Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/01 12:0 a.m.•29 views

JVN#04155116: WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting

WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the website using the plugin. Solution Update the plugin Update the plugin to t...

5.4CVSS5.2AI score0.00529EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/10 12:0 a.m.•29 views

JVN#63047298: Kinza vulnerable to cross-site scripting

Kinza provided by Dayz Inc. contains a cross-site scripting vulnerability CWE-79. Impact If CSP Content Security Policy on the affected product is disabled, an arbitrary script may be executed on the web browser of the user who uses RSS reader. Solution Update the Software Update to the latest...

6.1CVSS6.1AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/07 12:0 a.m.•29 views

JVN#13003724: OneThird CMS vulnerable to cross-site scripting

OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the...

6.1CVSS6AI score0.01146EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•29 views

JVN#09460804: Knowledge vulnerable to cross-site request forgery

Knowledge provided by support-project.org is an open-source knowledge base platform. Knowledge contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to the...

8.8CVSS8.6AI score0.00741EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•29 views

JVN#34103586: Multiple I-O DATA network camera products vulnerable to information disclosure

Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability CWE-200. Impact Information such as authentication credentials may be disclosed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware...

7.5CVSS7.5AI score0.02663EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/19 12:0 a.m.•30 views

JVN#03251132: Installer of Evernote for Windows may insecurely load Dynamic Link Libraries

The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the latest installer...

7.8CVSS7.6AI score0.01534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/25 12:0 a.m.•29 views

JVN#05924524: LINE for Windows fails to properly verify downloaded files

The auto update function in LINE for Windows provided by LINE Corporation contains a vulnerability where downloaded files are not properly verified. Impact A successful man-in-the-middle attack may result in a specially crafted file prepared by an attacker being downloaded and executed. Solution...

8.1CVSS7.9AI score0.02201EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/30 12:0 a.m.•29 views

JVN#07818796: Aterm WF800HP vulnerable to cross-site request forgery

Aterm WF800HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest firmware version according to the information...

8.8CVSS8.7AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/24 12:0 a.m.•29 views

JVN#86517621: WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting

"WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update to the...

6.1CVSS6AI score0.01491EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•29 views

JVN#64209269: Cybozu Office vulnerable to cross-site request forgery

Cybozu Office contains a cross-site request forgery vulnerability CWE-352 in multiple functions. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to the latest version according to the information provided by the...

8.8CVSS8.3AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/25 12:0 a.m.•29 views

JVN#50775659: CG-WLBARAGM may behave as an open proxy

CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy. Impact The device may be leveraged as a proxy server to conduct cyber attacks. Solution Apply a Workaround The following workaround may mitigate the affects of this...

5.8CVSS5.5AI score0.01599EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 12:0 a.m.•29 views

JVN#34489380: WL-330NUL vulnerable to remote command execution

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. Impact An attacker that can access the product may execute an arbitrary command with administrative privileges. Solution Update the Firmware Update the firmware to...

7.3CVSS7.4AI score0.0223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/16 12:0 a.m.•29 views

JVN#37825153: AirDroid for Android vulnerable in handling of implicit intents

AirDroid for Android provided by SAND STUDIO contains a vulnerability in the handling of implicit intents. Impact Information in AirDroid may be leaked to a third party through a malicious Android application. Solution Update the Software Update to the latest version according to the information...

4.3CVSS6.2AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/07 12:0 a.m.•29 views

JVN#38369032: Cybozu Garoon vulnerable to LDAP injection

Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability. Impact A malicious user authorized to administer uesrs in certain groups may obtain information from the authentication server or may perform a...

7CVSS6.7AI score0.01241EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 12:0 a.m.•29 views

JVN#85118545: MATCHA SNS access restriction bypass vulnerability

MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains an access restriction bypass vulnerability. Impact A user without administrative privileges may obtain administrative privileges. Solution Update the Software Update to the latest version according to the information...

