Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•12 views

CruiseWorks and Minna De Office vulnerable in access restrictions

Overview CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set. Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information...

6.5CVSS6.5AI score0.00324EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/27 12:0 a.m.•12 views

JVN#76669770 PerlMailer cross-site scripting vulnerability

PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in PerlMailer. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/18 12:0 a.m.•12 views

JVN#75130343 Google Web Toolkit vulnerable to cross-site scripting

Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Updat...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•12 views

JVN#77414947 Cybozu Office denial of service (DoS) vulnerability

Cybozu Office, web-based groupware, is vulnerable to a denial of service DoS attack because it fails to properly handle specially crafted HTTP requests. Impact A remote attacker can cause a denial of service DoS against the server. Solution Update the Software For more information, refer to the...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/19 12:0 a.m.•12 views

JVN#33820033 RoundCube Webmail cross-site request forgery vulnerability

RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines. Impact Information such as email subject lines may be disclosed on the web...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/05 12:0 a.m.•12 views

JVN#79295963 NetCommons cross-site scripting vulnerability

NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This vulnerability is different from JVN51301450. Impact An attacker could execute an arbitrary script on...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/12 12:0 a.m.•12 views

JVN#63304072 MouseoverDictionary vulnerable to arbitrary script execution

MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script on the user's web browser as it does not handle the sidebar HTML page properly. Impact An attacker could execute an arbitrary...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/31 12:0 a.m.•12 views

JVN#20452446 Shopping Basket Pro directory traversal vulnerability

Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory names on the server where Shopping Basket Pro is installed. Solution Update the Software Apply t...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/27 12:0 a.m.•12 views

JVN#82276964 Tuigwaa cross-site scripting vulnerability

Tuigwaa from the Tuigwaa Project is open source software to develop web applications. Tuigwaa contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. For mo...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/17 12:0 a.m.•12 views

JVN#91305178 InfoBarrier4 self-decrypted file vulnerability

Impact The third party could view the contents of self-decrypted files or obtain the passwords used for self-decryption. Solution Products Affected InfoBarrier4 Standard Plus: V4.0L10, V4.0L20...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/13 12:0 a.m.•12 views

JVN#91706484 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's IE where the user views a Trac wiki content. Solution Products Affected trac 0.10.3 and earlier versions trac-0.10.3-ja-1 and earlier versions...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/12 12:0 a.m.•12 views

JVN#41241092 Kmail CGI authentication bypass vulnerability

Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution Products Affected Version 1.0.3 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/31 12:0 a.m.•12 views

JVN#99776858 Multiple vulnerabilities in Webmin and Usermin

Impact A remote attacker could conduct the followings: Steal Webmin and Usermin's configuration information Execute an arbitrary script on the user's web browser Possibly conduct a session hijack attack if session information from a cookie is leaked Solution Products Affected Webmin 1.290 and...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/14 12:0 a.m.•12 views

JVN#51301450 NetCommons cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. As a result, a remote attacker could forge the web page contents. Solution Products Affected NetCommons 1.0.8 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/18 12:0 a.m.•12 views

JVN#81108784 Geeklog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Geeklog 1.4.0sr4 and earlier Geeklog 1.3.11sr6 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/11/16 12:0 a.m.•12 views

JVN#30451602 HTTPD-User-Manage cross-site scripting vulnerability

Impact A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage. Solution Products Affected HTTPD-User-Manage 1.62 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/04/15 12:0 a.m.•12 views

JVN#55023557 Buffalo router configuration management interface vulnerable to remote access and password leakage

Impact Configurations could be changed by the remote attacker. As the save configuration stores user's account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access. Solution Products Affected BUFFALO...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/03 8:8 a.m.•11 views

TP-Link Archer BE450 and BE7200 vulnerable to OS command injection

Overview Archer BE450 and BE7200 provided by TP-Link contain the following vulnerability. OS command injection CWE-78 - CVE-2026-5509 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed...

8.5CVSS5.6AI score0.02458EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/22 6:45 a.m.•11 views

Ziostation2 vulnerable to path traversal

Overview Ziostation2 provided by Ziosoft, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-40062 Yuta Miura of Five Drive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

8.7CVSS7.3AI score0.00619EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/20 5:47 a.m.•11 views

SKYSEA Client View and SKYMEC IT Manager improper file access permission settings

Overview SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability. Incorrect default permissions in the installation folder CWE-276 - CVE-2026-39454 Takashi Matsumoto of...

8.5CVSS7.7AI score0.00112EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/25 9:41 a.m.•11 views

SHARP routers missing authentication for some web APIs

Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/09 5:57 a.m.•11 views

Improper file access permission settings in multiple Digital Arts products

Overview Multiple products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-28267 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6AI score0.00105EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/05 12:0 a.m.•11 views

JVN#41633999: Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L Base Score 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L Base Score...

6.8CVSS6.5AI score0.00094EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/26 12:0 a.m.•11 views

JVN#09924566: Denial-of-service (DoS) vulnerabilities in multiple Apache products

Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below. Allocation of resources without limits or throttling CWE-770 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base...

7.5CVSS7.1AI score0.64718EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/24 12:0 a.m.•11 views

JVN#21624250: Inefficient regular expressions in GROWI

GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2025-43880 Impact A logged-in user...

