Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.19 views

JVN#86206017: WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery

WordPress Plugin "easy-popup-show" provided by Ari Susanto contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Stop using the plugin The developer...

6.1CVSS6.3AI score0.00231EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.19 views

JVN#13113728: "EasyRange" may insecurely load executable files

"EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides ...

7.8CVSS7.7AI score0.00188EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/26 7:46 a.m.19 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Open redirect vulnerability in the members' site CWE-601 - CVE-2023-50297 Alfasado Inc. reported these...

6.1CVSS5.9AI score0.00402EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/19 12:0 a.m.19 views

JVN#73178249: Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Update the Software Update the software to the latest...

7.5CVSS7.5AI score0.00343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/14 12:0 a.m.19 views

JVN#36340790: JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor

JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability CWE-359 . Impact A remote attacker may obtain information entered from forms created using the affected product. Solution Update the Software Update to the latest...

7.5CVSS7.4AI score0.00707EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 6:38 a.m.19 views

Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries

Overview PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/06 5:54 a.m.19 views

WordPress plugin "Multi Feed Reader" vulnerable to SQL injection

Overview The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability CWE-89. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker who...

8.8CVSS7.8AI score0.01617EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/25 12:0 a.m.19 views

JVN#26026353: WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting

The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. While the...

6.1CVSS6.1AI score0.01511EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/02 12:0 a.m.19 views

JVN#65668004: Dotclear vulnerable to cross-site scripting

Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Impact If a user views a specially crafted page while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS6AI score0.0121EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/27 12:0 a.m.19 views

JVN#81094176: Android OS may behave as an open resolver

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Impact The Android device may be used in a DNS...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/11/28 12:0 a.m.19 views

JVN#54775800: FAST/TOOLS vulnerable to improper restriction of XML external entity references

FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Impact When opening a project with a specially crafted XML file, information managed by the product may be disclosed or may become a victim o...

3.2CVSS6.1AI score0.00319EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/01 12:0 a.m.19 views

JVN#64764004: Clipboard contents alteration vulnerability in Sleipnir

Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the...

5.8CVSS6.1AI score0.01007EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/07/31 12:0 a.m.19 views

JVN#80436657 Webservice-DIC yoyaku_v41 vulnerable to command injection

yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution Update the Software Update to the latest version...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.19 views

lv Arbitrary Command Execution Vulnerability

Overview lv contains a vulnerability of reading and running a .lv file in the current directry. Impact An attacker could execute arbitrary command as other users with the privilege of the user running lv. Solution Please refer to the 'Vendor Information' section of this advisory for official...

7.2CVSS7.1AI score0.00442EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/07 12:0 a.m.19 views

JVN#95014590 Zimbra Collaboration Suite script execution vulnerability

Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book, webmail, and other functions. Zimbra Collaboration Suite 4.0.3 and 4.5.6 contain a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact If a us...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/07 12:0 a.m.19 views

JVN#02854109 HttpLogger vulnerable to cross-site scripting

Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. For more information, ref...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/10/12 12:0 a.m.19 views

JVN#71872818 AirStation series and BroadStation series vulnerable to cross-site request forgery

Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery. Impact If the administrator of such a produ...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/03/30 12:0 a.m.19 views

JVN#08951968 MailDwarf vulnerability allows unauthorized sending of emails

Impact A remote attacker may be able to send unsolicited mails to arbitrary email addresses. Solution Products Affected MailDwarf ver3.01 or earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/29 12:0 a.m.19 views

JVN#21125043 Blogn cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Blogn v1.9.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/09/28 12:0 a.m.19 views

JVN#79484135 Joomla! cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.8 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/09/22 12:0 a.m.19 views

JVN#46630603 MDPro cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MDPro version 1.0.76 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/08/16 12:0 a.m.19 views

JVN#01137722 Owl cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution Products Affected Owl version 0.90 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/07/18 12:0 a.m.19 views

JVN#92975133 Loudblog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session hijacking. Solution Products Affected Loudblog 0.44 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/07/03 12:0 a.m.19 views

JVN#98836916 Wiki clone products vulnerable to denial of service attacks

Impact A remote attacker could execute a DoS denial of service attack. Solution Products Affected For more information, refer to the vendors' websites...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/06/26 12:0 a.m.19 views

JVN#39188922 dotProject cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/05/09 12:0 a.m.19 views

JVN#84775942 Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling

Impact Actual impact could differ depending on the email clients though, an attacker coulld possibly forge a file name or a email client could handle a file inappropriately which may result in a file being overwritten or an arbitray file being created and saved in an arbitrary directory. Solution...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/05 5:5 a.m.18 views

Multiple TP-Link products vulnerable to cleartext transmission of sensitive information

Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS5.4AI score0.00097EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/27 6:9 a.m.18 views

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865,...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/20 6:21 a.m.18 views

Movable Type vulnerable to missing authorization

Overview Movable Type provided by Six Apart Ltd. contains the following vulnerability. Missing authorization CWE-862 - CVE-2026-44392 Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/13 6:41 a.m.18 views

Bytello Share (Windows Edition) installer executable insecurely loads Dynamic Link Libraries

Overview GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability. Stack-based buffer overflow in pop3wallpasswd command CWE-121 - CVE-2026-32661 The developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite...

