Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•5 views

baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/30 5:49 a.m.•5 views

Aterm WG300HP vulnerable to cross-site request forgery

Overview Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.5AI score0.00629EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/22 5:56 a.m.•5 views

Log-Chat vulnerable to cross-site scripting

Overview Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:20 a.m.•5 views

Cybozu Office vulnerable to cross-site request forgery

Overview Cybozu Office contains a cross-site request forgery vulnerability CWE-352 in multiple functions. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to the latest version according to the information provide...

8.8CVSS6.6AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:45 a.m.•5 views

Cybozu Office access restriction bypass vulnerability

Overview Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable...

5.5CVSS6.8AI score0.01164EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/12 6:59 a.m.•5 views

Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates

Overview Akerun - Smart Lock Robot App for iOS provided by Photosynth Inc. fails to verify SSL server certificates. Kenta Suefusa, Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

8.1CVSS6.5AI score0.00881EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•5 views

HOME SPOT CUBE vulnerable to open redirect

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an open redirect vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

7.4CVSS6.6AI score0.01254EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•5 views

HOME SPOT CUBE vulnerable to cross-site scripting

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site scripting vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS6.2AI score0.00802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/22 5:36 a.m.•5 views

Multiple Buffalo network devices vulnerable to cross-site scripting

Overview Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.1CVSS6AI score0.00765EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/28 4:51 a.m.•5 views

Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework and Groupmax Collaboration. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official...

3.5CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/17 7:18 a.m.•5 views

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/11 4:46 a.m.•5 views

Zend Framework vulnerable to SQL injection

Overview Zend Framework is an open source web application framework. Zend Framework contains an SQL injection vulnerability CWE-89 due to the argument of the ORDER BY clause. Hiroshi Tokumaru of HASH Consulting Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

9.8CVSS7.9AI score0.02332EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:51 a.m.•5 views

WL-330NUL vulnerable to cross-site scripting

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:41 a.m.•5 views

WL-330NUL vulnerable to remote command execution

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.3CVSS7.2AI score0.0223EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/27 4:29 a.m.•5 views

ManageEngine Firewall Analyzer fails to restrict access permissions

Overview ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a vulnerability where access permissions are not restricted. Mukai Akihito, Hasegawa Tomoshige report...

7.5CVSS6.5AI score0.07097EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/20 4:31 a.m.•5 views

ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting

Overview ArcSight Management Center and ArcSight Logger from Hewlett-Packard Development Company L.P. contain a stored cross-site scripting vulnerability CWE-79. Mukai Akihito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS5.9AI score0.01942EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:21 a.m.•5 views

Kirby vulnerable to arbitrary file creation

Overview Kirby is a content management system CMS. Kirby contains a vulnerability that may allow a remote attacker to create arbitrary files. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS7AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:20 a.m.•5 views

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. Note that this vulnerability is different from JVN71088919. Kenta Suefusa and Tomonori Shiom...

6.8CVSS6.9AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/13 5:25 a.m.•5 views

Apple OS X authentication issue when recovering from sleep mode

Overview Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this...

3.7CVSS6.9AI score0.00335EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 4:37 a.m.•5 views

Enisys Gw vulnerable to arbitrary file creation

Overview Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a vulnerability that may allow a remote attacker to create arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS7.1AI score0.01959EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/15 3:24 a.m.•5 views

eXtplorer vulnerable to cross-site request forgery

Overview eXtplorer is a web-based file manager. index.php of eXtplorer contains a cross-site request forgery CWE-352 vulnerability. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS6.8AI score0.01014EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 4:36 a.m.•5 views

Dotclear vulnerable to cross-site scripting

Overview Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a...

4.3CVSS6.1AI score0.0121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/01 5:11 a.m.•5 views

Python for Windows may insecurely load dynamic libraries

Overview Python for Windows contains an issue with the DLL search path, which may lead to insecurely loading a DLL called readline.pyd. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

7.2CVSS9.1AI score0.0059EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:5 a.m.•5 views

MATCHA SNS access restriction bypass vulnerability

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains an access restriction bypass vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user without...

6.5CVSS6.6AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/17 5:44 a.m.•5 views

PHP for Windows vulnerable to OS command injection

Overview PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Specifying a specially craft...

10CVSS7.5AI score0.05999EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 6:0 a.m.•5 views

namshi/jose fails to verify token signatures

Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5CVSS6.6AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/18 5:14 a.m.•5 views

Ruby on Rails library Paperclip vulnerable to cross-site scripting

Overview Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. MORI Shingo of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.2AI score0.02121EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:2 a.m.•5 views

MilkyStep vulnerable to OS command injection

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.4AI score0.01615EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/14 4:39 a.m.•5 views

Cacti vulnerable to SQL injection

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for 'localgraphid' in graph.php. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IP...

