Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/07 12:0 a.m.17 views

JVN#10606373 BFup ActiveX Control buffer overflow vulnerability

BFup ActiveX Control is developed by an individual that provides file upload and download functionality. BFup ActiveX Control contains a buffer overflow vulnerability. According to the developer of BFup ActiveX Control, this vulnerability only exists in BFup ActiveX Control developed by the...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/02/21 12:0 a.m.17 views

JVN#54593414 Cross-site scripting vulnerability in multiple Tor World CGI scripts

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/01/07 12:0 a.m.17 views

JVN#08237857 Multiple JustSystems products vulnerable to buffer overflow

Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Impact If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/25 12:0 a.m.17 views

JVN#44736880 WinAce buffer overflow vulnerability

WinAce provided by e-merge GmbH is software to compress and decompress files in multiple types of compression format. WinAce is vulnerable to buffer overflow. When WinAce decompresses a specially crafted file, this vulnerability can be exploited to execute arbitrary code with the privilege of the...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/11 12:0 a.m.17 views

JVN#90712589 Multiple Cybozu products vulnerable to cross-site scripting

Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/11/13 12:0 a.m.17 views

JVN#65427327 Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/10/05 12:0 a.m.17 views

JVN#61323184 PowerArchiver buffer overflow vulnerability

PowerArchiver, file compression/decompression software from ConeXware, Inc. supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user opens a specially crafted file, an attacker could execute arbitrary code with the privileges of the user. Impact An attacke...

9.3CVSS7.5AI score0.04756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/09/07 12:0 a.m.17 views

JVN#35677737 Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files

Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools. Impact A remote attacker could use hidden folders for unintended...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/09/03 12:0 a.m.17 views

JVN#43091983 Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Ver 1.1.0 and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/14 12:0 a.m.17 views

JVN#63602912 dotProject cross-site scripting vulnerability

This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, session hijacking could be conducted. Solution Update the Software The developer has released dotProject version 2...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/05/16 12:0 a.m.17 views

JVN#81294906 Homepage Builder sample CGI programs vulnerable to OS command injection

Among sample CGI programs included in Homepage Builder, anketo.cgi, kansou.cgi, and order.cgi contain an OS command injection vulnerability as they do not properly validate input data. Impact An arbitrary command could be executed on the web server with the privilege of the web server process...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/03/29 12:0 a.m.17 views

JVN#73258608 CruiseWorks and Minna De Office vulnerable in access restrictions

Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information registered. Solution Products Affected CruiseWorks 1.09e and earlier Minna De Office version 1.xx and 2.xx For more information, refer to the vendor...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/03/12 12:0 a.m.17 views

JVN#80126589 CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables

Impact When CCC cleaner scans a malicious UPX-packed executable file, CCC cleaner or the system itself may crash. Solution Products Affected CCC Cleaner CCC pattern Ver:321 and earlier For more information, refer to the vendor's website...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/26 12:0 a.m.17 views

JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/18 12:0 a.m.17 views

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/08/14 12:0 a.m.17 views

JVN#27428836 04WebServer directory traversal vulnerability

Impact A remote attacker could bypass a user authentication and view server files. Solution Products Affected v1.83 and earlier...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/07/18 12:0 a.m.17 views

JVN#92975133 Loudblog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session hijacking. Solution Products Affected Loudblog 0.44 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/07/06 12:0 a.m.17 views

JVN#44846612 ATutor cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution Products Affected ATutor 1.5.3 RC2 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/04/13 12:0 a.m.17 views

JVN#10222000 QUICK CART OS command injection vulnerability

Impact A remote attacker could execute arbitrary operating system commands on a server running QUICK CART. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...

8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/02/28 12:0 a.m.17 views

JVN#65542239 Hyper NIKKI System allows unauthorized email submission

Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails. Solution Products Affected hns-2.19.6 hns-lite-2.19.6 and earlier On March 8 2006, the vend...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/07/13 12:0 a.m.17 views

JVN#93926203 Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate

Impact Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 JST on July 28, 2005. Java applications using JCE 1.2.1 may not start after 6:43 JST, +0900 on July 28, 2005. Solution Products Affected Java applications using Sun's JCE 1.2.1...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/05/12 12:0 a.m.17 views

JVN#74012178 Movable Type session management vulnerability

Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution Products Affected Movable Type 3.151-ja and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/05 5:5 a.m.16 views

Multiple TP-Link products vulnerable to cleartext transmission of sensitive information

Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS5.4AI score0.00097EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/22 6:45 a.m.16 views

DeepL Chrome browser extension vulnerable to cross-site scripting

Overview DeepL Chrome browser extension contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-40451 This vulnerability was reported by the researchers below and JPCERT/CC coordinated with the developer. Junki Yuasa of Cybozu, Inc. reported this vulnerability to JPCERT/CC...

6.1CVSS6.2AI score0.00168EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/01 12:0 a.m.16 views

JVN#87266215: WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization

WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Impact Arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. Solution Update the plugin Update the plug...

