Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/02/26 12:0 a.m.88 views

JVN#83501605: WordPress plugin "FormCraft" vulnerable to cross-site request forgery

The WordPress plugin "FormCraft" provided by nCrafts contains a cross-site request forgery vulnerability CWE-352. Impact Unintended operations may be performed if a user logs into the WordPress administration screen and browses a malicious page. Those operations may include generating new forms,...

8.8CVSS8.6AI score0.00833EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/19 12:0 a.m.88 views

JVN#93333702: OneThird CMS vulnerable to directory traversal

OneThird CMS provided by SpiQe Software is a Contents Management System CMS. OneThird CMS contains a directory traversal vulnerability CWE-22. Impact An authenticated atacker with editing privileges may delete arbitrary files on the server. Solution Update the Software Update to the latest versio...

4.3CVSS4.6AI score0.01185EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/11 12:0 a.m.88 views

JVN#27342829: Qt for Android environment variables alteration

Qt for Android contains an information alteration vulnerability. Impact A remote attacker may alter environemt variables of the apps created using Qt. As a result, arbitrary code may be executed. Solution Update the Software Update to the latest version of software according to the information...

6.8CVSS6AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/10 12:0 a.m.88 views

JVN#29939155: Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries

File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.88 views

JVN#82120115: Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries

Installer of Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

7.8CVSS7.8AI score0.01124EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 12:0 a.m.87 views

JVN#14658714: Installer of "Flets Azukeru for Windows Auto Backup Tool" may insecurely load Dynamic Link Libraries

Installer of "Flets Azukeru for Windows Auto Backup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the us...

9.3CVSS7.7AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 12:0 a.m.86 views

JVN#42880365: WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery

WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" provided by codemiq contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in to the affected system with an administrative privilege, unintended operations may be...

8.8CVSS8.5AI score0.0087EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/21 12:0 a.m.86 views

JVN#66435380: Multiple Fuji Xerox mobile applications fails to verify SSL server certificates

Multiple Fuji Xerox mobile applications fail to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

7.4CVSS7AI score0.0052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/21 12:0 a.m.86 views

JVN#96954395: Nessus vulnerable to cross-site scripting

Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

5.4CVSS5.3AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/01 12:0 a.m.86 views

JVN#91393903: Multiple vulnerabilities in epg search result viewer(kkcald)

epg search result viewerkkcald provided by kkcal contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0508 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/AU:N/C:N/I:P/A:N| Base Score:...

9.8CVSS8.2AI score0.02033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/25 12:0 a.m.86 views

JVN#22272314: Installer of "Flets Setsuzoku Tool" may insecurely load Dynamic Link Libraries

Installer of "Flets Setsuzoku Tool"provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...

9.3CVSS7.7AI score0.01059EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/03 12:0 a.m.86 views

JVN#06337557: Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries

The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the us...

9.3CVSS7.7AI score0.01231EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/10/20 12:0 a.m.85 views

JVN#56968681: Multiple vulnerabilities in nadesiko3

Nadesiko3 provided by kujirahand contains multiple vulnerabilities listed below. OS command injection vulnerability in processing compression and decompression CWE-78 - CVE-2022-41642 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2...

9.8CVSS9.4AI score0.02067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/04 12:0 a.m.85 views

JVN#14077132: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2|...

8.1CVSS6AI score0.00965EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/05 12:0 a.m.85 views

JVN#52486659: Ghostscript access restriction bypass vulnerability

Ghostscript provided by Artifex Software Inc. contains an access restriction bypass vulnerability CWE-284. Impact By Ghostscript processing a specially crafted file, arbitrary command may be executed with the privilege of Ghostscript. Solution Update the Software Update the software according to...

8.8CVSS8AI score0.03434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/08 12:0 a.m.85 views

JVN#97325754: F-RevoCRM vulnerable to cross-site scripting

F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying the...

