Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/28 9:28 a.m.•5 views

Multiple vulnerabilities in Panasonic BN-SDWBP3

Overview BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2018-0676 OS Command InjectionCWE-78 - CVE-2018-0677 Buffer Overflow CWE-119 - CVE-2018-0678 Taizoh...

8.8CVSS7.7AI score0.0112EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/25 7:19 a.m.•5 views

WordPress plugin "Google XML Sitemaps" vulnerable to cross-site scripting

Overview The WordPress plugin "Google XML Sitemaps" provided by Arne Brachhold contains a stored cross-site scripting vulnerability CWE-79. takagisan reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact In the ca...

4.8CVSS5.8AI score0.00678EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/21 5:10 a.m.•5 views

PgpoolAdmin fails to restrict access permissions

Overview PgpoolAdmin provided by PgPool Global Development Group fails to restrict access permissions CWE-264. Fotios Rogkotis of DarkMatter reported this vulnerability to PgPool Global Development Group, and PgPool Global Development Group reported this vulnerability to IPA to notify users of it...

9.8CVSS7AI score0.0172EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/19 6:20 a.m.•5 views

Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Hidden functionality CWE-912 - CVE-2018-16198 Cross-site scripting CWE-79 - CVE-2018-16199 OS command injection CWE-78 -...

8.8CVSS7.2AI score0.00788EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/09 7:13 a.m.•5 views

Multiple vulnerabilities in WordPress plugin "LearnPress"

Overview WordPress LMS plugin "LearnPress" contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16173 Open Redirect CWE-601 - CVE-2018-16174 SQL Injection CWE-89 - CVE-2018-16175 Daiki Sueyoshi of Cryptography Laboratory, Department of Information and Communicati...

7.2CVSS7.8AI score0.01306EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/24 7:7 a.m.•5 views

SecureCore Standard Edition vulnerable to authentication bypass

Overview SecureCore Standard Edition provided by Feitian Japan Co., Ltd. contains an authentication bypass vulnerability CWE-287. Daisuke Ota of BizReach, inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

7.8CVSS6.7AI score0.00334EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/15 6:26 a.m.•5 views

Multiple vulnerabilities in FileZen

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2018-0693 OS command injection CWE-78 - CVE-2018-0694 Soliton Systems K.K...

10CVSS8AI score0.02374EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/04 7:11 a.m.•5 views

Multiple vulnerabilities in Denbun

Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...

9.8CVSS8.7AI score0.03584EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/30 8:34 a.m.•5 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart, Ltd. is a content management system. Movable Type contains a cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

6.1CVSS6.1AI score0.00818EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/06 5:10 a.m.•5 views

Multiple directory traversal vulnerabilities in AttacheCase

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported CVE-2018-0660...

5.8CVSS6.7AI score0.01419EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/13 5:47 a.m.•5 views

Explzh vulnerable to directory traversal

Overview Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability CWE-22. Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite...

7.8CVSS6.8AI score0.01951EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/07/12 6:4 a.m.•5 views

Multiple vulnerabilities in Aterm HC100RC

Overview Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 Buffer Overflow CWE-119 - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mits...

9CVSS7.5AI score0.018EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/06/12 5:44 a.m.•5 views

LINE for Windows may insecurely load Dynamic Link Libraries

Overview LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries CWE-427. LINE...

7.8CVSS6.9AI score0.00796EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 3:13 a.m.•5 views

Information Disclosure Vulnerability in Hitachi Automation Director

Overview An Information Disclosure Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 5:57 a.m.•5 views

Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

Overview Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting"...

9.3CVSS7AI score0.09044EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 6:1 a.m.•5 views

WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting

Overview The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

6.1CVSS5.9AI score0.01085EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/05 1:22 a.m.•5 views

DoS Vulnerability in JP1/ServerConductor/Deployment Manager and Hitachi Compute Systems Manager

Overview A DoS Vulnerability was found in JP1/ServerConductor/Deployment Manager and Hitachi Compute Systems Manager Deployment Manager Plug-in. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the...

7.8CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 7:43 a.m.•5 views

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on t...

6.1CVSS5.9AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/01/19 5:19 a.m.•5 views

GroupSession vulnerable to open redirect

Overview GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability CWE-601. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.1CVSS6.7AI score0.00769EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/22 6:50 a.m.•5 views

The installer of Music Center for PC may insecurely load Dynamic Link Libraries

Overview Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that this vulnerability is different from...

9.3CVSS6.9AI score0.01944EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/11 5:13 a.m.•5 views

Fluentd vulenrable to escape sequence injection

Overview Fluentd provided by Cloud Native Computing Foundation CNCF contains an escape sequence injection vulnerability. Fluentd is an open source data collector provided by Cloud Native Computing Foundation CNCF. The parse Filter Plugin for Fluentd contains an escape sequence injection...

10CVSS7.7AI score0.04581EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/11 4:40 a.m.•5 views

Qt for Android vulnerable to OS command injection

Overview Qt for Android provided by The Qt Company contains an OS command injection vulnerability CWE-78. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

9.8CVSS7.7AI score0.01958EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/01 7:17 a.m.•5 views

Multiple vulnerabilities in multiple Buffalo broadband routers

Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

6.1CVSS6.5AI score0.00713EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/30 6:50 a.m.•5 views

Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection

Overview A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Yuuta Watanabe...

