Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/21 12:0 a.m.20 views

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the...

4.8CVSS4.8AI score0.00217EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.20 views

JVN#69107517: TvRock vulnerable to cross-site scripting

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user accessing the website th...

6.1CVSS6.1AI score0.00313EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/01 12:0 a.m.20 views

JVN#41129639: Payment EX vulnerable to information disclosure

Payment EX provided by Simplesite contains an information disclosure vulnerability CWE-200. Impact A remote unauthenticated attacker may obtain the information of the user who purchases merchandise using Payment EX. Solution Update the Software Update the software to the latest version according ...

7.5CVSS6.4AI score0.00571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/10 12:0 a.m.20 views

JVN#53880182: TVer App for Android fails to verify SSL server certificates

TVer App for Android provided by PRESENTCAST INC. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.5AI score0.00667EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 5:39 a.m.20 views

ManageEngine ServiceDesk Plus vulnerable to cross-site scripting

Overview ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting CWE-79 vulnerability. Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

5.4CVSS5.9AI score0.01927EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/11/27 4:28 a.m.20 views

ManageEngine Firewall Analyzer vulnerable to directory traversal

Overview ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a directory traversal vulnerability. Mukai Akihito and Hasegawa Tomoshige reported this vulnerability...

6.5CVSS6.6AI score0.10631EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/29 12:0 a.m.20 views

JVN#20355129: niconico App for iOS fails to verify SSL server certificates

niconico App for iOS provided by DWANGO Co., Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

7.4CVSS7.1AI score0.00945EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/05/25 12:0 a.m.20 views

JVN#47662377: Sybase EAServer vulnerable to cross-site scripting

EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/01/13 2:53 a.m.20 views

Aipo vulnerable to SQL injection

Overview Aipo contains SQL injection vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution...

7.5CVSS7.6AI score0.01299EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/08/21 12:0 a.m.20 views

JVN#31723154 LacoodaST from SpaceTag, Inc. session fixation vulnerability

LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user could manipulate the operation with the user's privilege. As a result, disclosure or alteration of...

9.1CVSS6.2AI score0.0133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/23 12:0 a.m.20 views

JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...

4.3CVSS5.9AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/30 12:0 a.m.20 views

JVN#43906021 WEB MART from KENT WEB vulnerable to cross-site scripting

WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected WEB MART 1.61 and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/01/28 12:0 a.m.20 views

JVN#01162446 Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products

Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. For more information, refer to the vendor's website...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/11/09 12:0 a.m.20 views

JVN#99453765 Cross-site scripting vulnerability in updir.php in UPDIR.NET

updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload image files, etc. on the web server and publish and manage the uploaded files. updir.php contains a cross-site scripting vulnerabili...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/10/25 12:0 a.m.20 views

JVN#50495547 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/07/31 12:0 a.m.20 views

JVN#43615794 Yayoi Kaikei improper handling of credential information

Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can obtain the customer number and the phone number to impersonate the user on...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/21 12:0 a.m.20 views

JVN#90438169 RaidenHTTPD cross-site scripting vulnerability

RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on the user's web browser. Solution Update the Software Apply the update provided by the vendor. For more information,...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/12/05 12:0 a.m.20 views

JVN#47272891 Hanako buffer overflow vulnerability

Impact An arbitrary code could be executed on the PCs of Hanako user, if the user opens a specially crafted Hanako file sent by a remote attacker. Solution Products Affected Hanako 2004 Hanako 2005 Hanako 2006 Hanako Viewer 1.0 For more information, refer to the vendor's website...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/10/20 12:0 a.m.20 views

JVN#63999575 NEC MultiWriter 1700C web server authentication bypass vulnerability

Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/04/17 12:0 a.m.20 views

JVN#35274905 FreeStyleWiki cross-site scripting vulnerability

Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected FreeStyleWiki 3.5.10 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/12/20 12:0 a.m.20 views

JVN#87830692 WebNote Clip vulnerable to OS command injection

Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed. Solution Products Affected WebNote Clip 4.1.7 and earlier...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/12/09 12:0 a.m.20 views

JVN#15243167 Problem with referer header handling on mobile phone web browsers

Impact Referer information may be unintendedly sent to a server under certain operating conditions. Solution Products Affected For more information, refer to the vendors' websites...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/07/28 12:0 a.m.20 views

JVN#29273468 QRcode Perl CGI & PHP script vulnerable to denial of service attack

Impact A remote attacker may cause a denial of service DoS attack. Solution Products Affected QRcode Perl/CGI & PHP script ver. 0.50f and earlier including both Perl versions and PHP versions...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/25 2:39 a.m.19 views

Security information for Hitachi Disk Array Systems

Overview CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevati...

8.8CVSS7AI score0.04491EPSS
Exploits8References43
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/13 6:41 a.m.19 views

Android App "Anshin Filter for au" vulnerable to cleartext transmission of sensitive information

Overview Android App "Anshin Filter for au" provided by KDDI CORPORATION contains the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-41281 Impact A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially...

