3CVSS7.7AI score0.10919EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/01 12:0 a.m.•32 views

JVN#38605899 Mozilla Firefox cross-site scripting vulnerability

Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Mozilla has released Firefox 2.0.0.2 and...

4.3CVSS8.8AI score0.0213EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/08 12:0 a.m.•32 views

JVN#44724673: Java Web Start vulnerable to execution of unauthorized system classes

Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an...

10CVSS6.8AI score0.04959EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/18 12:0 a.m.•31 views

JVN#22348866: Active! mail vulnerable to stack-based buffer overflow

Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. Impact Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead t...

9.8CVSS8AI score0.03084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/06 12:0 a.m.•31 views

JVN#29845579: Cybozu Office vulnerable to bypass browsing restrictions in Custom App

Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App CWE-201. Impact A user who can login to the product may view data that the user does not have access by conducting 'search' under certain conditions. Solution Update the...

6.5CVSS6.3AI score0.00417EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 12:0 a.m.•31 views

JVN#44033918: Zeroshell vulnerable to OS command injection

The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability CWE-78. Impact Processing a crafted HTTP request may lead to an arbitrary OS command execution. Solution Stop using the product The developer states that the affected produ...

10CVSS9.5AI score0.36672EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 12:0 a.m.•31 views

JVN#32646742: Multiple vulnerabilities in PowerCMS

PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.1CVSS6AI score0.00402EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/12 12:0 a.m.•31 views

JVN#11705010: Beekeeper Studio vulnerable to code injection

Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability CWE-74. Impact A remote authenticated attacker may execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS...

8.8CVSS8.7AI score0.01388EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/22 12:0 a.m.•31 views

JVN#18765463: Multiple cross-site scripting vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

5.4CVSS5.5AI score0.00831EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/10 12:0 a.m.•31 views

JVN#60320736: NEC PC Settings Tool vulnerable to missing authentication for critical function

PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Impact A general user of the computer which the affected product is installed may...

7.8CVSS7.7AI score0.00165EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 12:0 a.m.•31 views

JVN#63023305: InBody App vulnerable to information disclosure

InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody Ap...

5.3CVSS4.9AI score0.00753EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/13 12:0 a.m.•31 views

JVN#87403477: Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitra...

7.8CVSS7.8AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/07 12:0 a.m.•31 views

JVN#99737748: AppCheck may insecurely invoke an executable file

AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

9.3CVSS8.6AI score0.01651EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•31 views

JVN#20870477: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...

8.8CVSS8.9AI score0.01507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•31 views

JVN#39008927: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in,...

8.8CVSS8.6AI score0.00769EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•31 views

JVN#87662835: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Impact If a user accesses a malicious web page, arbitrary code may be...

6.8CVSS6.5AI score0.00956EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•31 views

JVN#50197114: smalruby-editor vulnerable to OS command injection

smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...

10CVSS9.8AI score0.06183EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/07 12:0 a.m.•31 views

JVN#28151745: Sleipnir for Mac vulnerable to URL spoofing

Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Impact The displayed URL may be forged to conduct phishing attacks. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00831EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•31 views

JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet pass-thru Mode...

4.3CVSS5.2AI score0.00711EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•31 views

JVN#10092452: Cybozu Office vulnerable to denial-of-service (DoS)

Cybozu Office contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS that consumes system resources. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cybozu...

6.8CVSS6.2AI score0.02265EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/23 12:0 a.m.•31 views

JVN#42262137: simple chat vulnerable to cross-site scripting

simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected simple...

6.1CVSS6AI score0.01176EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 12:0 a.m.•31 views

JVN#13582657: WordPress plugin "Nofollow Links" vulnerable to cross-site scripting

The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution Update the plugin Update the plugin according to the information...

6.1CVSS6AI score0.01805EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 12:0 a.m.•31 views

JVN#43529183: Jetstar App for iOS fails to verify SSL server certificates

Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update to the latest version according to the information provided ...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 12:0 a.m.•31 views

JVN#85359294: WL-330NUL vulnerable to denial-of-service (DoS)

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service DoS vulnerability. Impact An attacker who can access the product may be able to cause a denial-of-service DoS. Solution Update the Firmware Update the firmware to the latest version...

4.3CVSS4.4AI score0.00633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 12:0 a.m.•31 views

JVN#69462495: WL-330NUL information management vulnerability

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. Impact An attacker that can access the product may obtain the WPA2-PSK passphrase. Solution Update the Firmware Update the firmware to the latest version according to th...

4.3CVSS4.4AI score0.00632EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 12:0 a.m.•31 views

JVN#35845584: Frame high-speed chat vulnerable to cross-site scripting

Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...

6.1CVSS6AI score0.00765EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 12:0 a.m.•31 views

JVN#71088919: applican vulnerable to script injection

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Impact When an application built using applican processes a specially crafted SSID, an arbitrary scri...

4.3CVSS6.2AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/30 12:0 a.m.•31 views

JVN#53973084: HTML::Scrubber vulnerable to cross-site scripting

HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Impact If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

2.6CVSS5.5AI score0.02092EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 12:0 a.m.•31 views

JVN#33179297: Enisys Gw vulnerable to arbitrary file creation

Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact An arbitrary file created by a logged in attacker may result in arbitrary code being executed on the server. Solution...

6.5CVSS6.9AI score0.01959EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 12:0 a.m.•31 views

JVN#13456571: Dojo Toolkit vulnerable to cross-site scripting

Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by t...

4.3CVSS5.5AI score0.02224EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 12:0 a.m.•31 views

JVN#04855224: baserCMS fails to restrict access permissions

baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system. Impact User information may be changed to arbitrary values by a logged in attacker...

6.5CVSS6.3AI score0.01551EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•31 views

JVN#67586379: Reversi vulnerable to URL whitelist bypass

Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to be...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 12:0 a.m.•31 views

JVN#29053368: Yodobashi App for Android fails to verify SSL server certificates

Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information...

5.9CVSS5.5AI score0.00828EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 12:0 a.m.•31 views

JVN#09758120: Cacti vulnerable to cross-site scripting

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on th...

4.3CVSS5.2AI score0.05739EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•31 views

JVN#52478686: MilkyStep vulnerable to SQL injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...

7.5CVSS7.4AI score0.01285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 12:0 a.m.•31 views

JVN#07538357: EasyCTF vulnerable to cross-site scripting

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

3.5CVSS5.9AI score0.00954EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/20 12:0 a.m.•31 views

JVN#64455813: Squid input validation vulnerability

Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client. Impact If a HTTP response with a specially crafted header is processed, it may result in a HTTP response splitting...

4.3CVSS7.4AI score0.04507EPSS
Exploits0
Total number of security vulnerabilities5000