Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/11 12:0 a.m.•15 views

JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/07 12:0 a.m.•15 views

JVN#38893575 PC2M cross-site scripting vulnerability

PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/25 12:0 a.m.•15 views

JVN#32981509 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/06 12:0 a.m.•15 views

JVN#01913089 Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal

httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could, without authentication, view files on the server where httpd.pl is installed. This could lead to unintentional...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/04 12:0 a.m.•15 views

JVN#89497739 Meneame cross-site scripting vulnerability

Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker could execute an arbitrary script on the user's web browser. As a result, an attacker could possibly conduc...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/16 12:0 a.m.•15 views

JVN#84646028 open-gorotto cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected open-gorotto 2.0a 04/07/2006 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/28 12:0 a.m.•15 views

JVN#31185550 tDiary arbitrary Ruby script execution vulnerability

Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/06 12:0 a.m.•15 views

JVN#30994815 MyODBC Japanese Conversion Edition denial of service vulnerability

Impact A remote attacker could cause a denial of service condition by sending a certain string in a response to a MySQL database. Solution Products Affected MyODBC Japanese Conversion Edition version 3.51.06, 2.50.29, 2.50.25 Development and maintenance of MyODBC Japanese Conversion Edition has...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/20 12:0 a.m.•15 views

JVN#85996645 NEC MultiWriter 1700C/7500C FTP server vulnerability

Impact A remote attacker could possibly conduct a FTP bounce attack via the printer's FTP server against another host. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC NEC ColorMultiWriter 7500C model number: PR-L7500C For more...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/02 12:0 a.m.•15 views

JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability

Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/09/28 12:0 a.m.•15 views

JVN#82240092 Drupal cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution Products Affected Drupal 4.7.2 and earlier Drupal 4.6.8 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/26 12:0 a.m.•15 views

JVN#76207423 Phorum cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Phorum 5.1.13 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/05/24 12:0 a.m.•15 views

JVN#16558862 RWiki cross-site scripting vulnerability

Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitrary script could then be executed on the user's web browser. Solution Products Affected RWiki/2.1.0pre1 - RWiki/2.1.0...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/01 8:34 a.m.•14 views

Multiple vulnerabilities in ServerView Agents for Windows

Overview ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software. ServerView Agents for Windows contains multiple vulnerabilities listed below. Incorrect permission assignment for critical resource CWE-732 - CVE-2026-27788 Privilege chaining CWE-268 -...

8.5CVSS7.2AI score0.00097EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/25 6:35 a.m.•14 views

NEC Aterm series vulnerable to cross-site scripting (NV26-002)

Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.8CVSS5.8AI score0.00179EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/11 9:20 a.m.•14 views

"Kura Sushi Official App" vulnerable to improper certificate validation

Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...

9.1CVSS7.1AI score0.0016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/11 9:20 a.m.•14 views

libXpm vulnerable to out-of-bounds read

Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/30 8:2 a.m.•14 views

Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...

5.1CVSS6AI score0.00266EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/16 8:18 a.m.•14 views

OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection

Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.6CVSS7.2AI score0.01513EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/31 12:0 a.m.•14 views

JVN#66546573: ZXHN-F660T and ZXHN-F660A use a common credential for all installations

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations(CWE-1391) CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7...

8.8CVSS6.9AI score0.0135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/15 12:0 a.m.•14 views

JVN#06238225: Pgpool-II vulnerable to authentication bypass by primary weakness

Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-46801...

9.8CVSS7AI score0.00791EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/24 12:0 a.m.•14 views

JVN#84627857: i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key

i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.5 CVE-2025-32730 Impact...

6.8CVSS6.7AI score0.0015EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/04 12:0 a.m.•14 views

JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-45841 OS Command Injection CWE-78...

7.5CVSS8AI score0.00904EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/13 12:0 a.m.•14 views

JVN#05136799: WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

"Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update...

4.8CVSS6.1AI score0.0029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/01 5:14 a.m.•14 views

Insecure initial password configuration issue in SEIKO EPSON Web Config

Overview Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings f...

