Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/15 7:20 a.m.•3 views

Apache Brooklyn vulnerable to cross-site request forgery

Overview Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains a cross-site request forgery vulnerability. It is known that proof-of-concept code to exploit these vulnerabilties exist. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

8.8CVSS7AI score0.01318EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/10 5:58 a.m.•3 views

Norton Download Manager may insecurely load Dynamic Link Libraries

Overview Norton Download Manager provided by Symantec Japan, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS6.8AI score0.0096EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:47 a.m.•3 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinate...

6.8CVSS7AI score0.00956EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:47 a.m.•3 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC...

6.8CVSS7.9AI score0.01501EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 5:6 a.m.•3 views

Multiple cross-site scripting vulnerabilities in Webmin

Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.1CVSS6.2AI score0.01739EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/03 4:58 a.m.•3 views

Business LaLa Call App for Android fails to verify SSL server certificates

Overview Business LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00667EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/27 4:49 a.m.•3 views

CubeCart vulnerable to directory traversal

Overview CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.4AI score0.0247EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/20 5:1 a.m.•3 views

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

6.8CVSS7.4AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 5:2 a.m.•3 views

Olive Diary DX vulnerable to cross-site scripting

Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...

6.1CVSS6.1AI score0.00886EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 5:1 a.m.•3 views

WEB SCHEDULE vulnerable to cross-site scripting

Overview WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the month parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use WEB SCHEDULE WEB SCHEDULE is no longer being developed or...

6.1CVSS6.1AI score0.0085EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/26 5:45 a.m.•3 views

Wireshark for Windows issue where an arbitrary file may be deleted

Overview Wireshark for Windows uses a software updating library called WinSparkle. Wireshark for Windows contains an issue where an arbitrary directory of file may be deleted due to an issue contained in WinSparkle JVN96681653. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported...

7.8CVSS6.8AI score0.02594EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 4:44 a.m.•3 views

Cybozu Garoon vulnerable to directory traversal

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability CWE-22. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Securit...

6.5CVSS6.7AI score0.02525EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 3:29 a.m.•3 views

Cybozu Garoon vulnerable to information disclosure

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability CWE-200. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...

8.8CVSS6.1AI score0.00818EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/12 5:49 a.m.•3 views

Access restriction bypass to delete DBM files in Cybozu Dezie

Overview Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to delete DBM Cybozu Dezie proprietary format files. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under th...

7.5CVSS6.8AI score0.01804EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/12 5:49 a.m.•3 views

Access restriction bypass to download DBM files in Cybozu Dezie

Overview Cybozu Dezie provided by Cybozu,Inc. contains an access restriction bypass vulnerability to download DBM Cybozu Dezie proprietary format files. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under...

5.3CVSS6.8AI score0.01706EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/02 5:44 a.m.•3 views

WNC01WH vulnerable to enabling debug option

Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an enabling debug option vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.8CVSS6.5AI score0.01578EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/15 4:41 a.m.•3 views

DERAEMON-CMS vulnerable to cross-site scripting

Overview DERAEMON-CMS provided by TEAM DERAEMONS is a content management system CMS. install.php in DERAEMON-CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing of the parameters hostname, database and username. Satoshi Ogawa of Mitsui Bussan Secure Directions, In...

6.1CVSS6AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•3 views

"Customapp" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. Impact ...

4.8CVSS6AI score0.00845EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/23 5:15 a.m.•3 views

Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...

6.1CVSS6AI score0.0168EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 5:31 a.m.•3 views

Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met. An attacker can place a specific file into the system The attacker can execute a specific API fr...

4.7CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 5:11 a.m.•3 views

Zend Framework vulnerable to SQL injection

Overview Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC...

9.8CVSS7.6AI score0.04124EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/05 4:41 a.m.•3 views

Android stock browser vulnerable to denial-of-service (DoS)

Overview The Android stock browser contains a denial-of-service DoS vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When receiving a specially crafted packet, th...

