Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•14 views

JVN#05579230: Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software or apply the workaround Update the software to t...

6.5CVSS6.2AI score0.003EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•14 views

JVN#98126322: Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met. An attacker can place a specific file into the system The attacker can execute a specific API from the...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•14 views

JVN#63451350: Clipboard contents alteration vulnerability in Internet Explorer

Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard may be leaked or...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/13 12:0 a.m.•14 views

JVN#52846259 JP1/Cm2/Network Node Manager vulnerable to cross-site scripting

Hitachi JP1/Cm2/Network Node Manager NNM is software that helps a network administrator manage network configurations, faults, and other elements. Hitachi NNM is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/06 12:0 a.m.•14 views

JVN#75899905 Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request. Impact An attacker may be able to view CGI source co...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/20 12:0 a.m.•14 views

JVN#34058672 Nessus report function vulnerable to arbitrary script execution

Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/16 12:0 a.m.•14 views

JVN#84746611 Ariel AirOne series cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Ariel AirOne ProjectA v4.6.1 Ariel MultiScheduler v4.6.3 For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/29 12:0 a.m.•14 views

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•14 views

JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting

Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•14 views

JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability

Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/04 12:0 a.m.•14 views

JVN#38746816 TikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected TikiWiki version 1.9.5 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/23 12:0 a.m.•14 views

JVN#11048526 mail f/w system vulnerable to allow unauthorized email transmissionk

Impact A remote attacker may exploit this vulnerability to send unsolicited mails to arbitrary email addresses. Solution Products Affected mail f/w system 8.2 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/12 12:0 a.m.•14 views

JVN#76686161: ServerView cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/11 12:0 a.m.•14 views

JVN#83768862 Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox

Impact An attacker could force programs to crash. Solution Products Affected Ruby 1.8.4-20060328 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/05 12:0 a.m.•14 views

JVN#97636431 dotProject cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.2 and earlier As of June 5, 2006, it is confirmed that Internet Explorer is affecte...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/10 12:0 a.m.•14 views

JVN#78363061 CAFEMILK Shopping Cart CGI cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked. Solution Products Affected CAFEMILK SHOPPING CART version 3.80 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/27 12:0 a.m.•14 views

JVN#93004125 BBSNote cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Solution Products Affected BBSNote V8.00b15 to V8.00b18...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/13 12:0 a.m.•14 views

JVN#15972537 Fujitsu Java Runtime Environment reflection API vulnerability

Impact If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet. Solution Products Affected For more information, refer to the vendor's website...

8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/09/30 12:0 a.m.•14 views

JVN#76659792 WirelessIP5000 has multiple vulnerabilities

Impact These vulnerabilities may allow an attacker to conduct the following attacks: Illegal information collection Change of the configuration using SNMP protocol, web browsers, etc. Denial of service DoS attacks using information which the HTTP server provides Impersonation and information...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/08/29 12:0 a.m.•14 views

JVN#42435855 FreeStyleWiki command injection vulnerability

Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution Products Affected FreeStyleWiki 3.5.8 and earlier...

8.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/03 5:10 a.m.•13 views

WordPress Plugin "Zoho Mail for WordPress" vulnerable to cross-site request forgery

Overview WordPress Plugin "Zoho Mail for WordPress" provided by Zoho Corporation contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2026-8174 Norio Abe reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.7CVSS5.4AI score0.00371EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/27 6:9 a.m.•13 views

Multiple Vulnerabilities in Cosminexus

Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282 Impact Regarding the impact of the vulnerabilit...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 7:15 a.m.•13 views

Multiple vulnerabilities in MATCHA series

Overview MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2026-24913 Cross-site scripting CWE-79 - CVE-2026-27787 Unrestricted upload of file with dangerous typeCWE-434 - CVE-2026-33273 CVE-2026-24913, CVE-2026-27787 Kenta...

8.8CVSS6.5AI score0.00301EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 9:0 a.m.•13 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-30879 OS command injection CWE-78 - CVE-2026-30880 SQL injection CWE-89 - CVE-2026-27697 Cross-site scripting CWE-79 - CVE-2026-32734 CVE-2026-30879 Gai...

9.8CVSS6AI score0.02059EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/20 9:35 a.m.•13 views

Security information for Hitachi Disk Array Systems

Overview CVE-2023-31096 | MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability CVE-2024-55414 | Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability CVE-2026-20804 | Windows Hello Tampering Vulnerability CVE-2026-20805 | Desktop Window...

9.8CVSS5.8AI score0.1911EPSS
Exploits7References74
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/21 3:11 a.m.•13 views

Security information for Hitachi Disk Array Systems

Overview CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2025-59517 | Windows Storage VSP Driver Elevation of...