6.5CVSS6.4AI score0.01255EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 12:0 a.m.•29 views

JVN#18232032: MATCHA INVOICE vulnerable to SQL injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains multiple SQL injection CWE-89 vulnerabilities. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest...

6.5CVSS6.9AI score0.01049EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 12:0 a.m.•29 views

JVN#04644117: Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Impact Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are grant...

6.8CVSS6.6AI score0.01118EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/03 12:0 a.m.•29 views

JVN#13684924: BBS X102 vulnerable to cross-site scripting

BBS X102 provided by guide-park.com is a bulletin board software. BBS X102 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using BBS X102 Ver1.03 Since the developer was unreachable, existence of any...

4.3CVSS6.1AI score0.0095EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 12:0 a.m.•29 views

JVN#70465405: Yodobashi App for Android vulnerable to arbitrary Java method execution

Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android devices...

6.8CVSS6.7AI score0.02031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/30 12:0 a.m.•29 views

JVN#22677713: OpenEMR vulnerable to authentication bypass

OpenEMR is an electronic health records and medical practice management application. OpenEMR contains an authentication bypass vulnerability CWE-302. Impact Sensitive information may be obtained by a remote attacker who can access the web interface of the product. Solution Update the software and...

5CVSS6.5AI score0.02874EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/12 12:0 a.m.•29 views

JVN#19732015: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information CWE-284. Impact A non-administrative user may be able to change administrative user credentials. Solution...

6.5CVSS5.9AI score0.012EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 12:0 a.m.•29 views

JVN#68452022: Zenphoto vulnerable to cross-site scripting

Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

4.3CVSS5.8AI score0.01194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/21 12:0 a.m.•29 views

JVN#07930208: BSD Operating Systems vulnerable to denial-of-service (DoS)

BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Impact When a sepcially crafted packet from a malicious server is received, a condition where client resources are not released may occur. As a result, clients...

5CVSS6.1AI score0.04749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/23 12:0 a.m.•29 views

JVN#27388160: SumaHo for Android fails to verify SSL/TLS server certificates

SumaHo for Android fails to verify SSL/TLS server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Apply the appropriate update according to the information provided by the developer. Products Affected...

5.9CVSS5.5AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/30 12:0 a.m.•29 views

JVN#72950786: Outlook.com for Android contains an issue where it fails to verify SSL server certificates

Outlook.com for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

4CVSS6AI score0.02887EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/20 12:0 a.m.•29 views

JVN#49974594: Webmin vulnerable to cross-site scripting

Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser who is logged into Webmin. Solution Update the software Update to the latest version according to the information provided by th...

4.3CVSS5.8AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 12:0 a.m.•29 views

JVN#50129191: JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution

"JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid. Please note that this is a flaw in the online...

7.6CVSS6.9AI score0.03592EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 12:0 a.m.•29 views

JVN#81637882: Information disclosure vulnerability in Sleipnir Mobile for Android

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Impact When a website that a user is viewing requests the user's location information, Sleipnir...

4.3CVSS6.1AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/26 12:0 a.m.•29 views

JVN#69700259: HP Autonomy Ultraseek vulnerable to cross-site scripting

HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the Software Update the...

3.5CVSS6.1AI score0.01826EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•29 views

JVN#55630933: EC-CUBE information disclosure vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. Impact User's information may be obtained or altered by other user who visits the shopping site. Solution...

5.5CVSS6.2AI score0.01172EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•29 views

JVN#06870202: EC-CUBE information disclosure vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact When the server receives a specially crafted request, the absolute path of the product on the server may be obtained. Solution Apply the update or...

5CVSS6.2AI score0.01504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/05 12:0 a.m.•29 views

JVN#81813850: Tiki Wiki CMS Groupware vulnerable to cross-site scripting

Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged in. Solution Apply an Update Apply the appropriate update for the version of the software bei...

