Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:56 a.m.•3 views

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

4.7CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/12 6:59 a.m.•3 views

Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates

Overview Akerun - Smart Lock Robot App for iOS provided by Photosynth Inc. fails to verify SSL server certificates. Kenta Suefusa, Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

8.1CVSS6.5AI score0.00881EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 4:50 a.m.•3 views

Vine MV vulnerable to cross-site scripting

Overview Vine MV contains a cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's web browser. Solution Updat...

6.1CVSS6AI score0.01417EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 4:45 a.m.•3 views

EXPRESSCLUSTER X vulnerable to directory traversal

Overview EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.8CVSS6.5AI score0.03821EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•3 views

HOME SPOT CUBE vulnerable to clickjacking

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a clickjacking vulnerabilitiy. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.8AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•3 views

HOME SPOT CUBE vulnerable to cross-site request forgery

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site request forgery vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

7.5CVSS6.8AI score0.00556EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/18 5:24 a.m.•3 views

Shoplat App for iOS issue in the verification of SSL certificates

Overview Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A connection to a server using a...

7.5CVSS6.5AI score0.00706EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/17 6:19 a.m.•3 views

Adobe Flash Player issue where iframe contents may be overwritten

Overview Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten. Tokuji Akamine reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.8CVSS6.5AI score0.04308EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:51 a.m.•3 views

WL-330NUL vulnerable to cross-site scripting

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:41 a.m.•3 views

WL-330NUL vulnerable to remote command execution

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.3CVSS7.2AI score0.0223EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/07 5:21 a.m.•3 views

GANMA! App for iOS fails to verify SSL server certificates

Overview GANMA! App for iOS provided by COMICSMART INC. fails to verify SSL server certificates. Yuji Tounai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker t...

5.9CVSS6.4AI score0.00696EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•3 views

p++BBS vulnerable to cross-site scripting

Overview p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•3 views

Frame high-speed chat vulnerable to cross-site scripting

Overview Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00765EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/27 4:29 a.m.•3 views

Apache Cordova vulnerable to improper application of whitelist restrictions

Overview Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. Android applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Muneaki Nishimura of Sony Digita...

4.3CVSS6.8AI score0.04216EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:21 a.m.•3 views

Kirby vulnerable to arbitrary file creation

Overview Kirby is a content management system CMS. Kirby contains a vulnerability that may allow a remote attacker to create arbitrary files. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS7AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:20 a.m.•3 views

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. Note that this vulnerability is different from JVN71088919. Kenta Suefusa and Tomonori Shiom...

6.8CVSS6.9AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:20 a.m.•3 views

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Note that this vulnerability is different from JVN64625488. Kenta Suefusa and Tomonori Shiom...

5.4CVSS7AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/13 5:25 a.m.•3 views

pWebManager vulnerable to OS command injection

Overview pWebManager provided by PC-EGG Co.,Ltd. contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS command may be executed on t...

6.5CVSS7.3AI score0.01302EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 4:46 a.m.•3 views

Enisys Gw fails to restrict access permissions

Overview Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw fails to restrict access permissions. Impact A remote unauthenticated attacker may be access to an arbitrary file uploaded on the product. Solution Update the Software Update to the latest version...

5CVSS7AI score0.01423EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 4:37 a.m.•3 views

Enisys Gw vulnerable to SQL injection

Overview Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains an SQL injection vulnerability CWE-89. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

7.5CVSS7.7AI score0.01271EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/16 5:0 a.m.•3 views

AirDroid for Android vulnerable in handling of implicit intents

Overview AirDroid for Android provided by SAND STUDIO contains a vulnerability in the handling of implicit intents. Gaku Mochizuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Information in AirDroid may ...

4.3CVSS6.5AI score0.00893EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/16 5:0 a.m.•3 views

Avast vulnerable to directory traversal

Overview Avast contains an issue in processing archive files, which may result in a directory traversal CWE-22 vulnerability. When an archive file such as zip is detected as containing a virus and the included virus file is being moved or deleted, the operation is done to the file path inside the...