8.8CVSS5.7AI score0.02383EPSS
Exploits7References30
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/05 7:52 a.m.•13 views

Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6.6AI score0.00094EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/27 12:0 a.m.•13 views

JVN#99577552: Multiple vulnerabilities in SS1

SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength(CWE-326) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5 CVE-2025-46409 Files or...

9.8CVSS8.2AI score0.00575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/03 12:0 a.m.•13 views

JVN#37075430: TimeWorks vulnerable to path traversal

The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3 CVE-2025-41428 Impact Arbitra...

6.9CVSS7.1AI score0.00574EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/25 12:0 a.m.•13 views

JVN#26321838: Multiple vulnerabilities in AssetView

AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Base Score 8.2 CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201...

8.2CVSS7.3AI score0.00482EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/29 12:0 a.m.•13 views

JVN#43845108: Multiple FCNT Android devices vulnerable to authentication bypass

Multiple FCNT Android devices provide security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. The devices contain an authentication bypass vulnerability CWE-306, where, under certain conditions, the setting pages may be accessed without...

3.1CVSS7.3AI score0.00205EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 12:0 a.m.•13 views

JVN#31982676: MUSASI version 3 performing authentication on client-side

MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This behavior...

7.5CVSS7.2AI score0.00425EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/10 12:0 a.m.•13 views

JVN#54676967: baserCMS plugin "BurgerEditor" vulnerable to directory listing

baserCMS plugin "BurgerEditor" provided by D-ZERO CO.,LTD. contains a directory listing vulnerability CWE-548, CVE-2024-44807. If accessing a URL of the web site using the plugin that has a specific string added to the end, a list of uploaded files may be obtained. In addition, the uploaded file...

5.3CVSS6.9AI score0.00474EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 12:0 a.m.•13 views

JVN#48324254: EC-CUBE 4 Series improper input validation when installing plugins

EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. Impact An attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some...

7.2CVSS7.1AI score0.00267EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/23 12:0 a.m.•13 views

JVN#24683352: TvRock vulnerable to cross-site request forgery

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. Impact If a logged-in user of TVRock accesses a specially crafted page, unintended operatio...

4.3CVSS4.6AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/17 12:0 a.m.•13 views

JVN#14492006: API server of TONE Family vulnerable to authentication bypass using an alternate path

API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path CWE-288. Impact A remote unauthenticated attacker may login to the management console of the affected service by using E-mail address required when logging into...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/08/29 6:57 a.m.•13 views

Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

Overview Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

7.8CVSS7.1AI score0.0021EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/25 5:0 a.m.•13 views

MQTT.js issue in handling PUBLISH packets

Overview MQTT.js is a client library for MQTT. MQTT.js contains an issue in handling PUBLISH packets sent from an MQTT Broker. Masataka Sakaguchi, Bintatsu Noda and Hisashi Kojima of Fujitsu Laboratories Ltd.reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.5CVSS6.9AI score0.02214EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 4:34 a.m.•13 views

smalruby-editor vulnerable to OS command injection

Overview smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

10CVSS7.8AI score0.06183EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/12 12:0 a.m.•13 views

JVN#77012922: Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint Microsoft...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/15 12:0 a.m.•13 views

JVN#15549168: Safari for iOS vulnerable to denial-of-service

Safari for iOS contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version of iOS according to the information provided by the developer. Products Affected Safari contained in iOS...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 8:55 a.m.•13 views

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...

9.8CVSS8.1AI score0.87264EPSS
Exploits14References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•13 views

JVN#40382909: Microsoft Outlook read receipt function vulnerability

Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/02/10 12:0 a.m.•13 views

JVN#45184501 FAST ESP cross-site scripting vulnerability

FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software An update i...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/17 12:0 a.m.•13 views

JVN#79026329 Kantan WEB Server directory traversal vulnerability

Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Impact A remote attacker could view or obtain files on the server where Kantan WEB Server is installed. Solution Update the Software Apply the latest update...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/22 12:0 a.m.•13 views

JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery

Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/07 12:0 a.m.•13 views

JVN#21312708 MTCMS WYSIWYG Editor cross-site scripting vulnerability

MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Workarounds The vendor...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/29 12:0 a.m.•13 views

JVN#53757727 Nagios cross-site scripting vulnerability

Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the software to the latest version accordi...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/02/05 12:0 a.m.•13 views

JVN#91868305 RaidenHTTPD cross-site scripting vulnerability

RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•13 views

JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection

Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...

7.8AI score
Exploits0
Total number of security vulnerabilities5000