Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/19 4:44 a.m.•3 views

Photopt App fails to verify SSL server certificates

Overview Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Yuto Iso reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

5.9CVSS6.5AI score0.0084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/13 5:30 a.m.•3 views

Tokyo Star bank App fails to verify SSL server certificates

Overview Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00989EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•3 views

baserCMS plugin "Menubook Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Menubook Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•3 views

ActiveX control for EVA Animator vulnerable to buffer overflow

Overview ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.8CVSS7.6AI score0.01147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:43 a.m.•3 views

Cybozu Office vulnerable to denial-of-service (DoS)

Overview Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.5AI score0.01609EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:56 a.m.•3 views

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

4.7CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 5:6 a.m.•3 views

JOB-CUBE vulnerable to cross-site scripting

Overview JOB-CUBE provided by WEBSQUARE Co.,Ltd. is software to build websites. JOB-CUBE contains a cross-site scripting vulnerability CWE-79. Masamu Asato of National institute of Technology,Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS6AI score0.0085EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 4:45 a.m.•3 views

EXPRESSCLUSTER X vulnerable to directory traversal

Overview EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.8CVSS6.5AI score0.03821EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/18 5:24 a.m.•3 views

Shoplat App for iOS issue in the verification of SSL certificates

Overview Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A connection to a server using a...

7.5CVSS6.5AI score0.00706EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/17 6:19 a.m.•3 views

Adobe Flash Player issue where iframe contents may be overwritten

Overview Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten. Tokuji Akamine reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.8CVSS6.5AI score0.04308EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:38 a.m.•3 views

WL-330NUL information management vulnerability

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6.5AI score0.00632EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•3 views

Frame high-speed chat vulnerable to cross-site scripting

Overview Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00765EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 5:20 a.m.•3 views

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Note that this vulnerability is different from JVN64625488. Kenta Suefusa and Tomonori Shiom...

5.4CVSS7AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/30 6:16 a.m.•3 views

HTML::Scrubber vulnerable to cross-site scripting

Overview HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Toshiharu Sugiyama and Ryo Murakami of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

2.6CVSS6AI score0.02092EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 4:46 a.m.•3 views

Enisys Gw fails to restrict access permissions

Overview Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw fails to restrict access permissions. Impact A remote unauthenticated attacker may be access to an arbitrary file uploaded on the product. Solution Update the Software Update to the latest version...

5CVSS7AI score0.01423EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 5:12 a.m.•3 views

Dojo Toolkit vulnerable to cross-site scripting

Overview Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6AI score0.02224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/07 5:48 a.m.•3 views

Multiple PHP code execution vulnerabilitles in Cybozu Garoon

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities. CyVDB-863 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, CyVDB-867 Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code CVE-2015-5646...

8.5CVSS8AI score0.0169EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 4:36 a.m.•3 views

gollum vulnerable to file exposure

Overview gollum is a wiki system that uses git repositories. gollum contains a vulnerability which may allow an attacker to view arbitrary files on the server. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.7AI score0.01876EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/01 5:11 a.m.•3 views

AjaXplorer vulnerable to directory traversal

Overview AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.7AI score0.01895EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:5 a.m.•3 views

MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS7.7AI score0.01321EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/17 4:36 a.m.•3 views

H2O vulnerable to directory traversal

Overview H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Yusuke OSUMI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.8AI score0.01655EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•3 views

Reversi vulnerable to URL whitelist bypass

Overview Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•3 views

Auction Camera vulnerable to URL whitelist bypass

Overview Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:17 a.m.•3 views

PIXMA MG7500 Series vulnerable to cross-site request forgery

Overview PIXMA MG7500 Series provided by Canon Inc. contain a cross-site request forgery vulnerability. TOMITA Ryo of Fukuoka Junior High School attached to the Fukuoka University of Education FUE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6.7AI score0.00649EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:16 a.m.•3 views

Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.8CVSS6.8AI score0.01118EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/03 5:46 a.m.•3 views

hitSuji (rktSNS2) vulnetable to cross-site scripting

Overview hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this...