6.4CVSS6.8AI score0.02969EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/07 5:48 a.m.•3 views

Multiple PHP code execution vulnerabilitles in Cybozu Garoon

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities. CyVDB-863 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, CyVDB-867 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code CVE-2015-5646...

8.5CVSS8AI score0.0169EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 4:36 a.m.•3 views

Dotclear vulnerable to cross-site scripting

Overview Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a...

4.3CVSS6.1AI score0.0121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/01 5:11 a.m.•3 views

AjaXplorer vulnerable to directory traversal

Overview AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.7AI score0.01895EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:5 a.m.•3 views

MATCHA SNS access restriction bypass vulnerability

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains an access restriction bypass vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user without...

6.5CVSS6.6AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:5 a.m.•3 views

MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS7.7AI score0.01321EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:4 a.m.•3 views

MATCHA INVOICE vulnerable to SQL injection

Overview MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains multiple SQL injection CWE-89 vulnerabilities. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS7.5AI score0.01049EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/17 4:36 a.m.•3 views

H2O vulnerable to directory traversal

Overview H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Yusuke OSUMI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.8AI score0.01655EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•3 views

Photon vulnerable to URL whitelist bypass

Overview Photon provided by Newphoria Corporation Inc. is an application for Android built using "applican". Photon contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this...

6.8CVSS6.7AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•3 views

Auction Camera vulnerable to URL whitelist bypass

Overview Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:16 a.m.•3 views

Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.8CVSS6.8AI score0.01118EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 5:18 a.m.•3 views

Twit BBS vulnerable to cross-site scripting

Overview Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.2AI score0.0095EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 3:36 a.m.•3 views

desknet's NEO vulnerable to directory traversal

Overview desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Hiroyuki Yamashita of M Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4CVSS6.6AI score0.01557EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 6:13 a.m.•3 views

Microsoft Office discloses a file path of a local file

Overview When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Yosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.2AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 4:50 a.m.•3 views

Yodobashi App for Android vulnerable to arbitrary Java method execution

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.8CVSS7AI score0.02031EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•3 views

yoyaku_v41 vulnerable to arbitrary file creation

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7.3AI score0.02288EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:46 a.m.•3 views

Research Artisan Lite does not properly perform authentication

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite does not properly perform authentication CWE-592. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

5CVSS6.7AI score0.01344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/17 5:44 a.m.•3 views

PHP for Windows vulnerable to OS command injection

Overview PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Specifying a specially craft...

10CVSS7.5AI score0.05999EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 5:50 a.m.•3 views

LINE@ vulnerable to script injection

Overview LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...

5.9CVSS6.5AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 4:43 a.m.•3 views

MilkyStep fails to restrict access permissions

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Note that this vulnerability is different from JVN74280258. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5CVSS6.6AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:16 a.m.•3 views

Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An authenticated...

7.7CVSS7.8AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 4:42 a.m.•3 views

ZenPhoto20 vulnerable to cross-site scripting

Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.01181EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 4:42 a.m.•3 views

Zenphoto vulnerable to cross-site scripting

Overview Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6AI score0.01194EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/21 7:36 a.m.•3 views

Problem with directory permissions in JP1/Automatic Operation

Overview There is a problem of permissions on file transfer directory in JP1/Automatic Operation. Impact Malicious local users might refer or modify transferred files. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/19 4:40 a.m.•3 views

BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

Overview BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. KONDOU, Kazuhiro...

7.5CVSS9.8AI score0.2554EPSS
Exploits4References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/07 3:12 a.m.•3 views

bBlog vulnerable to cross-site request forgery

Overview bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to...

6.8CVSS6.7AI score0.00992EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 5:4 a.m.•3 views

WordPress theme flashy vulnerable to cross-site scripting

Overview flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user'...

4.3CVSS6.2AI score0.01973EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/24 5:10 a.m.•3 views

The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

Overview The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB is vulnerable to an issue contained in the Apache Struts 1 Validator, since it uses Apache Struts 1.2.9. The...

7.5CVSS8.5AI score0.21261EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 3:30 a.m.•3 views

MP Form Mail CGI eCommerce edition vulnerable to code injection

Overview MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

7.5CVSS7.1AI score0.02443EPSS
Exploits0References5
Total number of security vulnerabilities5000