Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:14 a.m.•4 views

Cybozu Mailwise vulnerable to information disclosure

Overview Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinat...

4.7CVSS6.1AI score0.01586EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/08 3:28 a.m.•4 views

Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery

Overview Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS6.9AI score0.02385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 5:56 a.m.•4 views

WordPress plugin "Nofollow Links" vulnerable to cross-site scripting

Overview The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS5.9AI score0.01805EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/30 4:53 a.m.•4 views

Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Overview Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. TERASOLUNA FWStruts1 Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS8.7AI score0.35927EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/29 5:27 a.m.•4 views

Sushiro App fails to verify SSL server certificates

Overview Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates. Yuta Teshima of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00953EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 5:19 a.m.•4 views

Multiple Hikari Denwa routers vulnerable to cross-site request forgery

Overview Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability CWE-352. Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...

8.8CVSS6.7AI score0.01208EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 5:10 a.m.•4 views

Multiple Hikari Denwa routers vulnerable to OS command injection

Overview Multiple Hikari Denwa routers contain an OS command injection vulnerability CWE-78. Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS...

7.2CVSS7.6AI score0.02512EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 5:12 a.m.•4 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN95082904. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

6.1CVSS6.1AI score0.01491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 5:57 a.m.•4 views

CG-WLR300GNV Series does not limit authentication attempts

Overview CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegish...

5.3CVSS7.1AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 5:57 a.m.•4 views

CG-WLBARAGM vulnerable to denial-of-service (DoS)

Overview CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service DoS vulnerability. Yuji Ukai of FFRI, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.8CVSS6.7AI score0.01939EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/08 5:30 a.m.•4 views

DX Library vulnerable to remote code execution

Overview DX Library is an open source library for creating Windows applications. DX Library contains a remote code execution vulnerability due to an issue in printfDx. Tomoya Kitagawa of Graduate School of Information Science, Nara Institute of Science and Technology reported this vulnerability t...

9.8CVSS8.2AI score0.03816EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 7:26 a.m.•4 views

Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

Overview The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the...

8.1CVSS9AI score0.13122EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•4 views

Cybozu Garoon function "Portlets" vulnerable to access restriction bypass

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "Portlets". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may create a portlet which does not belong any...

8.1CVSS6.5AI score0.0123EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•4 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN37121456. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

5.4CVSS6AI score0.00802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•4 views

Cybozu Garoon vulnerable to open redirect

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC an...

7.4CVSS6.6AI score0.01789EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•4 views

Cybozu Garoon mail function vulnerable to access restriction bypass

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A spoofed e-mail may be sent by a user. Solution Update the...

6.5CVSS6.6AI score0.01139EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:54 a.m.•4 views

WebARENA formmail vulnerable to cross-site scripting

Overview formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6AI score0.0102EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:53 a.m.•4 views

Multiple Buffalo wireless LAN routers vulnerable to information disclosure

Overview Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.5CVSS6.7AI score0.01434EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:51 a.m.•4 views

Japan Connected-free Wi-Fi vulnerable to API execution

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5.6CVSS6.8AI score0.00782EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/25 5:37 a.m.•4 views

WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting

Overview The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Kenta Yamamoto of Cryptography Laboratory,Department of Information and Communication Engineering, Graduate School of Tokyo Denki University reported this vulnerability to IPA...

6.1CVSS5.9AI score0.01511EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 7:43 a.m.•4 views

Cross-site Scripting Vulnerability in Hitachi Tuning Manager

Overview A cross-site scripting vulnerability was found in Hitachi Tuning Manager. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.7CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/19 4:37 a.m.•4 views

Web Mailing List vulnerable to cross-site scripting

Overview Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01417EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 7:14 a.m.•4 views

Cybozu KUNAI App fails to verify SSL server certificates

Overview Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates. Kusano Kazuhiko reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

6.8CVSS6.5AI score0.01194EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 4:56 a.m.•4 views

EC-CUBE fails to restrict access permissions

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Note that this vulnerability is different from JVN11458774. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

5.3CVSS6.7AI score0.01301EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/22 4:49 a.m.•4 views

Electron may insecurely load Node modules

Overview Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript. Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron...