4.3CVSS6AI score0.01156EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/10/30 12:0 a.m.•29 views

JVN#70739377: Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)

International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU4C contain a denial-of-service vulnerability due to a race condition. ICU released ICU4C version 50.1.1 that addresses this...

6.8CVSS6.1AI score0.01339EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/08/07 12:0 a.m.•29 views

JVN#44035194: docomo overseas usage application vulnerability in the connection process

docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user information. Soluti...

3.3CVSS6.2AI score0.00732EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/23 12:0 a.m.•29 views

JVN#39699406: EC-CUBE vulnerable to information disclosure as a result of improper input checking

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. Impact A remote, unauthenticated attacker may obtain information stored in the product. Solution Apply the update...

5CVSS6.2AI score0.01369EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/13 12:0 a.m.•29 views

JVN#18501376: OpenPNE vulnerable to cross-site scripting

The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/04/15 12:0 a.m.•29 views

JVN#06251813: Multiple Cybozu products vulnerable to cross-site request forgery

Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user accesses a specially crafted URL while logged in, user passwords or administrator passwords may be altered. Solution Update the Software Update to the latest version according to the information provided...

6.8CVSS6.1AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/02/26 12:0 a.m.•29 views

JVN#16817324: Multiple JustSystems products vulnerable to arbitrary code execution

Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution. For more information, refer to the information provided by the developer. Impact Opening a file may cause arbitrary code to be executed with the privilege of the running...

9.3CVSS7AI score0.03815EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/16 12:0 a.m.•29 views

JVN#56923652: Monaca Debugger for Android information management vulnerability

Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file. Impact Android applications with permissions to read system log files may obtain users credentials of Monaca or other...

5CVSS6.2AI score0.01354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/08/07 12:0 a.m.•29 views

JVN#67435981: LINE for Android vulnerable in handling of implicit intents

LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Impact Information such as messages sent by LINE may be leaked to a third party through a malicious application. Solution Update...

5CVSS6.2AI score0.01354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/06 12:0 a.m.•29 views

JVN#80835745: Movable Type plugin MT4i vulnerable to cross-site scripting

MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79111101. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•29 views

JVN#44913777: SENCHA SNS vulnerable to cross-site request forgery

SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, arbitrary operations may be conducted on the vulnerable system. Solution Update the Software Update to the latest version provided by...

6.8CVSS6.6AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 12:0 a.m.•29 views

JVN#62336482: FFFTP may insecurely load executable files

FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest...

9.3CVSS7AI score0.02343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 12:0 a.m.•29 views

JVN#08307791: Plume vulnerable to cross-site scripting

Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged in as administrator. Solution Update the Software Update to the latest version according to the information provide...

2.6CVSS5.8AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:0 a.m.•29 views

JVN#36684331: WEB FORUM vulnerable to cross-site scripting

WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the lates...

4.3CVSS5.8AI score0.01029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/16 12:0 a.m.•29 views

JVN#31506102: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Users who can login and do not have access privileges to information in Aipo may view or alter information. The developer has confirmed that a...

7.5CVSS7.1AI score0.01072EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/26 6:52 a.m.•29 views

MODx Evolution vulnerable to directory traversal

Overview MODx Evolution contains a directory traversal vulnerability. MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update th...

5CVSS6.9AI score0.02388EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/26 12:0 a.m.•29 views

JVN#36765384: Google Chrome information disclosure vulnerability

Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Impact When viewing a specially crafted web page, information may be disclosed. Solution Update the Software Update to the latest version according to the information provided by the...

6.5CVSS6.1AI score0.00761EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/29 12:0 a.m.•29 views

JVN#72541530: Active! mail 6 vulnerable to HTTP header injection

Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...

4.3CVSS6.7AI score0.01104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 12:0 a.m.•29 views

JVN#82749282 CapsSuite Small Edition PatchMeister vulnerable to denial of service

CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for PTM" installed, a remote attacker may shut down or...

7.8CVSS6.7AI score0.02816EPSS
Exploits0
Total number of security vulnerabilities5000