5.3CVSS6.9AI score0.00271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/26 12:0 a.m.•11 views

JVN#87182660: WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting

WordPress Plugin "WP Admin UI Customize" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability CWE-79. Impact If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are...

4.8CVSS6.1AI score0.00369EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/20 12:0 a.m.•11 views

JVN#16114985: "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

"Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Impact An attacker may obtain the login ID and password for the affected product. Solution Update the application Update the application to the latest version according to...

4CVSS7AI score0.00152EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/06 2:0 a.m.•11 views

Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control

Overview Trend Micro Incorporated has released a security update for Deep Security 20 Agent for Windows to fix a improper access control vulnerability CVE-2024-48903. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A...

7.8CVSS6.6AI score0.00745EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/27 12:0 a.m.•11 views

JVN#21176842: MF Teacher Performance Management System vulnerable to cross-site scripting

MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the website using the product. Solution Apply the Patch The developer has release...

6.1CVSS6.4AI score0.00243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/06 12:0 a.m.•11 views

JVN#49873988: Secure Boot bypass Vulnerability in PRIMERGY

PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" CVE-2024-8105, which was publicly disclosed by Binarly. Impact The product's Secure Boot function may be bypassed an...

6.4CVSS6.3AI score0.0024EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/03 8:50 a.m.•11 views

Multiple vulnerabilities in OpenBlocks IoT VX2

Overview OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities. Masahiro Murashima and Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS7.3AI score0.00855EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/13 4:59 a.m.•11 views

Movable Type vulnerable to open redirect

Overview Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...

6.1CVSS6.6AI score0.00851EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/17 7:12 a.m.•11 views

Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries

Overview PhishWall Client Internet Explorer Version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer Version contains an issue with the DLL search path, which may lead to insecurely loading dynamic linking...

9.3CVSS6.9AI score0.01475EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/05 12:0 a.m.•11 views

JVN#09470233: Android stock browser vulnerable to denial-of-service (DoS)

The Android stock browser contains a denial-of-service DoS vulnerability. Impact When receiving a specially crafted packet, the Android stock browser may crash. Solution Do not use Android stock browser If using an affected version of the Android stock browser, it is recommended to use another...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/22 12:0 a.m.•11 views

JVN#06212291: Android OS Contacts app fails to restrict access permissions

The Contacts app within the Android OS receives requests for outgoing calls through Intents and calls the Dialer app. The Contacts app contains a vulnerability where it fails to restrict access permissions, since it receives and processes Intents from apps without CALLPHONE permissions. Impact Wh...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 4:59 a.m.•11 views

Lhaplus vulnerable to remote code execution

Overview Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Decompressing a speciall...

6.8CVSS8.3AI score0.02758EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/10/31 12:0 a.m.•11 views

JVN#75345069: Mac OS X OpenSSH vulnerable to denial-of-service (DoS)

The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service. Impact A remote attacker may cause a denial-of-service. Solution Update the software Update to the latest version according to the information provided by the developer. According to the developer, versions Mac OS X 10.6 a...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•11 views

JVN#72586781: ASP.NET vulnerable to cross-site scripting

ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/12 12:0 a.m.•11 views

JVN#79114735 Google Desktop cross-site scripting vulnerability

Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution According to the vendor, this vulnerability has been fixed in Google...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/17 12:0 a.m.•11 views

JVN#13939411 Drupal cross-site scripting vulnerability

Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a cookie is leaked, a remote attacker could possibly conduct session hijacking. Solution Products Affected Drupal 4.6.10 and earlier Drupal 4.7.4 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/08 12:0 a.m.•11 views

JVN#34830904 Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution Products Affected sns 3.11 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/27 12:0 a.m.•11 views

JVN#47223461 tDiary cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected 2.0.2 stable and earlier 2.1.4.20061115 developer version and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/20 12:0 a.m.•11 views

JVN#46244305 eyeOS cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result. Solution Products Affected eyeOS version 0.8.10 - 0.8.15...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/18 12:0 a.m.•11 views

JVN#62307185 QwikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution Products Affected QwikiWiki version 1.5.5 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/11 12:0 a.m.•11 views

JVN#13947696 Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.

Impact An attacker may be able to bypass the security model of a server application and change the status of a untained object. Solution Products Affected Ruby 1.8.4-20060516 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/06 12:0 a.m.•11 views

JVN#73705637 ACollab SQL injection vulnerability

Impact A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user. Solution Products Affected ACollab 1.2 and earlier Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/01/31 12:0 a.m.•11 views

JVN#89344424 Multiple email clients vulnerable in handling an attachement inapropriately

Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displaye...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/05 12:0 a.m.•11 views

JVN#76357668 MitakeSearch cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Solution Products Affected MitakeSearch V4.2...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/10/28 12:0 a.m.•11 views

JVN#18282718 Hyper Estraier directory traversal/denial of service vulnerability

Impact If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when the user creats an index, or cause a denial of service. Solution Products Affected Versions earlier than Hyper Estrai...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/12 2:46 a.m.•10 views

Mitigation for iSCSI Port Vulnerability in Hitachi Disk Array Systems

Overview When a large number of malicious packets are received, the iSCSI port may become unresponsive. CVE-2025-7737 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure an...

8.6CVSS5.4AI score0.00268EPSS
Exploits0References2
Total number of security vulnerabilities5000