Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/12/01 5:59 a.m.•3 views

Cross-site Scripting Vulnerability in JP1/Operations Analytics

Overview A cross-site scripting vulnerability was found in JP1/Operations Analytics. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.1CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/16 5:3 a.m.•3 views

Robotic appliance COCOROBO vulnerable to session management

Overview Robotic appliance COCOROBO provided by Sharp Corporation is a robot with cleaning function. Robotic appliance COCOROBO contains a vulnerability in session management CWE-639. Kiyotaka ATSUMI of IoT Technology Laboratory, Cyber Grid Japan, LAC Co., Ltd. reported this vulnerability to IPA...

4.6CVSS6.7AI score0.00421EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/13 6:30 a.m.•3 views

CS-Cart Japanese Edition vulnerable to cross-site scripting

Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site scripting vulnerabulity CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.4CVSS6.1AI score0.00538EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/02 4:57 a.m.•3 views

Installer of "Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries

Overview Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

7.8CVSS6.8AI score0.00911EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/18 5:22 a.m.•3 views

XXE Vulnerability in Hitachi Command Suite

Overview An XXE XML External Entity Vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

8.1CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/10/17 7:26 a.m.•3 views

RMI Vulnerability in Hitachi Tuning Manager

Overview A RMI Vulnerability was found in Hitachi Tuning Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/04 3:14 a.m.•3 views

Denial-of-service (DoS) Vulnerability in JP1 and Hitachi IT Operations Director

Overview A vulnerability to denial-of-service attacks was found in JP1 and Hitachi IT Operations Director. Impact An attacker may conduct denial-of-service attacks. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.3CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/28 4:46 a.m.•3 views

Denial-of-service (DoS) Vulnerability in HiRDB

Overview A vulnerability to denial-of-service attacks was found in HiRDB. Impact A vulnerability to denial-of-service attacks was found in HiRDB. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.3CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 6:2 a.m.•3 views

Installer of "Flets Install Tool" may insecurely load Dynamic Link Libraries

Overview Installer of "Flets Install Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 5:50 a.m.•3 views

Installer of Optimal Guard may insecurely load Dynamic Link Libraries

Overview Installer of Optimal Guard provided by OPTiM Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.3CVSS6.8AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 5:50 a.m.•3 views

Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries

Overview The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 5:50 a.m.•3 views

Installer of "Security Kinou Mihariban" may insecurely load Dynamic Link Libraries

Overview Installer of "Security Kinou Mihariban" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS6.8AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/24 5:3 a.m.•3 views

Multiple vulnerabilities in WebCalendar

Overview WebCalendar provided by k5n.us contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-10840 Directory traversal CWE-22 - CVE-2017-10841 The following researchers reported vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...

6.1CVSS6.3AI score0.02353EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/21 5:30 a.m.•3 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS vulnerability in the application menu's edit function CWE-20 - CVE-2017-2254 Stored cross-site scripting in the "Rich text" function of the application "Space" CWE-79 -...

6.1CVSS6.1AI score0.01326EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/27 5:31 a.m.•3 views

Installer of LhaForge may insecurely load Dynamic Link Libraries

Overview LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

9.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/24 6:8 a.m.•3 views

Installer of Tween may insecurely load Dynamic Link Libraries

Overview Tween is a twitter client application. Installer of Tween contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/24 4:52 a.m.•3 views

WordPress plugin "Simple Custom CSS and JS" vulnerable to cross-site scripting

Overview The WordPress plugin "Simple Custom CSS and JS" provided by SilkyPress contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS5.9AI score0.01466EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/24 4:52 a.m.•3 views

WordPress plugin "Popup Maker" vulnerable to cross-site scripting

Overview The WordPress plugin "Popup Maker" provided by Popup Maker contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary scri...

6.1CVSS5.9AI score0.01634EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/21 4:39 a.m.•3 views

gSOAP vulnerable to stack-based buffer overflow

Overview gSOAP library provided by Genivia contains a stack-based buffer overflowCWE-121. Processing a crafted SOAP message sent by a remote attacker may result in code execution. Impact Processing a crafted SOAP message sent by a remote attacker may result in code execution. Solution Update to t...

8.1CVSS7.5AI score0.21894EPSS
Exploits2References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/19 6:44 a.m.•3 views

Multiple Vulnerabilities in Hitachi Automation Director and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Automation Director and Hitachi Infrastructure Analytics Advisor. Impact They may conduct the attacks listed below. Cross-site Scripting XXE XML External Entity Open Redirect Solution Please refer to the 'Vendor Information' section for...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/04 5:43 a.m.•3 views

Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries

Overview Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and BlackWingCat of Pink...

7.8CVSS7.2AI score0.01124EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/03 6:22 a.m.•3 views

Cybozu Garoon vulnerable to session fixation

Overview Cybozu Garoon provided by Cybozu, Inc. contains a session fixation. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A remote unauthenticated attacker may perform unintended operation with the logged-in user's privilege. Solution...

