Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/01/11 12:0 a.m.27 views

JVN#53293565: Contents-Mall vulnerability in password handling

Contents-Mall is a shopping cart software for digital contents. Contents-Mall contains a vulnerability in the way it handles passwords. Impact The administrative password may be disclosed. As a result, information stored by the software may be viewed or altered. Solution Updatethe software Update...

5.8CVSS6.3AI score0.01243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/31 12:0 a.m.27 views

JVN#24423311: moobbs vulnerable to cross-site scripting

moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/09/02 12:0 a.m.27 views

JVN#57040664 ATOK screen lock bypass vulnerability

ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass vulnerability. Impact An attacker could execute arbitrary code or program with the privileges ...

7.2CVSS7.2AI score0.00394EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/07/14 12:0 a.m.27 views

JVN#31110006 shiromuku(fs6)DIARY cross-site scripting vulnerability

shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

4.3CVSS5.9AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/05/29 12:0 a.m.27 views

JVN#01115659 REP-BBS from MT312 vulnerable to cross-site scripting

REP-BBS from MT312, is a web log system that supports posting and viewing web logs from a mobile phone. REP-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest versi...

4.3CVSS6AI score0.01022EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/05/21 12:0 a.m.27 views

JVN#42927215 a-News from Appleple vulnerable to cross-site scripting

a-News, a web log system from Appleple, contains a cross-site scripting vulnerability. Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using a web log system to use a-blog. Impact An arbitrary script may be executed on...

4.3CVSS6AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/01 12:0 a.m.27 views

JVN#36085487 EC-CUBE cross-site scripting vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...

4.3CVSS5.7AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/25 12:0 a.m.27 views

JVN#60419863 Geeklog Forum Plugin vulnerable to cross-site scripting

Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the...

4.3CVSS6AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/04/23 12:0 a.m.27 views

JVN#76788395 Sony mylo COM-2 does not verify server SSL certificate

Sony mylo COM-2, a mobile terminal equipped with a web browser and media palyer, contains a vulnerability where it does not verify the server certificate when connecting to a server via SSL/TLS. Impact Normally, when a client connects to a web server through a SSL/TLS connection, it would verify...

6.4CVSS6.2AI score0.01346EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/02/21 12:0 a.m.27 views

JVN#42381549 Internet Scanner reporting engine vulnerable to cross-site scripting

IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/03/26 12:0 a.m.27 views

JVN#86092776: BASP21 vulnerable in handling CRLF sequences

Impact An unauthenticated remote attacker may send an unintended email from a web application which its email function is implemented using BASP21. Solution Products Affected bsmtp.dll included in BASP21 2003.0211 Versions of BASP21 Pro earlier than 1,0,702,27...

6.4CVSS6.6AI score0.01449EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/06/13 12:0 a.m.26 views

JVN#27937557: Multiple vulnerabilities in RICOH Streamline NX PC Client

RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Base Score 6.5...

9.8CVSS7.8AI score0.00776EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/30 12:0 a.m.26 views

JVN#11779839: Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials

Multiple network cameras provided by Hangzhou Hikvision Digital Technology Co., Ltd. support two Dynamic DNS services, DynDNS and NO-IP. The user can select which to use on the GUI configuration page. Both the services provide their APIs accessible via HTTP and HTTPS, but old firmware versions of...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/03 12:0 a.m.26 views

JVN#94347255: JP1/Extensible SNMP Agent fails to restrict access permissions

JP1/Extensible SNMP Agent provided by Hitachi fails to restrict access permissions CWE-276. Impact If an authenticated attacker who can log in to the product places a specially crafted DLL file in a specific directory, arbitrary code may be executed with the administrative privilege. Solution...

7.8CVSS7.6AI score0.00173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/18 12:0 a.m.26 views

JVN#00442488: Multiple vulnerabilities in Ricoh Streamline NX PC Client

Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2024-36252 ricoh-2024-000004 Use of hard-coded...

9.8CVSS7.3AI score0.00507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/09 12:0 a.m.26 views

JVN#97751842: Multiple vulnerabilities in MosP kintai kanri

MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below. Path Traversal CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28880 Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Bas...