6.1CVSS6.2AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/19 12:0 a.m.85 views

JVN#01236065: Android App "NTV News24" fails to verify SSL server certificates

Android App "NTV News24" provided by Nippon Television Network Corporation fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to th...

7.4CVSS7.2AI score0.0052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/12/03 12:0 a.m.85 views

JVN#23981867: Multiple cross-site scripting vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS8.9AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/19 12:0 a.m.84 views

JVN#86026700: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.6AI score0.00916EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/13 12:0 a.m.84 views

JVN#26891339: Multiple vulnerabilities in Retty App

Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score:...

7.5CVSS5.7AI score0.01037EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/04 12:0 a.m.84 views

JVN#38784555: Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H| Base Score...

10CVSS9AI score0.01803EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/20 12:0 a.m.84 views

JVN#13467854: Toshiba Electronic Devices & Storage software registers unquoted service paths

Some of Toshiba Electronic Devices & Storage software registers Windows services with unquoted file paths CWE-428. Impact When a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service. Solution The...

8.4CVSS8.5AI score0.00345EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/07 12:0 a.m.84 views

JVN#56890693: Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads

Joomla! plugin "AcyMailing" allows an unauthenticated user to upload arbitrary files CWE-434. Impact Arbitrary PHP code may be executed. Solution Update the plugin Update the plugin according to the information provided by the developer. Products Affected AcyMailing versions prior to 6.9.2...

7.2CVSS7.1AI score0.013EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 12:0 a.m.84 views

JVN#20409270: Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries

The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege o...

7.8CVSS7.7AI score0.01057EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/01 12:0 a.m.84 views

JVN#51274854: Multiple software for Sharp IC Card Reader/Writer Devices may insecurely load Dynamic Link Libraries

The tool to verify execution environment and the driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contain an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege o...

9.3CVSS7.6AI score0.01644EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/15 12:0 a.m.84 views

JVN#04455183: Shutter vulnerable to cross-site scripting

Shutter provided by tenfourzero is a web package allowing users to share their photos. Shutter contains a cross-site scripting vulnerability, which can be exploited through the SQL injection vulnerability JVN48039501. Impact If an administrator views a malicious page while logged in, an arbitrary...

4.3CVSS6.8AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/13 12:0 a.m.83 views

JVN#96209256: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-34439 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

7.5CVSS6.2AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/18 12:0 a.m.83 views

JVN#13927745: WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Impact The number of views for an article may be manipulated through a crafted input. Solution Update the plugin Update the plugin according to the...

7.5CVSS7.3AI score0.00846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/22 12:0 a.m.83 views

JVN#53871926: EC-CUBE improperly handles HTTP Host header values

EC-CUBE provided by EC-CUBE CO.,LTD. improperly handles HTTP Host header values CWE-913. Impact A remote attacker may direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users. Solution Apply Workaround Apply the following workaround to avoid...

5.3CVSS5.2AI score0.01138EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/03 12:0 a.m.83 views

JVN#24457594: Multiple vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Clickjacking attacks CWE-1021 - CVE-2020-5679 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Imprope...

7.5CVSS6.8AI score0.01367EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/31 12:0 a.m.83 views

JVN#38732359: Multiple Yamaha network devices vulnerable to denial-of-service (DoS)

Multiple network devices provided by Yamaha Corporation contain a denial-of-service DoS vulnerability CWE-400 due to an issue in processing received packets. Impact A remote attacker may be able to cause a denial-of-service DoS condition. Solution Update the firmware Update to the latest version ...

7.8CVSS7.6AI score0.01419EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/17 12:0 a.m.83 views

JVN#49593434: Trend Micro Password Manager vulnerable to information disclosure

Password Manager provided by Trend Micro Incorporated contains an information disclosure vulnerability CWE-200. Under certain conditions, the information ID, password etc. managed by Password Manager are kept on the memory in plaintext. They may be retrieved when the memory scan is done. Impact A...