8.1CVSS7AI score0.00811EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•14 views

JVN#05579230: Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software or apply the workaround Update the software to t...

6.5CVSS6.2AI score0.003EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/27 5:26 a.m.•14 views

Multiple vulnerabilities in I-O DATA WN-AX1167GR

Overview WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 OS command injection CWE-78 - CVE-2017-2281 Buffer overflow CWE-119 - CVE-2017-2282 Taizoh Tsukamoto of Mitsu...

8.8CVSS8.2AI score0.00843EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/23 5:38 a.m.•14 views

Installer of Charamin OMP may insecurely load Dynamic Link Libraries

Overview The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.8CVSS7AI score0.00909EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 5:48 a.m.•14 views

a-blog cms vulnerable to cross-site scripting

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/07 12:0 a.m.•14 views

JVN#63901692: Internet Explorer vulnerable to information disclosure

Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Impact If a user opens a specially crafted XML file as a local file, other local files may be disclosed. Solution Upgrade the software Users of Windows 7 and later, Windows Server 2008 R2 and...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/17 12:0 a.m.•14 views

JVN#66596216: WikkaWiki vulnerable to cross-site scripting

WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Product...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•14 views

JVN#63451350: Clipboard contents alteration vulnerability in Internet Explorer

Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard may be leaked or...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/13 12:0 a.m.•14 views

JVN#52846259 JP1/Cm2/Network Node Manager vulnerable to cross-site scripting

Hitachi JP1/Cm2/Network Node Manager NNM is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/06 12:0 a.m.•14 views

JVN#75899905 Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request. Impact An attacker may be able to view CGI source co...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/20 12:0 a.m.•14 views

JVN#34058672 Nessus report function vulnerable to arbitrary script execution

Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/25 12:0 a.m.•14 views

JVN#05187780 Hiki arbitrary file deletion vulnerability

Hiki contains a vulnerability that allows an arbitrary file to be deleted on a server running Hiki. This is caused by the improper handling of a session management file. Impact A remote attacker may be able to delete arbitrary files with the privilege of the user running Hiki. Solution Upgrade th...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/09 12:0 a.m.•14 views

JVN#84430861 Sage vulnerable to arbitrary script execution

Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/29 12:0 a.m.•14 views

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/26 12:0 a.m.•14 views

JVN#64354801 b2evolution cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•14 views

JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting

Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•14 views

JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability

Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/24 12:0 a.m.•14 views

JVN#57280612 phpComasy cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected phpComasy 0.7.9-pre and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/14 12:0 a.m.•14 views

JVN#84656399 Nucleus cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Nucleus v3.23 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/24 12:0 a.m.•14 views

JVN#07235355 desknet's buffer overflow vulnerability

Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution Products Affected version V4.5J R2.4 and earlier For more information, refer to the vendor's websites...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/23 12:0 a.m.•14 views

JVN#11048526 mail f/w system vulnerable to allow unauthorized email transmissionk

Impact A remote attacker may exploit this vulnerability to send unsolicited mails to arbitrary email addresses. Solution Products Affected mail f/w system 8.2 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/12 12:0 a.m.•14 views

JVN#76686161: ServerView cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/11 12:0 a.m.•14 views

JVN#83768862 Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox

Impact An attacker could force programs to crash. Solution Products Affected Ruby 1.8.4-20060328 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/19 12:0 a.m.•14 views

JVN#84091359 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution Products Affected Trac 0.94 and earlier versions of 0.9 series Trac-ja 0.94 and earlier versions of 0.9 series...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/27 12:0 a.m.•14 views

JVN#93004125 BBSNote cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Solution Products Affected BBSNote V8.00b15 to V8.00b18...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/13 12:0 a.m.•14 views

JVN#15972537 Fujitsu Java Runtime Environment reflection API vulnerability

Impact If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet. Solution Products Affected For more information, refer to the vendor's website...

8AI score
Exploits0
Total number of security vulnerabilities5000