Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/10 4:36 a.m.•3 views

WN-G300R3 vulnerable to OS command injection

Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

9CVSS7.6AI score0.01632EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/07 5:47 a.m.•3 views

Tablacus Explorer vulnerable to script injection

Overview Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS7.2AI score0.0137EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/30 5:37 a.m.•3 views

CentreCOM AR260S V2 vulnerable to privilege escalation

Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Ziv Chang of Trend Micro Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.8CVSS7.2AI score0.01916EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/23 3:23 a.m.•3 views

WordPress plugin "YOP Poll" vulnerable to cross-site scripting

Overview The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.9AI score0.00936EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/02 5:36 a.m.•3 views

Multiple I-O DATA network camera products vulnerable to buffer overflow

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS7.8AI score0.01592EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/02 5:36 a.m.•3 views

Multiple I-O DATA network camera products vulnerable to OS command injection

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

8.8CVSS8AI score0.01664EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 5:22 a.m.•3 views

WBCE CMS vulnerable to SQL injection

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains an SQL injection vulnerability CWE-89. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.2CVSS7.8AI score0.01294EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/17 6:13 a.m.•3 views

Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries

Overview 7-ZIP32.DLL is an open source library for compressing and decompressing 7z and zip format files. It can also create self-extracting archive files. Self-extracting archive files created by 7-ZIP32.DLL contain an issue with the DLL search path, which may lead to insecurely loading Dynamic...

7.8CVSS6.8AI score0.00816EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/15 7:20 a.m.•3 views

Apache Brooklyn vulnerable to cross-site request forgery

Overview Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains a cross-site request forgery vulnerability. It is known that proof-of-concept code to exploit these vulnerabilties exist. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

8.8CVSS7AI score0.01318EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/10 5:58 a.m.•3 views

Norton Download Manager may insecurely load Dynamic Link Libraries

Overview Norton Download Manager provided by Symantec Japan, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS6.8AI score0.0096EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:47 a.m.•3 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinate...

6.8CVSS7AI score0.00956EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:47 a.m.•3 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...

6.8CVSS7.9AI score0.01501EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:6 a.m.•3 views

Multiple cross-site scripting vulnerabilities in Webmin

Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.1CVSS6.2AI score0.01739EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/03 4:58 a.m.•3 views

Business LaLa Call App for Android fails to verify SSL server certificates

Overview Business LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00667EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/27 4:49 a.m.•3 views

CubeCart vulnerable to directory traversal

Overview CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.4AI score0.0247EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/20 5:1 a.m.•3 views

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

6.8CVSS7.4AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/16 5:41 a.m.•3 views

MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal

Overview Multiple AttacheCase products provided by MaruUo Factory contain a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Kazuki Furukawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.5CVSS6.6AI score0.03417EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 5:2 a.m.•3 views

Olive Diary DX vulnerable to cross-site scripting

Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...

6.1CVSS6.1AI score0.00886EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 5:1 a.m.•3 views

WEB SCHEDULE vulnerable to cross-site scripting

Overview WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the month parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use WEB SCHEDULE WEB SCHEDULE is no longer being developed or...

6.1CVSS6.1AI score0.0085EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/26 5:45 a.m.•3 views

WinSparkle issue where registry value is not validated

Overview When an application that uses WinSparkle is launched, it checks the directory used by WinSparkle for temporary files and deletes any temporary files. This directory path is specified in a registry key. In a situation where an attacker has modified the specific registry value used by this...

7.8CVSS6.8AI score0.02594EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 4:44 a.m.•3 views

Cybozu Garoon vulnerable to directory traversal

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability CWE-22. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Securit...

6.5CVSS6.7AI score0.02525EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 3:29 a.m.•3 views

Cybozu Garoon vulnerable to information disclosure

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability CWE-200. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...

8.8CVSS6.1AI score0.00818EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/12 5:49 a.m.•3 views

Access restriction bypass to delete DBM files in Cybozu Dezie

Overview Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to delete DBM Cybozu Dezie proprietary format files. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under th...