6.3CVSS5.8AI score0.00092EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/11 9:20 a.m.19 views

GROWI vulnerable to path traversal

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-41951 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security Early Warning...

8.6CVSS7.4AI score0.00495EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/20 12:0 a.m.19 views

JVN#76729865: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source(CWE-348) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-53522 Open...

6.9CVSS7.8AI score0.0019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/10 12:0 a.m.19 views

JVN#30641875: Multiple vulnerabilities in BizRobo!

BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to check the...

9.8CVSS7.3AI score0.84362EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/22 12:0 a.m.19 views

JVN#83440451: Multiple Safie products vulnerable to improper server certificate verification

Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the device-specific...

6.8CVSS6.7AI score0.0012EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/18 12:0 a.m.19 views

JVN#87710540: Assimp vulnerable to heap-based buffer overflow

Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Impact An attacker may execute arbitrary code by inputting a specially crafted file into the product. Solution Update the Software Update the software to the latest version according to the...

8.4CVSS8.1AI score0.00281EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/19 12:0 a.m.19 views

JVN#60331535: WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page

WordPress plugin "SiteGuard WP Plugin" provided by EG Secure Solutions Inc. provides a functionality to customize the path to the login page wp-login.php. The plugin implements a measure to avoid redirection from other URLs, but missed to implement a measure to avoid redirection from...

5.3CVSS5.4AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/07 12:0 a.m.19 views

JVN#55045256: Multiple vulnerabilities in "FreeFrom - the nostr client" App

"FreeFrom - the nostr client" App provided by FreeFrom K.K. contains multiple vulnerabilities listed below. Improper verification of cryptographic signature CWE-347 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2024-36277 Reliance on obfuscation or encryption of security-relevan...

5.3CVSS5.2AI score0.00257EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/28 12:0 a.m.19 views

JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast

Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for coejobhoo...

9.8CVSS7.6AI score0.00546EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/24 12:0 a.m.19 views

JVN#56781258: Splunk Config Explorer vulnerable to cross-site scripting

Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the software Update the software to the latest version according to...

6.1CVSS5.8AI score0.00256EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.19 views

JVN#13113728: "EasyRange" may insecurely load executable files

"EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides ...

7.8CVSS7.7AI score0.00188EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.19 views

JVN#86206017: WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery

WordPress Plugin "easy-popup-show" provided by Ari Susanto contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Stop using the plugin The developer...

6.1CVSS6.3AI score0.00231EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/26 7:46 a.m.19 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Open redirect vulnerability in the members' site CWE-601 - CVE-2023-50297 Alfasado Inc. reported these...

6.1CVSS5.9AI score0.00402EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/19 12:0 a.m.19 views

JVN#73178249: Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Update the Software Update the software to the latest...

7.5CVSS7.5AI score0.00343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/14 12:0 a.m.19 views

JVN#36340790: JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor

JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability CWE-359 . Impact A remote attacker may obtain information entered from forms created using the affected product. Solution Update the Software Update to the latest...

7.5CVSS7.4AI score0.00707EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 6:38 a.m.19 views

Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries

Overview PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/25 12:0 a.m.19 views

JVN#26026353: WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting

The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. While the...

6.1CVSS6.1AI score0.01511EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/02 12:0 a.m.19 views

JVN#65668004: Dotclear vulnerable to cross-site scripting

Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Impact If a user views a specially crafted page while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS6AI score0.0121EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/27 12:0 a.m.19 views

JVN#81094176: Android OS may behave as an open resolver

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Impact The Android device may be used in a DNS...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/28 12:0 a.m.19 views

JVN#54775800: FAST/TOOLS vulnerable to improper restriction of XML external entity references

FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Impact When opening a project with a specially crafted XML file, information managed by the product may be disclosed or may become a victim o...

3.2CVSS6.1AI score0.00319EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/01 12:0 a.m.19 views

JVN#64764004: Clipboard contents alteration vulnerability in Sleipnir

Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the...

5.8CVSS6.1AI score0.01007EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/07/31 12:0 a.m.19 views

JVN#80436657 Webservice-DIC yoyaku_v41 vulnerable to command injection

yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution Update the Software Update to the latest version...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.19 views

lv Arbitrary Command Execution Vulnerability

Overview lv contains a vulnerability of reading and running a .lv file in the current directry. Impact An attacker could execute arbitrary command as other users with the privilege of the user running lv. Solution Please refer to the 'Vendor Information' section of this advisory for official...

7.2CVSS7.1AI score0.00442EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/07 12:0 a.m.19 views

JVN#95014590 Zimbra Collaboration Suite script execution vulnerability

Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book, webmail, and other functions. Zimbra Collaboration Suite 4.0.3 and 4.5.6 contain a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact If a us...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/07 12:0 a.m.19 views

JVN#02854109 HttpLogger vulnerable to cross-site scripting

Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. For more information, ref...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/10/12 12:0 a.m.19 views

JVN#71872818 AirStation series and BroadStation series vulnerable to cross-site request forgery

Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery. Impact If the administrator of such a produ...

7.2AI score
Exploits0
Total number of security vulnerabilities5000