8.8CVSS6.9AI score0.0043EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/11/15 12:0 a.m.16 views

JVN#36791327: Multiple vulnerabilities in FitNesse

FitNesse provided by unclebob contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-39610 Path traversal CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3 CVE-2024-42499 Impact An arbitrary...

6.1CVSS5.7AI score0.00649EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/29 12:0 a.m.16 views

JVN#08342147: WindLDR and WindO/I-NV4 store sensitive information in cleartext

PLC programming software "WindLDR" and Operator Interfaces' Touchscreen Programming Software "WindO/I-NV4" provided by IDEC Corporation store sensitive information in cleartext form CWE-312. Impact An attacker who obtained the product's project file may obtain user credentials of the PLC or...

8.1CVSS8AI score0.00447EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/26 12:0 a.m.16 views

JVN#02030803: ORC vulnerable to stack-based buffer overflow

ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Impact If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on t...

7CVSS7AI score0.00379EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/19 12:0 a.m.16 views

JVN#37818611: "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

"ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to acce...

4.3CVSS4.6AI score0.00289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/17 6:21 a.m.16 views

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

9.8CVSS7.5AI score0.26811EPSS
Exploits2References65
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/30 12:0 a.m.16 views

JVN#80506242: awkblog vulnerable to OS command injection

awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product...

9.8CVSS9.7AI score0.01571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/23 12:0 a.m.16 views

JVN#40079147: TvRock vulnerable to denial-of-service (DoS)

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. Impact Receiving a specially crafted request by a remote attacker or having a user of TVRock cli...

4.3CVSS6.6AI score0.00611EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.16 views

JVN#40523785: Mini Thread vulnerable to cross-site scripting

Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...

5.4CVSS6.2AI score0.00293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/30 12:0 a.m.16 views

JVN#48135658: Multiple routers contain issue in preventing clickjacking attacks

Multiple router products contain an issue in the protection against clickjacking attacks. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Apply a solution Solutions vary depending on the product. Apply the appropriate solution according to...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/08/19 12:0 a.m.16 views

JVN#06924191: Microsoft Windows XP vulnerable to denial-of-service (DoS)

Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service DoS. Impact An attacker that can view the TCP communication of its target may cause a denial-of-service DoS. Solution Apply a workaround The following workaround may mitigate the affects of...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/07/08 12:0 a.m.16 views

JVN#51325625: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Upgrade to the latest version according to the...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/10/15 12:0 a.m.16 views

JVN#23108985: Multiple Cybozu products vulnerable to cross-site scripting

Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/04/04 12:0 a.m.16 views

JVN#21563357 Mozilla Firefox cross-site scripting vulnerability

Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard. Impact An arbitrary script may be executed on the user's web browser. Solution...

5.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/11 12:0 a.m.16 views

JVN#50342989 Multiple Cybozu products vulnerable to cross-site scripting

Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/11/21 12:0 a.m.16 views

JVN#55833292 FileMaker cross-site scripting vulnerability

FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web. Impact An attacker could execute an arbitrary script on the web browser of a user who...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/10/25 12:0 a.m.16 views

JVN#29211062 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/01 12:0 a.m.16 views

JVN#19240523 HP System Management Homepage cross-site scripting vulnerability

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/04/19 12:0 a.m.16 views

JVN#06735665 Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Impact An arbitrary script may be executed in the camera server management screen. Solution Products Affected VB100 and VB101 firmware Ver. 3.0 Rev.69 and earlier VB150 firmware Ver. 1.1 Rev.39 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/09/28 12:0 a.m.16 views

JVN#82240092 Drupal cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution Products Affected Drupal 4.7.2 and earlier Drupal 4.6.8 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/08/28 12:0 a.m.16 views

JVN#31125599 Cybozu Office 6 information disclosure vulnerability

Impact A remote attacker could obtain information on registered users and groups. Solution Products Affected Cybozu Office 6 6.51.2 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/06/26 12:0 a.m.16 views

JVN#76207423 Phorum cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Phorum 5.1.13 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/06/09 12:0 a.m.16 views

JVN#39570254 CGI RESCUE WebFORM allows unauthorized email transmission

Impact A remote attacker may send emails to arbitrary addresses. Solution Products Affected WebFORM 4.1 and earlier According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/06/02 12:0 a.m.16 views

JVN#62734622 Mozilla Firefox vulnerable to HTTP response splitting

Impact If an user accesses a malicious web page, an attacker could inject scripts into HTTP responses from the other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/05/24 12:0 a.m.16 views

JVN#16558862 RWiki cross-site scripting vulnerability

Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitrary script could then be executed on the user's web browser. Solution Products Affected RWiki/2.1.0pre1 - RWiki/2.1.0...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/09/01 12:0 a.m.16 views

JVN#97422426 Hyper NIKKI System cross-site request forgery vulnerability

Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers including weblog administrato...

6.2AI score
Exploits0
Total number of security vulnerabilities5000