5.5CVSS5.2AI score0.00976EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/15 12:0 a.m.83 views

JVN#07679150: ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability

ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution. These software products contain an open redirect vulnerability...

6.1CVSS6.2AI score0.01122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/23 12:0 a.m.83 views

JVN#87410770: Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

10CVSS8.5AI score0.0295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/14 12:0 a.m.83 views

JVN#61502349: Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries

AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

9.3CVSS7.6AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/05 12:0 a.m.82 views

JVN#21636825: A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability CWE-287. Impact An attacker who can access the device may log in via telnet without authentication and execute an arbitrary command...

9.8CVSS9.8AI score0.0129EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/19 12:0 a.m.82 views

JVN#25766797: Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS

Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in UPnP function CWE-78 - CVE-2020-5524 Version| Vector| Score ---|---|--- CVSS v3|...

8.8CVSS8.5AI score0.01019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/12 12:0 a.m.82 views

JVN#57070811: Athenz vulnerable to open redirect

Athenz provided by Verizon Media contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software to...

6.1CVSS6.1AI score0.01119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/06 12:0 a.m.82 views

JVN#30352845: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary cod...

9.3CVSS7.7AI score0.01029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/01 12:0 a.m.82 views

JVN#65994435: Multiple vulnerabilities in multiple Buffalo broadband routers

BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.6AI score0.00713EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/10/17 12:0 a.m.82 views

JVN#54795166: Home unit KX-HJB1000 contains multiple vulnerabilities

Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Improper access control - CVE-2017-2131 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base...

8.8CVSS7AI score0.01248EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 12:0 a.m.82 views

JVN#92765814: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugins "Blog", "Mail", "Feed", and "Uploader" contain the following vulnerabilities. Cross-site request forgery CWE-352 - CVE-2016-4879, CVE-2016-4881, CVE-2016-4884, CVE-2016-4885,...

8.8CVSS7.4AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 12:0 a.m.81 views

JVN#91372527: WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery

WordPress Plugin "WPCS – WordPress Currency Switcher" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in to the affected system with an administrative privilege, unintended operations may be performed. Soluti...

8.8CVSS8.6AI score0.00866EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.81 views

JVN#29095127: CuteNews vulnerable to cross-site scripting

Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user with a login privilege to the website that uses Cute News while accessing the website. Solution...

6.1CVSS6.1AI score0.00773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/14 12:0 a.m.81 views

JVN#05398317: WordPress plugin "TablePress" vulnerable to improper restriction of XML external entity (XXE) references

The WordPress plugin "TablePress" is a plugin to create and manage tables on WordPress site. TablePress contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Impact An arbitrary file on the server may be accessed by users who can access the...

4.3CVSS4.5AI score0.01058EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/09 12:0 a.m.81 views

JVN#71284826: Installer of HYPER SBI may insecurely load Dynamic Link Libraries

HYPER SBI provided by SBI SECURITIES Co.,Ltd. is a trading tool. Installer of HYPER SBI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

9.3CVSS7.7AI score0.01029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/23 12:0 a.m.80 views

JVN#95292458: Multiple cross-site scripting vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20750 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.6AI score0.01557EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/14 12:0 a.m.80 views

JVN#49704918: mod_auth_openidc vulnerable to denial-of-service (DoS)

modauthopenidc provided by ZmartZone is an OpenID Connect's Relying Party module for Apache HTTP Server. This module contains a denial-of-service DoS vulnerability CWE-400. Impact A remote attacker may cause a denial-of-service DoS condition. Solution Update the software Update to the latest...

7.5CVSS7.3AI score0.03395EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/15 12:0 a.m.80 views

JVN#71535108: ANA App for iOS fails to verify SSL server certificates

ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates CWE-295. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter on a content of communication. Solution Update the Application Update to the latest version according to the...

7.4CVSS7AI score0.00503EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/30 12:0 a.m.80 views

JVN#45134765: Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries

Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Total number of security vulnerabilities5000