6.5CVSS7.3AI score0.01084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/14 4:24 a.m.•5 views

JBoss RichFaces vulnerable to remote Java code execution

Overview JBoss RichFaces contains a remote Java code execution vulnerability. JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Takeshi Terada of Mitsui...

7.5CVSS7.8AI score0.03929EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/06 4:46 a.m.•5 views

All In One WP Security & Firewall vulnerable to cross-site request forgery

Overview All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the...

6.8CVSS6.4AI score0.01076EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/27 5:2 a.m.•5 views

KENT-WEB Clip Board vulnerability where arbitary files may be deleted

Overview Clip Board provided by KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. KENT-WEB Clip Board contains a vulnerability that may allow a remote attacker to delete arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...

6.4CVSS6.9AI score0.01511EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/27 4:57 a.m.•5 views

Joyful Note vulnerability in handling files

Overview Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.5CVSS7.2AI score0.02622EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/26 4:42 a.m.•5 views

NP-BBRM vulnerable in UPnP functionality

Overview NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution Disable UPnP Disable UPnP functionality from the management configuration in the settings...

7.8CVSS6.8AI score0.0155EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/18 5:49 a.m.•5 views

WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Note that this vulnerability is...

4.3CVSS6AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/18 4:41 a.m.•5 views

TSUTAYA App for Android vulnerable to arbitrary Java method execution

Overview TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.8CVSS6.7AI score0.02016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/10 5:18 a.m.•5 views

Chyrp vulnerable to cross-site scripting

Overview Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script which ma...

3.5CVSS5.9AI score0.01417EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/09 5:45 a.m.•5 views

i-HTTPD vulnerable to cross-site scripting

Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Note that this vulnerability is different from JVN89613370. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.1AI score0.01502EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/09 5:44 a.m.•5 views

"Omake BBS" of i-HTTPD vulnerable to cross-site scripting

Overview i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated...

5CVSS6AI score0.01773EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/04 3:28 a.m.•5 views

Kaku-San-Sei Million Arthur for Android information management vulnerability

Overview Kaku-San-Sei Million Arthur provided by SQUARE ENIX CO., LTD. is a gaming application. Kaku-San-Sei Million Arthur for Android contains an information management vulnerability. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5CVSS6.4AI score0.00982EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/04 3:22 a.m.•5 views

KENT-WEB Clip Board vulnerable to cross-site scripting

Overview KENT-WEB Clip Board is a bulletin board software that a user can upload binary files such as image files. Clip Board contains a cross-site scripting vulnerability. Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

4.3CVSS6.1AI score0.01193EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/03 6:9 a.m.•5 views

DBD::PgPP vulnerable to SQL injection

Overview DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Toshiharu Sugiyama reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If DBD::Pg...

9.8CVSS7.9AI score0.01559EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 4:56 a.m.•5 views

Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

Overview The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP...

6.2CVSS7.6AI score0.00377EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/11 4:36 a.m.•5 views

Multiple Cybozu products vulnerable to buffer overflow

Overview Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Masaaki Chida of GREE, Inc. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker ma...

9CVSS7.7AI score0.03742EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/10 5:23 a.m.•5 views

OpenAM vulnerable to denial-of-service (DoS)

Overview OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Yasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC...

6.8CVSS6.4AI score0.01067EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/10 5:2 a.m.•5 views

Huawei E5332 vulnerable to denial-of-service (DoS)

Overview Huawei E5332 contains a denial-of-service DoS vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Shuto Imai of Chukyo...

6.8CVSS6.4AI score0.0122EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 5:54 a.m.•5 views

Safari issue in handling application cache

Overview Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on. Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...

5CVSS6.4AI score0.01746EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/04 7:36 a.m.•5 views

EmFTP may insecurely load executable files

Overview EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" without an extension and an executable "example.exe" are in the same directory, attemtping to open t...

5.1CVSS7.7AI score0.00354EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/29 4:38 a.m.•5 views

Kindle App for Android fails to verify SSL server certificates

Overview Kindle App for Android fails to verify SSL server certificates. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

5.8CVSS6.5AI score0.00521EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/15 4:24 a.m.•5 views

Shutter vulnerable to SQL injection

Overview Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

7.5CVSS7.8AI score0.01164EPSS
Exploits0References6
Total number of security vulnerabilities5000