7.5CVSS6.8AI score0.00648EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/07 12:0 a.m.26 views

JVN#54451757: Multiple vulnerabilities in SKYSEA Client View

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific folder CWE-276 - CVE-2024-21805 Version| Vector| Score ---|---|--- CVSS v3|...

7.8CVSS8.1AI score0.00408EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 12:0 a.m.26 views

JVN#01434915: Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"

"Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version" provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially craft...

5.5CVSS5.3AI score0.00214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/19 12:0 a.m.26 views

JVN#67215338: FusionPBX vulnerable to cross-site scripting

FusionPBX contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the software Update the software to the latest version according to the information provided by the...

4.8CVSS4.8AI score0.00458EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/14 12:0 a.m.26 views

JVN#67822421: OSS Calendar vulnerable to SQL injection

OSS Calendar provided by Thinkingreed Inc. contains an SQL injection vulnerability CWE-89. Impact A logged-in user may execute an arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. Solution Update the software Update the software...

8.8CVSS8.9AI score0.01089EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/02 12:0 a.m.26 views

JVN#39596244: Improper restriction of XML external entity references (XXE) in FD Application

FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the...

5.5CVSS5.4AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/22 12:0 a.m.26 views

JVN#45127776: Tornado vulnerable to open redirect

Tornado provided by tornadoweb contains a vulnerability that triggers open redirect CWE-601 under certain non-default configurations. Impact When accessing a specially crafted URL, the user of the website using the affected product may be redirected to an arbitrary website. As a result, the user...

6.1CVSS6.3AI score0.01132EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/17 12:0 a.m.26 views

JVN#87559956: Joruri Gw vulnerable to cross-site scripting

Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the specific page of the product. Solution Update the software...

5.4CVSS5.3AI score0.0045EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/31 12:0 a.m.26 views

JVN#22830348: Vulnerability in Driver Distributor where passwords are stored in a recoverable format

Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format CWE-257. Impact If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. Solution...

7.5CVSS7.4AI score0.00536EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/21 12:0 a.m.26 views

JVN#26044739: Typora fails to properly neutralize JavaScript code

Typora fails to properly neutralize JavaScript code CWE-116. Impact Opening a file with the affected product may lead to execute the JavaScript code inside the file. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The...

6.1CVSS6.3AI score0.00357EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/25 12:0 a.m.26 views

JVN#77850327: WordPress Plugin "Newsletter" vulnerable to cross-site scripting

WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress using the plugin with the administrative privilege...

6.1CVSS6AI score0.01785EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/09 12:0 a.m.26 views

JVN#88176589: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an authentication bypass vulnerability. Impact A remote unauthenticated attacker may perform an arbitrary...

7.5CVSS7.4AI score0.01488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/20 12:0 a.m.26 views

JVN#61297210: Money Forward Apps for Android vulnerable in the WebView class

Money Forward Apps for Android contain a vulnerability in the WebView class. Impact If a user of the affected product uses another malicious Android application, information managed by the affected product may be disclosed. Solution Update the application Update to the latest version according to...

5.5CVSS5.2AI score0.01661EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/18 12:0 a.m.26 views

JVN#11877654: 百五銀行 (105 BANK) App fails to verify SSL server certificates

百五銀行 105 BANK App provided by THE HYAKUGO BANK, LTD. is a mobile app for internet banking. 百五銀行 App fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/19 12:0 a.m.26 views

JVN#11815655: Photopt App fails to verify SSL server certificates

Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by th...

5.9CVSS5.5AI score0.0084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/03/30 12:0 a.m.26 views

JVN#82020528: Aterm WG300HP vulnerable to cross-site request forgery

Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workaround may mitigate the affects of this...

8.8CVSS8.6AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/18 12:0 a.m.26 views

JVN#47951769: Shoplat App for iOS issue in the verification of SSL certificates

Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Impact A connection to a server using an invalid SSL server certificate can be estabilished without a warning. As a result, the user may not notice that a remote attacker is interceptin...

7.5CVSS7.2AI score0.00706EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/11/27 12:0 a.m.26 views

JVN#21968837: ManageEngine Firewall Analyzer vulnerable to directory traversal

ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a directory traversal vulnerability. Impact An authenticated attacker may be able to obtain arbitrary files on...