4.3CVSS6.6AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/02 4:50 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/30 4:53 a.m.•3 views

Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Overview Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. TERASOLUNA FWStruts1 Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS8.7AI score0.35927EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 5:12 a.m.•3 views

WordPress plugin "Welcart e-Commerce" vulnerable to session management

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.5CVSS6.7AI score0.01772EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 4:43 a.m.•3 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN55826471. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

6.1CVSS6.1AI score0.01491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 5:56 a.m.•3 views

CG-WLBARGL vulnerable to command injection

Overview CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8CVSS7.2AI score0.01067EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 7:18 a.m.•3 views

Trend Micro Internet Security vulnerable to arbitrary script execution

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability that may allow arbitrary script execution. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro...

6.1CVSS6.9AI score0.01636EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 5:7 a.m.•3 views

Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal

Overview kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7AI score0.02181EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 3:27 a.m.•3 views

php-contact-form vulnerable to cross-site scripting

Overview php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

6.1CVSS6AI score0.01633EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/19 4:37 a.m.•3 views

Web Mailing List vulnerable to cross-site scripting

Overview Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01417EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/22 4:49 a.m.•3 views

Electron may insecurely load Node modules

Overview Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript. Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron...

7.8CVSS6.9AI score0.00431EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/19 4:44 a.m.•3 views

Photopt App fails to verify SSL server certificates

Overview Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Yuto Iso reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

5.9CVSS6.5AI score0.0084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/13 5:30 a.m.•3 views

Tokyo Star bank App fails to verify SSL server certificates

Overview Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00989EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•3 views

baserCMS plugin "Menubook Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Menubook Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•3 views

ActiveX control for EVA Animator vulnerable to buffer overflow

Overview ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.8CVSS7.6AI score0.01147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:42 a.m.•3 views

EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

9.1CVSS7.6AI score0.01361EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:20 a.m.•3 views

Cybozu Office vulnerable to open redirect

Overview Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

7.4CVSS6.6AI score0.01254EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:43 a.m.•3 views

Cybozu Office vulnerable to denial-of-service (DoS)

Overview Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.5AI score0.01609EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:56 a.m.•3 views

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

4.7CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 4:45 a.m.•3 views

EXPRESSCLUSTER X vulnerable to directory traversal

Overview EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.8CVSS6.5AI score0.03821EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/18 5:24 a.m.•3 views

Shoplat App for iOS issue in the verification of SSL certificates

Overview Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A connection to a server using a...

7.5CVSS6.5AI score0.00706EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/17 6:19 a.m.•3 views

Adobe Flash Player issue where iframe contents may be overwritten

Overview Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten. Tokuji Akamine reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.8CVSS6.5AI score0.04308EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:38 a.m.•3 views

WL-330NUL information management vulnerability

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6.5AI score0.00632EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/07 5:21 a.m.•3 views

GANMA! App for iOS fails to verify SSL server certificates

Overview GANMA! App for iOS provided by COMICSMART INC. fails to verify SSL server certificates. Yuji Tounai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker t...

5.9CVSS6.4AI score0.00696EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•3 views

p++BBS vulnerable to cross-site scripting

Overview p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•3 views

Frame high-speed chat vulnerable to cross-site scripting

Overview Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00765EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:21 a.m.•3 views

Kirby vulnerable to arbitrary file creation

Overview Kirby is a content management system CMS. Kirby contains a vulnerability that may allow a remote attacker to create arbitrary files. Yuji Tounai of NTT Com SecurityJapanKK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS7AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:20 a.m.•3 views

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Note that this vulnerability is different from JVN64625488. Kenta Suefusa and Tomonori Shiom...

5.4CVSS7AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/30 6:16 a.m.•3 views

HTML::Scrubber vulnerable to cross-site scripting

Overview HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Toshiharu Sugiyama and Ryo Murakami of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

2.6CVSS6AI score0.02092EPSS
Exploits0References5
Total number of security vulnerabilities5000