Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/12 5:34 a.m.•18 views

Backdoor access issue in Wi-Fi STATION L-02F

Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC...

10CVSS7.4AI score0.02846EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 12:0 a.m.•18 views

JVN#20459920: Microsoft Office discloses a file path of a local file

When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Impact An attacker may obtain information about the file system or the user name through Office documents. Solution Upgrade the Software Upgrade to the...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/27 12:0 a.m.•18 views

JVN#81094176: Android OS may behave as an open resolver

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Impact The Android device may be used in a DNS...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/19 12:0 a.m.•18 views

JVN#62507275: Multiple broadband routers may behave as open resolvers

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. Impact The device may be used in a DNS amplification attack and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/22 12:0 a.m.•18 views

JVN#34729123 Explzh buffer overflow vulnerability

Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Impact When processing a specially crafted LHA file, a remote attacker may be able to execute arbitrary code. Solution Update...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/01/06 12:0 a.m.•18 views

JVN#09872874 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/12 12:0 a.m.•18 views

JVN#71872818 AirStation series and BroadStation series vulnerable to cross-site request forgery

Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery. Impact If the administrator of such a produ...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/27 12:0 a.m.•18 views

JVN#38199598 Mayaa cross-site scripting vulnerability

Mayaa from the Seasar Project is an open source Java template engine. A cross-site scripting vulnerability exists in Mayaa. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. For more information, ref...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/16 12:0 a.m.•18 views

JVN#62334841 Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability

Impact A remote attacker could access files on the server on which Shihonkanri Plus Ver2 GOOUT is installed without authentication. This could lead to unintentional disclosure of file contents. Solution Products Affected Shihonkanri Plus Ver2 GOOUT Ver2.1.7 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/28 12:0 a.m.•18 views

JVN#79484135 Joomla! cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.8 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/22 12:0 a.m.•18 views

JVN#46630603 MDPro cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MDPro version 1.0.76 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/16 12:0 a.m.•18 views

JVN#01137722 Owl cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution Products Affected Owl version 0.90 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/03 12:0 a.m.•18 views

JVN#98836916 Wiki clone products vulnerable to denial of service attacks

Impact A remote attacker could execute a DoS denial of service attack. Solution Products Affected For more information, refer to the vendors' websites...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/26 12:0 a.m.•18 views

JVN#39188922 dotProject cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/05/24 12:0 a.m.•18 views

JVN#46691257 RWiki arbitrary Ruby script execution vulnerability

Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution Products Affected RWiki/2.1.0pre2 and all earlier versions...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/02/03 12:0 a.m.•18 views

JVN#41550845 Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Impact A remote attacker may view or modify the database contents. Solution Products Affected Nagasaki Electronic Prefectural Office System's annual leave management system Nagasaki Electronic Prefectural Office System's staff directry system Nagasaki Electronic Prefectural Office System's docume...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/27 6:9 a.m.•17 views

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865,...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/02 12:0 a.m.•17 views

JVN#17260367: Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products

HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below. Improper Restriction of Rendered UI Layers or Frames CWE-1021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-24310 Allocation of Resources...

6.5CVSS7.5AI score0.00575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/28 12:0 a.m.•17 views

JVN#66982699: a-blog cms vulnerable to untrusted data deserialization

a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. Impact Processing a specially crafted request may store arbitrary files on...

7.5CVSS7AI score0.00474EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/29 12:0 a.m.•17 views

JVN#23839833: SXF Common Library vulnerable to improper input data handling

SXF Common Library provided by General Incorporated Association OCF is vulnerable to improper input data handling CWE-237. Impact If a product using the library reads a crafted file, the product may be crashed. Solution Apply the workaround Applying the following workaround may mitigate the impac...

3.3CVSS6.9AI score0.00153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 12:0 a.m.•17 views

JVN#57749899: The installer of e-Tax software(common program) vulnerable to privilege escalation

The installer of e-Tax softwarecommon program provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry CWE-268. Impact A malicious DLL prepared by an attacker may be...

7.8CVSS7.5AI score0.00148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/24 12:0 a.m.•17 views

JVN#81966868: Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Base Score 7.1 CVE-2024-45372 Cross-site scripting vulnerability in the web...

6.5CVSS6.8AI score0.00243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/15 12:38 a.m.•17 views

EL Injection Vulnerability in Hitachi Tuning Manager

Overview An EL Injection Vulnerability exists in Hitachi Tuning Manager. CVE-2024-5828:EL Injection Vulnerability in Hitachi Tuning Manager Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information'...

9.8CVSS7.1AI score0.00365EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 12:0 a.m.•17 views

JVN#26734798: FFRI AMC vulnerable to OS command injection

FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure χ. FFRI AMC contains an OS command injection vulnerability CWE-78. It is exploitable when the notification program setting is enabled, the executable file path is configured...

