Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/12/15 12:0 a.m.13 views

JVN#15549168: Safari for iOS vulnerable to denial-of-service

Safari for iOS contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version of iOS according to the information provided by the developer. Products Affected Safari contained in iOS...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/29 8:55 a.m.13 views

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...

9.8CVSS8.1AI score0.87264EPSS
Exploits14References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/15 12:0 a.m.13 views

JVN#40382909: Microsoft Outlook read receipt function vulnerability

Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/02/10 12:0 a.m.13 views

JVN#45184501 FAST ESP cross-site scripting vulnerability

FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software An update i...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/09/17 12:0 a.m.13 views

JVN#79026329 Kantan WEB Server directory traversal vulnerability

Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Impact A remote attacker could view or obtain files on the server where Kantan WEB Server is installed. Solution Update the Software Apply the latest update...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/22 12:0 a.m.13 views

JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery

Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.13 views

McAfee VirusScan Engine buffer overflow vulnerability

Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...

7.5CVSS7.3AI score0.10359EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.13 views

CruiseWorks and Minna De Office vulnerable in access restrictions

Overview CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set. Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information...

6.5CVSS6.5AI score0.00324EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/07 12:0 a.m.13 views

JVN#21312708 MTCMS WYSIWYG Editor cross-site scripting vulnerability

MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Workarounds The vendor...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/02/29 12:0 a.m.13 views

JVN#53757727 Nagios cross-site scripting vulnerability

Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the software to the latest version accordi...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/02/05 12:0 a.m.13 views

JVN#91868305 RaidenHTTPD cross-site scripting vulnerability

RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/12/11 12:0 a.m.13 views

JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection

Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...

7.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/11/20 12:0 a.m.13 views

JVN#33218020 Feed2JS cross-site scripting vulnerability

Feed2JS Feed to JavaScript is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the user's web browser. Solution Update the Software Apply the latest updates...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/11/07 12:0 a.m.13 views

JVN#84565055 Lotus Domino cross-site scripting vulnerability

IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the web browser of a user who accesses a Lotus Domino server. Solution Update the Software For Lotus Domino...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/09/28 12:0 a.m.13 views

JVN#70075625 Aipo session fixation vulnerability

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker. Impact This vulnerability may allo...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/05/09 12:0 a.m.13 views

JVN#36628264 Lunascape RSS reader arbitrary script execution vulnerability

Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution Products Affected Lunascape 4.1.3 build 2 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/03/19 12:0 a.m.13 views

JVN#83832818: Interstage Application Server cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected A wide range of products is affected. For more information, refer to the vendor's website...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/25 12:0 a.m.13 views

JVN#82258242 Shopping Basket Professional vulnerable to OS command injection

Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket Professional v7 is installed. Solution Products Affected Shopping Basket Professional v7.50 and earlier For more information, refer to the vendor's website...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/12/25 12:0 a.m.13 views

JVN#02729869 pnamazu cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/30 12:0 a.m.13 views

JVN#08494205 Chama Cargo cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Chama Cargo v4.36 and earlier For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/10 12:0 a.m.13 views

JVN#34522909 Kahua vulnerable in allowing to share login sessions

Impact A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use. If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/06 12:0 a.m.13 views

JVN#88325166 Hyper NIKKI System cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected hns-2.190.8 hns-lite-2.190.8 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/09/26 12:0 a.m.13 views

JVN#30144870 SugarCRM cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected SugarCRM 4.2.1b and earlier SugarCRM 4.0.1g and earlier SugarCRM 3.5.1h and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/09/26 12:0 a.m.13 views

JVN#68295640 Movable Type vulnerabile to cross-site scripting

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Movable Type 3.3, 3.31, 3.32 Movable Type Enterprise 1.01, 1.02 For more information, refer to the...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/08/10 12:0 a.m.13 views

JVN#62171179 Kiri directory traversal vulnerability

Impact If the email analysis command processes an email with an attachment with a particular file name, the attachment may be written to an unintended location. Solution Products Affected Kiri ver9-2006 Kiri ver9-2005 Kiri ver9-2004...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/07/31 12:0 a.m.13 views

JVN#65677118 Pixelpost cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Pixelpost 1.5 RC1-2 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/07/28 12:0 a.m.13 views

JVN#27794427 Dokeos cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Dokeos version 1.6.4 Patch 1 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/07/12 12:0 a.m.13 views

JVN#73368472: ServerView directory traversal vulnerability

Impact A remote attacker could view particular files on the server. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/06/02 12:0 a.m.13 views

JVN#28513736 Mozilla Firefox HTTP 1.0 response smuggling vulnerability

Impact If a user views malicious web pages, an attacker could inject a script into the responses from a server in other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/03/01 12:0 a.m.13 views

JVN#27365476 Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Impact An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system. Solution Products Affected...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/01/17 12:0 a.m.13 views

JVN#73133641 Eudora Japanese version stops working after the application crashes

Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing a crafted image file. Solution Products Affected Eudora for Windows, earlier than version 6.2J rev 4.2...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/12/14 12:0 a.m.13 views