7.5CVSS6.8AI score0.01804EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/12 5:49 a.m.•3 views

Access restriction bypass to download DBM files in Cybozu Dezie

Overview Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to download DBM Cybozu Dezie proprietary format files. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under...

5.3CVSS6.8AI score0.01706EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/02 5:44 a.m.•3 views

WNC01WH vulnerable to enabling debug option

Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an enabling debug option vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.8CVSS6.5AI score0.01578EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/15 4:41 a.m.•3 views

DERAEMON-CMS vulnerable to cross-site scripting

Overview DERAEMON-CMS provided by TEAM DERAEMONS is a content management system CMS. install.php in DERAEMON-CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing of the parameters hostname, database and username. Satoshi Ogawa of Mitsui Bussan Secure Directions, In...

6.1CVSS6AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/02 7:21 a.m.•3 views

Access restriction bypass vulnerability in WFS-SR01

Overview WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of it...

7.5CVSS6.9AI score0.02016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 4:47 a.m.•3 views

mobiGate App fails to verify SSL server certificates

Overview mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to Nihon Unisys, Ltd., and Nihon Unisys, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

5.9CVSS6.5AI score0.00642EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•3 views

"Customapp" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. Impact ...

4.8CVSS6AI score0.00845EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/23 5:15 a.m.•3 views

Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...

6.1CVSS6AI score0.0168EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 5:31 a.m.•3 views

Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met. An attacker can place a specific file into the system The attacker can execute a specific API fr...

4.7CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 5:11 a.m.•3 views

Zend Framework vulnerable to SQL injection

Overview Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC...

9.8CVSS7.6AI score0.04124EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/31 6:33 a.m.•3 views

Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection

Overview Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

7.8CVSS7.6AI score0.01534EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/05 4:41 a.m.•3 views

Android stock browser vulnerable to denial-of-service (DoS)

Overview The Android stock browser contains a denial-of-service DoS vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When receiving a specially crafted packet, th...

4.3CVSS6.6AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/02 4:50 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/30 4:53 a.m.•3 views

Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Overview Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. TERASOLUNA FWStruts1 Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS8.7AI score0.35927EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 5:12 a.m.•3 views

WordPress plugin "Welcart e-Commerce" vulnerable to session management

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.5CVSS6.7AI score0.01772EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 4:43 a.m.•3 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN55826471. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

6.1CVSS6.1AI score0.01491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 5:56 a.m.•3 views

CG-WLBARGL vulnerable to command injection

Overview CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8CVSS7.2AI score0.01067EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•3 views

Cybozu Garoon function "Portlets" vulnerable to access restriction bypass

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "Portlets". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may create a portlet which does not belong any...

8.1CVSS6.5AI score0.0123EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•3 views

Cybozu Garoon vulnerable to open redirect

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC an...

7.4CVSS6.6AI score0.01789EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 5:7 a.m.•3 views

Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal

Overview kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7AI score0.02181EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/19 4:37 a.m.•3 views

Web Mailing List vulnerable to cross-site scripting

Overview Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01417EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 7:14 a.m.•3 views

Cybozu KUNAI App fails to verify SSL server certificates

Overview Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates. Kusano Kazuhiko reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

6.8CVSS6.5AI score0.01194EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/19 4:44 a.m.•3 views

Photopt App fails to verify SSL server certificates

Overview Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Yuto Iso reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

5.9CVSS6.5AI score0.0084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/13 5:30 a.m.•3 views

Tokyo Star bank App fails to verify SSL server certificates

Overview Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00989EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•3 views

ActiveX control for EVA Animator vulnerable to buffer overflow

Overview ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.8CVSS7.6AI score0.01147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:42 a.m.•3 views

EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

9.1CVSS7.6AI score0.01361EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:20 a.m.•3 views

Cybozu Office vulnerable to open redirect

Overview Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

7.4CVSS6.6AI score0.01254EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:43 a.m.•3 views

Cybozu Office vulnerable to denial-of-service (DoS)

Overview Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.5AI score0.01609EPSS
Exploits0References8
Total number of security vulnerabilities5000