9.8CVSS7.4AI score0.01269EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/30 6:45 a.m.•5 views

Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1

Overview Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below. Improper Access Restriction CWE-284 - CVE-2017-10900 Buffer Overflow CWE-119 -...

10CVSS7.5AI score0.02553EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/29 5:54 a.m.•5 views

StreamRelay.net.exe and sDNSProxy.exe vulnerable to denial-of-service (DoS)

Overview StreamRelay.net.exe and sDNSProxy.exe fail to properly process ICMP Port Unreachable message CWE-703. Tomoki Sanaki reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Tomoki Sanaki coordinated under the Information Security Early Warning...

7.5CVSS6.7AI score0.015EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/22 4:51 a.m.•5 views

PWR-Q200 vulnerable to DNS cache poisoning attacks

Overview PWR-Q200 provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION is a mobile WiFi router. PWR-Q200 is vulnerable to DNS cache poisoning attacks as DNS queries are done with a fixed source port CWE-330. Toshifumi Sakaguchi reported this vulnerability to IPA. JPCERT/CC coordinated with...

7.5CVSS6.6AI score0.01323EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/14 4:26 a.m.•5 views

WordPress plugin "TablePress" vulnerable to improper restriction of XML external entity (XXE) references

Overview The WordPress plugin "TablePress" is a plugin to create and manage tables on WordPress site. TablePress contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA...

5CVSS6.8AI score0.01058EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/01 6:36 a.m.•5 views

OpenAM (Open Source Edition) vulnerable to authentication bypass

Overview OpenAM Open Source Edition contains an authentication bypass vulnerability. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user may...

8.1CVSS6.8AI score0.02625EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/25 3:17 a.m.•5 views

Memory corruption vulnerability in Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro

Overview Rakuraku Hagaki and Rakuraku Hagaki Select for Ichitaro contain a memory corruption vulnerability. Impact If a user opens a specially crafted Rakuraku Hagaki file or Rakuraku Hagaki Select for Ichitaro file, arbitrary code may be executed with the privilege of running the application...

7.8CVSS7.3AI score0.01312EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/17 8:22 a.m.•5 views

Home unit KX-HJB1000 contains multiple vulnerabilities

Overview Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.8CVSS6.8AI score0.01248EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/29 4:54 a.m.•5 views

Marp vulnerable to improper access control in JavaScript execution

Overview Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.8CVSS6.3AI score0.00519EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/08 5:14 a.m.•5 views

Multiple vulnerabilities in CG-WLR300NM

Overview CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

7.7CVSS7.8AI score0.00823EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/31 7:35 a.m.•5 views

Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Overview Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/30 6:10 a.m.•5 views

Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries

Overview Installer of "Remote Support Tool Enkaku Support Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...

9.3CVSS6.8AI score0.01231EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 5:52 a.m.•5 views

Installer of "Flets Setsuzoku Tool" may insecurely load Dynamic Link Libraries

Overview Installer of "Flets Setsuzoku Tool"provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/23 6:24 a.m.•5 views

The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

Overview The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome and BlackWingCat of...

9.3CVSS7.1AI score0.01456EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 8:29 a.m.•5 views

Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/08 6:35 a.m.•5 views

Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries

Overview Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/27 6:38 a.m.•5 views

NFC Port Software remover may insecurely load Dynamic Link Libraries

Overview NFC Port Software remover provided by Sony Corporation is an application to remove NFC Port Software. NFC Port Software remover contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/24 4:52 a.m.•5 views

Multiple cross-site scripting vulnerabilities in ScreenOS

Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

9.6CVSS6.3AI score0.01194EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/19 6:7 a.m.•5 views

Multiple vulnerabilities SONY Portable Wireless Server WG-C10

Overview Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2275 Buffer overflow CWE-119 - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

9CVSS8.3AI score0.01933EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/13 5:35 a.m.•5 views

FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries

Overview FileCapsule Deluxe Portable is a file encryption software. FileCapsule Deluxe Portable contains the following vulnerabilities. FileCapsule Deluxe Portable insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2265, CVE-2017-2267, CVE-2017-2269 Encrypted files in self-decryption forma...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/07 6:47 a.m.•5 views

Microsoft IME may insecurely load Dynamic Link Libraries

Overview Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not...

7.8CVSS7AI score0.02181EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/03 6:22 a.m.•5 views

Cybozu Garoon fails to restrict access permission

Overview Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction. Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact When a logged-in user accesses ...

5.8CVSS6.5AI score0.00849EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/28 7:40 a.m.•5 views

Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Overview Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. BlackWingCat of Pink Flying Whale reported this vulnerability to IPA...

7.8CVSS7.2AI score0.01109EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/20 4:58 a.m.•5 views

WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script ma...

6.1CVSS6AI score0.01466EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/13 5:50 a.m.•5 views

WordPress plugin "WP-Members" vulnerable to cross-site scripting

Overview The WordPress plugin "WP-Members" contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on a logged in...

6.1CVSS6AI score0.01766EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/13 5:11 a.m.•5 views

Open redirect vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains an open redirect vulnerability CWE-601. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.6AI score0.01476EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/13 4:51 a.m.•5 views

Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries

Overview Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.8CVSS7AI score0.00733EPSS
Exploits0References7
Total number of security vulnerabilities5000