6.5CVSS6.5AI score0.10631EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/29 12:0 a.m.26 views

JVN#68289108: Enisys Gw fails to restrict access permissions

Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw fails to restrict access permissions. Impact A remote unauthenticated attacker may be access to an arbitrary file uploaded on the product. Solution Update the Software Update to the latest version according to t...

5CVSS6.6AI score0.01423EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/15 12:0 a.m.26 views

JVN#92520335: eXtplorer vulnerable to cross-site request forgery

eXtplorer is a web-based file manager. index.php of eXtplorer contains a cross-site request forgery CWE-352 vulnerability. Impact If a user views a malicious page while logged in, the user may be forced to implicitly perform unintended operations such as the execution of arbitrary PHP code...

6.8CVSS6.3AI score0.01014EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/08/27 12:0 a.m.26 views

JVN#91474878: File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED" encrypts...

2.6CVSS7.3AI score0.00695EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/12 12:0 a.m.26 views

JVN#24336273: BloBee vulnerable to arbitrary file creation

BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the server. Solution Update the Software...

7.5CVSS6.9AI score0.02673EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/03 12:0 a.m.26 views

JVN#95246510: "Open Explorer Beta" App for Android vulnerable to directory traversal

"Open Explorer Beta" App for Android provided by brandroid.org contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the...

6.4CVSS6.5AI score0.01883EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/12 12:0 a.m.26 views

JVN#20133698: MailDealer vulnerable to cross-site scripting

MailDealer provided by RAKUS Co.,Ltd. contains a persistent cross-site scripting CWE-79 vulnerability due to a flaw in processing file names of attachments. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to...

4.3CVSS5.8AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/14 12:0 a.m.26 views

JVN#89852154: iLogScanner vulnerable to cross-site scripting

iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability CWE-79 due to a flaw when processing analysis results and outputting the...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/19 12:0 a.m.26 views

JVN#08994136: Bump for Android vulnerable in handling of implicit intents

Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Impact Information such as the owner's name that was obtained from another device may be disclosed. Solution Do not use Bump for...

5CVSS6.1AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/03/20 12:0 a.m.26 views

JVN#70029459: ES File Explorer vulnerable to directory traversal

ES File Explorer provided by ES APP Group contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.5AI score0.01388EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/08/19 12:0 a.m.26 views

JVN#75084836: Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates

Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...

5.8CVSS5.9AI score0.00521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/29 12:0 a.m.26 views

JVN#90289505: Content Provider in MovatwiTouch fails to restrict access permissions

MovatwiTouch is a Twitter client software for Android devices. The Content Provider in MovatwiTouch contains an issue where access permissions are not restricted. Impact If a user of the affected product uses another malicious Android application, authorization information granted to MovatwiTouch...

2.6CVSS6.2AI score0.01338EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/23 12:0 a.m.26 views

JVN#52552792: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Impact When a user accesses a specially crafted URL while there is an item in the shopping cart, a...

4.3CVSS6.3AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/03/26 12:0 a.m.26 views

JVN#77360971: Simeji vulnerable to information disclosure

Simeji is a Japanese Input Method Editor IME for Android devices. Simeji contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution...

5CVSS6.2AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/21 12:0 a.m.26 views

JVN#60931933: BIGACE vulnerable to session fixation

BIGACE is a content management system CMS. BIGACE contains a session fixation vulnerability. Impact A remote unauthenticated attacker may impersonate a registered user. As a result, information disclosure or alteration may be possible. Solution Update the Software Apply the latest update accordin...

6.8CVSS6.5AI score0.01309EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/06/05 12:0 a.m.26 views

JVN#78305073: @WEB ShoppingCart vulnerable to cross-site scripting

@WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the appropriate patch according to th...

4.3CVSS6AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/14 12:0 a.m.26 views

JVN#51216285: DBD::mysqlPP vulnerable to SQL injection

DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability. Impact An attacker may view or alter information stored in the database. Solution Do not use DBD::mysqlPP According to the developer, "DBD::mysqlPP was developed as a jok...

7.5CVSS6.9AI score0.0111EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/05/26 12:0 a.m.26 views

JVN#46984044: WalRack upload file handilng vulnerability

WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files. Impact An arbitrary PHP script may be executed on the server where WalRack is installed. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.3AI score0.01424EPSS
Exploits0
Total number of security vulnerabilities5000