7.8CVSS6.9AI score0.00431EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/08 3:31 a.m.•4 views

EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" provided by Cyber-Will Inc. contain a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.1CVSS6.1AI score0.01625EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•4 views

baserCMS plugin "Casebook Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Casebook Plugin" contains a cross-site request forgery vulnerability CWE-352. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•4 views

baserCMS plugin "Recruit Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Recruit Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•4 views

WisePoint contains issue in preventing clickjacking attacks

Overview WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Hiroki Ikemoto of NTT SOFT SERVICE Corp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...

6.1CVSS6.5AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•4 views

AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery

Overview AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

5.8CVSS6.5AI score0.00766EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/07 8:0 a.m.•4 views

Information Disclosure Vulnerability in Hitachi Compute Systems Manager

Overview An Information Disclosure Vulnerability was found in Hitachi Compute Systems Manager. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriat...

3.5CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/25 7:9 a.m.•4 views

Remote File Inclusion Vulnerability in Hitachi Command Suite

Overview A Remote File Inclusion Vulnerability was found in Hitachi Command Suite. Impact Malicious attacker might exploit this vulnerability to load external files into a browser. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...

3.4CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:42 a.m.•4 views

EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

9.1CVSS7.6AI score0.01361EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:20 a.m.•4 views

Cybozu Office vulnerable to open redirect

Overview Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

7.4CVSS6.6AI score0.01254EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 4:50 a.m.•4 views

Vine MV vulnerable to cross-site scripting

Overview Vine MV contains a cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's web browser. Solution Updat...

6.1CVSS6AI score0.01417EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•4 views

HOME SPOT CUBE vulnerable to clickjacking

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a clickjacking vulnerabilitiy. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.8AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•4 views

HOME SPOT CUBE vulnerable to cross-site request forgery

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site request forgery vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

7.5CVSS6.8AI score0.00556EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/15 4:57 a.m.•4 views

acmailer vulnerable to OS command injection

Overview acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability CWE-78. Kazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

9.1CVSS7.5AI score0.02411EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/25 5:33 a.m.•4 views

CG-WLBARGS does not properly perform authentication

Overview CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

10CVSS6.8AI score0.02761EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/17 6:19 a.m.•4 views

Welcart vulnerable to SQL injection

Overview Welcart provided by Collne Inc. is a WordPress plugin. Welcart contains an SQL injection vulnerability CWE-89 due to a flaw in the processing of searchcolumn and switch parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.5CVSS7.6AI score0.01579EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/17 6:19 a.m.•4 views

WinRAR may insecurely load executable files

Overview WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file. WinRAR also...

7.8CVSS6.3AI score0.00914EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:41 a.m.•4 views

WL-330NUL vulnerable to remote command execution

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.3CVSS7.2AI score0.0223EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/07 5:21 a.m.•4 views

GANMA! App for iOS fails to verify SSL server certificates

Overview GANMA! App for iOS provided by COMICSMART INC. fails to verify SSL server certificates. Yuji Tounai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker t...

5.9CVSS6.4AI score0.00696EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•4 views

p++BBS vulnerable to cross-site scripting

Overview p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/27 4:29 a.m.•4 views

Apache Cordova vulnerable to improper application of whitelist restrictions

Overview Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. Android applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Muneaki Nishimura of Sony Digita...

4.3CVSS6.8AI score0.04216EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/27 4:29 a.m.•4 views

ManageEngine Firewall Analyzer fails to restrict access permissions

Overview ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a vulnerability where access permissions are not restricted. Mukai Akihito, Hasegawa Tomoshige report...

7.5CVSS6.5AI score0.07097EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:21 a.m.•4 views

Kirby vulnerable to arbitrary file creation

Overview Kirby is a content management system CMS. Kirby contains a vulnerability that may allow a remote attacker to create arbitrary files. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS7AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:20 a.m.•4 views

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. Note that this vulnerability is different from JVN71088919. Kenta Suefusa and Tomonori Shiom...

6.8CVSS6.9AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/13 5:25 a.m.•4 views

pWebManager vulnerable to OS command injection

Overview pWebManager provided by PC-EGG Co.,Ltd. contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS command may be executed on t...

6.5CVSS7.3AI score0.01302EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/13 5:25 a.m.•4 views

Apple OS X authentication issue when recovering from sleep mode

Overview Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this...

3.7CVSS6.9AI score0.00335EPSS
Exploits0References5
Total number of security vulnerabilities5000