6.4CVSS6.7AI score0.00465EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/10 12:0 a.m.•17 views

JVN#14294633: Out-of-bounds write vulnerability in Ricoh MFPs and printers

MFPs and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability CWE-787. Impact If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...

8.2CVSS8AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 5:36 a.m.•17 views

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview Sharp and Toshiba Tec MFPs multifunction printers contain multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2024-28038 Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28955 Cleartext Storage of Sensitive Information CWE-312 -...

9.1CVSS7AI score0.45142EPSS
Exploits2References28
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 12:0 a.m.•17 views

JVN#63567545: Group Office vulnerable to cross-site scripting

Group Office provided by Intermesh BV contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the Application Update the application to the latest version according to...

5.4CVSS5.2AI score0.00618EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/08 4:45 a.m.•17 views

WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery

Overview WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Koken Tokuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University. reported this vulnerability to...

8.8CVSS6.6AI score0.00871EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 5:26 a.m.•17 views

H2O use-after-free vulnerability

Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated...

9.1CVSS6.9AI score0.02184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/01/25 12:0 a.m.•17 views

JVN#24343509: WebSphere Application Server (WAS) vulnerable to cross-site scripting

WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the develope...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/30 12:0 a.m.•17 views

JVN#90389651: Multiple web browsers vulnerable in processing Tranfer-Encoding header

Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server. Impact An arbitrary script may be executed on the user's web...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 12:0 a.m.•17 views

JVN#44439553: WordPress Japanese vulnerable to cross-site scripting

WordPress provided by WordPress.Org is a weblog system. WordPress Japanese contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/07 9:19 a.m.•17 views

OTRS vulnerable to OS command injection

Overview OTRS contains an OS command injection vulnerability. OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.5CVSS7.3AI score0.03001EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/01/14 12:0 a.m.•17 views

JVN#50837839 Oracle Application Server vulnerable to cross-site scripting

Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/10/02 12:0 a.m.•17 views

JVN#84396512 SugarCRM vulnerable to cross-site scripting

SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Impact If a user views a malicious page and clicks the print icon while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/09/17 12:0 a.m.•17 views

JVN#39157969 Third-party cookie issue in Opera

Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera. Impact A remote attacker may be able to trace an user's...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/07/29 12:0 a.m.•17 views

JVN#59748723 MySQL Connector/J vulnerable to SQL injection

MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Impact A remote attacker could obtain and modify contents in the database. Solution Update the Software...

7.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/05/13 12:0 a.m.•17 views

JVN#73653977 Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting

Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/04/28 12:0 a.m.•17 views

JVN#74468481 Lhaplus buffer overflow vulnerability

Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user. This vulnerability is different from...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/27 12:0 a.m.•17 views

JVN#58803701 DesignForm cross-site scripting vulnerability

DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/07 12:0 a.m.•17 views

JVN#10606373 BFup ActiveX Control buffer overflow vulnerability

BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability. According to the developer of BFup ActiveX Control, this vulnerability only exists in BFup ActiveX Control developed by the...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/21 12:0 a.m.•17 views

JVN#54593414 Cross-site scripting vulnerability in multiple Tor World CGI scripts

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/01/07 12:0 a.m.•17 views

JVN#08237857 Multiple JustSystems products vulnerable to buffer overflow

Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Impact If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/25 12:0 a.m.•17 views

JVN#44736880 WinAce buffer overflow vulnerability

WinAce provided by e-merge GmbH is software to compress and decompress files in multiple types of compression format. WinAce is vulnerable to buffer overflow. When WinAce decompresses a specially crafted file, this vulnerability can be exploited to execute arbitrary code with the privilege of the...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•17 views

JVN#90712589 Multiple Cybozu products vulnerable to cross-site scripting

Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/13 12:0 a.m.•17 views

JVN#65427327 Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/05 12:0 a.m.•17 views

JVN#61323184 PowerArchiver buffer overflow vulnerability

PowerArchiver, file compression/decompression software from ConeXware, Inc. supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, an attacker could execute arbitrary code with the privileges of the user. Impact An attacke...

9.3CVSS7.5AI score0.04756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/07 12:0 a.m.•17 views

JVN#35677737 Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files

Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools. Impact A remote attacker could use hidden folders for unintended...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/03 12:0 a.m.•17 views

JVN#43091983 Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Ver 1.1.0 and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/14 12:0 a.m.•17 views

JVN#63602912 dotProject cross-site scripting vulnerability

This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, session hijacking could be conducted. Solution Update the Software The developer has released dotProject version 2...

6.9AI score
Exploits0
Total number of security vulnerabilities5000