5.8CVSS6.8AI score0.00851EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/03 5:14 a.m.•3 views

Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries

Overview The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability...

9.3CVSS6.9AI score0.01231EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/30 5:18 a.m.•3 views

Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries

Overview Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and Eili Masami of Tachibana Lab. reported this...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/26 5:28 a.m.•3 views

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Overview Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this...

9.8CVSS6.8AI score0.01468EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/20 4:59 a.m.•3 views

Multiple I-O DATA network camera products vulnerable to cross-site request forgery

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability CWE-352. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

8.8CVSS6.7AI score0.00913EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/15 5:32 a.m.•3 views

WordPress plugin "WP Job Manager" fails to restrict access permissions

Overview The WordPress plugin "WP Job Manager" provided by Automattic Inc. fails to restrict access permissions. Katsunori Kumagai of Kumasan, LLC. reported this issue to IPA under Information Security Early Warning Partnership. Impact A remote unauthenticated attacker may upload an image file to...

5.3CVSS7.1AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/13 5:11 a.m.•3 views

Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.1CVSS6AI score0.01432EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/08 6:31 a.m.•3 views

The installer of PatchJGD provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of PatchJGD PatchJGD101.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.2AI score0.00893EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:20 a.m.•3 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an information disclosure vulnerability. Masato Kinugawa reported this vulnerability to IPA...

4.3CVSS5.9AI score0.0114EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/05 4:47 a.m.•3 views

Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries

Overview Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to...

7.8CVSS6.9AI score0.01093EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 7:40 a.m.•3 views

RW-4040 tool to verify execution environment may insecurely load Dynamic Link Libraries

Overview RW-4040 tool to verify execution environment for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of...

9.3CVSS7AI score0.01644EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 5:42 a.m.•3 views

Installer of Tera Term may insecurely load Dynamic Link Libraries

Overview The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

9.3CVSS7AI score0.02029EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/24 5:41 a.m.•3 views

SSL Visibility Appliance may generate illegal RST packets

Overview SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management. It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web...

7.2CVSS6.8AI score0.01453EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 5:57 a.m.•3 views

The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries

Overview The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

7.8CVSS7.1AI score0.01419EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 5:53 a.m.•3 views

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. report...

5.4CVSS6.1AI score0.00891EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 5:0 a.m.•3 views

Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting

Overview Multiple WordPress Plugins provided by BestWebSoft use a common function for displaying the BestWebSoft menu. This function contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.1CVSS6AI score0.00886EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 4:58 a.m.•3 views

WordPress plugin "WP Booking System" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA...

6.1CVSS5.9AI score0.01379EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/11 4:37 a.m.•3 views

The installer of SOY CMS vulnerable to cross-site scripting

Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this...

6.1CVSS6AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/09 4:52 a.m.•3 views

The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Note that this...

7.8CVSS6.9AI score0.00505EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/09 4:52 a.m.•3 views

Nessus vulnerable to cross-site scripting

Overview Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CWE-79 CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found a...

5.4CVSS5.8AI score0.00775EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/20 6:11 a.m.•3 views

Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries

Overview Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...

7.8CVSS6.9AI score0.01173EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/20 6:11 a.m.•3 views

WordPress plugin "Booking Calendar" vulnerable to directory traversal

Overview The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A local file outside of th...

5.8CVSS6.4AI score0.02397EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/11 7:5 a.m.•3 views

Cybozu Office fails to restrict access permission in the templates delete function in "customapp"

Overview Cybozu Office contains an access restriction flaw in the templates delete function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

5.5CVSS6.7AI score0.01206EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/11 7:5 a.m.•3 views

The design setting screen in Cybozu Office vulnerable to cross-site scripting

Overview The design setting screen in Cybozu Office contains a cross-site scripting vulnerability. Kazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

5.4CVSS6AI score0.00872EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/10 4:36 a.m.•3 views

WN-G300R3 vulnerable to OS command injection

Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

9CVSS7.6AI score0.01632EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/07 5:47 a.m.•3 views

Tablacus Explorer vulnerable to script injection

Overview Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS7.2AI score0.0137EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/23 3:23 a.m.•3 views

WordPress plugin "YOP Poll" vulnerable to cross-site scripting

Overview The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.9AI score0.00936EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/16 4:32 a.m.•3 views

Security guide for website operators vulnerable to OS command injection

Overview Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. This vulnerability was reported by IPA to notify users of its solution through JVN. JPCERT/CC a...

8.8CVSS7.6AI score0.01596EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/02 5:36 a.m.•3 views

Multiple I-O DATA network camera products vulnerable to buffer overflow

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS7.8AI score0.01592EPSS
Exploits0References5
Total number of security vulnerabilities5000