JVN#28011334 Opera bookmark function vulnerability

Impact An user cannot start Opera Web Browser because it crashes during startup. Solution Products Affected Opera for Windows, earlier than version 8.51 Opera for MacOS, earlier than version 8.51...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/09/29 12:0 a.m.13 views

JVN#31226748 Vulnerability in multiple web browsers allowing request spoofing attacks

Impact Authentication information or cookie information could be leaked. Solution Products Affected For more information, refer to the vendors' websites...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/08/25 12:0 a.m.13 views

JVN#23727054 Pochy denial-of-service (DoS) vulnerability

Impact A remote attacker could exploit this vulnerability to cause a denial-of-service DoS attack by sending a specially crafted email to a Pochy user. Solution Products Affected Pochy 0.2.1a...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/15 4:57 a.m.12 views

Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"

Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...

8.5CVSS6.6AI score0.00134EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/03 6:9 a.m.12 views

Multiple vulnerabilities in NEC Aterm series (NV26-001)

Overview Aterm series products provided by NEC Corporation contain multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2026-4309 Path traversal CWE-22 - CVE-2026-4619 OS command injection CWE-78 - CVE-2026-4620, CVE-2026-4622 Hidden functionality CWE-912 - CVE-2026-4621 The...

9.8CVSS5.9AI score0.00996EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/27 9:18 a.m.12 views

Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

8.2CVSS5.9AI score0.00174EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/12/08 8:48 a.m.12 views

Multiple vulnerabilities in GroupSession

Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-53523 Stored cross-site scripting CWE-79 - CVE-2025-54407 Reflected cross-site scripting CWE-79 - CVE-2025-57883 Cross-site request forgery...

6.9CVSS5.9AI score0.00186EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/18 12:0 a.m.12 views

JVN#95938761: UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting

UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-8153 Impact If a...

5.1CVSS6.7AI score0.00311EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/07/30 5:17 a.m.12 views

Apache Jena Fuseki vulnerable to path traversal

Overview Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 - CVE-2025-49656 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to the developer and IPA. After the coordination between the reporter and the...

7.5CVSS6.8AI score0.01401EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/07/24 12:0 a.m.12 views

JVN#39913189: TP-Link Archer C1200 vulnerable to clickjacking

Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-6983 Impact If a user views a malicious pag...

5.1CVSS6.3AI score0.00392EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/05/30 12:0 a.m.12 views

JVN#51394666: Multiple vulnerabilities in wivia 5

wivia 5 provided by UCHIDA YOKO CO., LTD. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H Base Score 6.7 CVE-2025-41385 Cross-site Scripting CWE-...

7.5CVSS8AI score0.0124EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/01/27 12:0 a.m.12 views

JVN#05508012: EXIF Viewer Classic vulnerable to cross-site scripting

EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor informs us...

6.1CVSS6.2AI score0.00347EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/09 12:0 a.m.12 views

JVN#67456481: Pgpool-II vulnerable to information disclosure

Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. Impact If a database user access a query cache, table data unauthorized for the user may be retrieved. Solution Update the Software Apply the appropriate updates...

7.5CVSS7.2AI score0.00528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/06 12:0 a.m.12 views

JVN#78728294: Firmware update for RICOH JavaTM Platform resets the TLS configuration

JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS Transport Layer Security communication mechanism. When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer version,...

7.5CVSS7.6AI score0.0051EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/16 5:5 a.m.12 views

Multiple vulnerabilities in Panasonic AiSEG2

Overview Panasonic AiSEG2 contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-28726 Improper Authentication CWE-287 - CVE-2023-28727 Taku Toyama of NEC Corporation reported CVE-2023-28726 and CVE-2023-28727 vulnerabilities to Panasonic and coordinated. Panasonic...

9.6CVSS7.9AI score0.00811EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/21 5:17 a.m.12 views

cordova-plugin-ionic-webview vulnerable to path traversal

Overview cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . This vulnerability was first reported to npm, Inc. by the below reporters then also reported to IPA. Based on the coordination request made by the reporters, JPCERT/CC coordinated with npm...

8.6CVSS6.8AI score0.03305EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/06 5:54 a.m.12 views

WordPress plugin "Multi Feed Reader" vulnerable to SQL injection

Overview The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability CWE-89. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker who...

8.8CVSS7.8AI score0.01617EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/31 12:0 a.m.12 views

JVN#24560784: Adobe Reader X vulnerable to sandbox bypass

Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed. Impact Arbitrary process using arbitrary arguments may be executed with the privileges of the user. Solution Update the software and apply MS13-005 Update to the latest version of Adobe Reader X and make sure that...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/15 12:0 a.m.12 views

JVN#26408023: Internet Explorer vulnerable to cross-site scripting

Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Impact An arbitrary script may be executed on the user's web browser when the setting for "Use folder view for FTP sites" is turned off. Note that this setting is turned on by default...

6.4AI score
Exploits0
Total number of security vulnerabilities5000