4.3CVSS6.2AI score0.0095EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/02 6:46 a.m.•3 views

NScripter vulnerable to buffer overflow

Overview NScripter is a script engine to build and execute games. NScripter contains a buffer overflow vulnerability due to a flaw in processing save data. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS7.6AI score0.02728EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 5:18 a.m.•3 views

Twit BBS vulnerable to cross-site scripting

Overview Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.2AI score0.0095EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 3:36 a.m.•3 views

desknet's NEO vulnerable to directory traversal

Overview desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Hiroyuki Yamashita of M Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4CVSS6.6AI score0.01557EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 6:13 a.m.•3 views

Microsoft Office discloses a file path of a local file

Overview When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Yosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.2AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 4:50 a.m.•3 views

Yodobashi App for Android vulnerable to arbitrary Java method execution

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.8CVSS7AI score0.02031EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 4:50 a.m.•3 views

Yodobashi App for Android fails to verify SSL server certificates

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. fails to verify SSL server certificates. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack ma...

5.9CVSS6.5AI score0.00828EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•3 views

yoyaku_v41 vulnerable to authentication bypass

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS7AI score0.01277EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/28 4:47 a.m.•3 views

Gazou BBS plus vulnerability in file upload processing

Overview Gazou BBS plus provided by LEMON-S PHP contains a vulnerability in the processing of file uploads. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An image file may be specially crafted t...

5CVSS6.7AI score0.01344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:46 a.m.•3 views

Research Artisan Lite does not properly perform authentication

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite does not properly perform authentication CWE-592. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

5CVSS6.7AI score0.01344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:36 a.m.•3 views

Research Artisan Lite vulnerable to cross-site scripting

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 5:50 a.m.•3 views

LINE@ vulnerable to script injection

Overview LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...

5.9CVSS6.5AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 5:41 a.m.•3 views

Cacti vulnerable to cross-site scripting

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IP...

4.3CVSS5.8AI score0.05739EPSS
Exploits6References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 6:53 a.m.•3 views

osCommerce Japanese version vulnerable to directory traversal

Overview osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a directory traversal vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4CVSS6.7AI score0.01982EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 4:43 a.m.•3 views

MilkyStep fails to restrict access permissions

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Note that this vulnerability is different from JVN74280258. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5CVSS6.6AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:16 a.m.•3 views

Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An authenticated...

7.7CVSS7.8AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 4:42 a.m.•3 views

ZenPhoto20 vulnerable to cross-site scripting

Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.01181EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/28 4:42 a.m.•3 views

Zenphoto vulnerable to cross-site scripting

Overview Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6AI score0.01194EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/21 7:37 a.m.•3 views

Information Disclosure Vulnerability in JP1/Integrated Management - Universal CMDB

Overview An information disclosure vulnerability was found in JP1/Integrated Management - Universal CMDB. Impact When UCMDB server uses UD probe DFM probe, malicious remote users can acquire data stored in UD probe DFM probe, by sending crafted HTTP request to server. Solution Please refer to the...

5.8CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/21 7:36 a.m.•3 views

Problem with directory permissions in JP1/Automatic Operation

Overview There is a problem of permissions on file transfer directory in JP1/Automatic Operation. Impact Malicious local users might refer or modify transferred files. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.3CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/19 4:40 a.m.•3 views

BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

Overview BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. KONDOU, Kazuhiro...

7.5CVSS9.8AI score0.2554EPSS
Exploits4References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/07 3:12 a.m.•3 views

bBlog vulnerable to cross-site request forgery

Overview bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to...

6.8CVSS6.7AI score0.00992EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 5:4 a.m.•3 views

WordPress theme flashy vulnerable to cross-site scripting

Overview flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user'...

4.3CVSS6.2AI score0.01973EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/24 5:10 a.m.•3 views

The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

Overview The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB is vulnerable to an issue contained in the Apache Struts 1 Validator, since it uses Apache Struts 1.2.9. The...

7.5CVSS8.5AI score0.21261EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 3:30 a.m.•3 views

MP Form Mail CGI eCommerce edition vulnerable to code injection

Overview MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

7.5CVSS7.1AI score0.02443EPSS
Exploits0References5
Total number of security vulnerabilities5000