9.8CVSS7.5AI score0.00472EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/12 5:4 a.m.18 views

Canon Production Printers and Office Multifunction Printers vulnerable to information disclosure

Overview Canon Production Printers and Office Multifunction Printers contain the following vulnerability. Reliance on untrusted inputs in a security decision CWE-807 - CVE-2026-1789 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an...

6.9CVSS5.8AI score0.00294EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/02 12:0 a.m.18 views

JVN#17260367: Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products

HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below. Improper Restriction of Rendered UI Layers or Frames CWE-1021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-24310 Allocation of Resources...

6.5CVSS7.5AI score0.00575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/28 12:0 a.m.18 views

JVN#66982699: a-blog cms vulnerable to untrusted data deserialization

a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. Impact Processing a specially crafted request may store arbitrary files on...

7.5CVSS7AI score0.00474EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/02/13 12:0 a.m.18 views

JVN#80527854: Multiple vulnerabilities in FileMegane

FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L Base Score 7.2 CVE-2025-20075 Authentication Bypass by Spoofing(CWE-290) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A...

7.2CVSS7.4AI score0.00332EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/30 12:0 a.m.18 views

JVN#29238389: IPCOM vulnerable to information disclosure

SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Impact Some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication...

7.5CVSS7.2AI score0.00427EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/15 12:0 a.m.18 views

JVN#51135247: Pleasanter vulnerable to cross-site scripting

Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. Solution Update t...

6.1CVSS5.9AI score0.00355EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/08 4:45 a.m.18 views

WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery

Overview WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Koken Tokuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University. reported this vulnerability to...

8.8CVSS6.6AI score0.00871EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/09/12 5:34 a.m.18 views

Backdoor access issue in Wi-Fi STATION L-02F

Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC...

10CVSS7.4AI score0.02846EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/08/12 12:0 a.m.18 views

JVN#20459920: Microsoft Office discloses a file path of a local file

When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Impact An attacker may obtain information about the file system or the user name through Office documents. Solution Upgrade the Software Upgrade to the...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/09/19 12:0 a.m.18 views

JVN#62507275: Multiple broadband routers may behave as open resolvers

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. Impact The device may be used in a DNS amplification attack and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/06/22 12:0 a.m.18 views

JVN#34729123 Explzh buffer overflow vulnerability

Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Impact When processing a specially crafted LHA file, a remote attacker may be able to execute arbitrary code. Solution Update...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/01/06 12:0 a.m.18 views

JVN#09872874 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/04/28 12:0 a.m.18 views

JVN#74468481 Lhaplus buffer overflow vulnerability

Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/27 12:0 a.m.18 views

JVN#58803701 DesignForm cross-site scripting vulnerability

DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/08/27 12:0 a.m.18 views

JVN#38199598 Mayaa cross-site scripting vulnerability

Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. For more information, ref...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/04/16 12:0 a.m.18 views

JVN#62334841 Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability

Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOUT is installed without authentication. This could lead to unintentional disclosure of file contents. Solution Products Affected Shihonkanri Plus Ver2 GOOUT Ver2.1.7 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/26 12:0 a.m.18 views

JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/05/24 12:0 a.m.18 views

JVN#46691257 RWiki arbitrary Ruby script execution vulnerability

Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution Products Affected RWiki/2.1.0pre2 and all earlier versions...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/02/03 12:0 a.m.18 views

JVN#41550845 Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Impact A remote attacker may view or modify the database contents. Solution Products Affected Nagasaki Electronic Prefectural Office System's annual leave management system Nagasaki Electronic Prefectural Office System's staff directry system Nagasaki Electronic Prefectural Office System's docume...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/11 9:20 a.m.17 views

Lhaz and Lhaz+ vulnerable to path traversal

Overview Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerability. Path traversal CWE-22 - CVE-2026-41530 RyotaK of GMO Flatt Security Inc. and Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.6CVSS5.8AI score0.0015EPSS
Exploits0References5
Total number of security vulnerabilities5000