Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/06 7:49 a.m.•3 views

PowerChute Business Edition vulnerable to cross-site scripting

Overview PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported th...

4.3CVSS6AI score0.00921EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/21 9:23 a.m.•3 views

Nikki vulnerable to OS command injection

Overview Nikki from HP no Mawashimono contains an OS command injection vulnerability. Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.5CVSS7.3AI score0.02262EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/21 9:22 a.m.•3 views

Nikki vulnerable to directory traversal

Overview Nikki from HP no Mawashimono contains a directory traversal vulnerability. Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.5CVSS6.8AI score0.0174EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 8:49 a.m.•3 views

Touhou Hisouten vulnerable to denial-of-service

Overview Touhou Hisouten from Twilight Frontier contains a denial-of-service DoS vulnerability. Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Yu...

5CVSS6.6AI score0.01409EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 8:39 a.m.•3 views

FFFTP may insecurely load executable files

Overview FFFTP may use unsafe methods for determining how to load executables .exe FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.5AI score0.02343EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 10:27 a.m.•3 views

WEB FORUM vulnerable to cross-site scripting

Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure...

4.3CVSS5.8AI score0.01656EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 10:19 a.m.•3 views

Sage vulnerable to arbitrary script execution

Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN30221194. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...

9.3CVSS6.8AI score0.0339EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 8:12 a.m.•3 views

Samba Web Administration Tool vulnerable to cross-site request forgery

Overview Samba Web Administration Tool SWAT contains a cross-site request forgery vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samb...

6.8CVSS6.5AI score0.10046EPSS
Exploits6References21
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/10 8:17 a.m.•3 views

Windows URL Protocol Handler may insecurely load executable files

Overview Windows URL Protocol Handler may use unsafe methods for determining how to load executable .exe files. Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executab...

9.3CVSS7.5AI score0.3434EPSS
Exploits5References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 7:27 a.m.•3 views

Google Search Appliance vulnerable to cross-site scripting

Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...

4.3CVSS6.1AI score0.00489EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 8:55 a.m.•3 views

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview The standard search page of Accela BizSearch contains a cross-site scripting vulnerability. Impact By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page the "targeted website" via the Internet, a remote attacker could execute...

4.3CVSS6.6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/20 6:37 a.m.•3 views

WeblyGo vulnerable to cross-site scripting

Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...

4.3CVSS6.1AI score0.01086EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:28 a.m.•3 views

Microsoft MSXML vulnerability in HTTP request processing

Overview MSXML provided by Microsoft contains a vulnerability in the processing of HTTP requests. MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to...

4.3CVSS6.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:25 a.m.•3 views

Microsoft Outlook read receipt function vulnerability

Overview Microsoft Outlook contains a vulnerability in the read receipt function. Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Ayako Kozakai of NTT DATA SECURITY CORPORATION...

2.6CVSS6.4AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/19 7:49 a.m.•3 views

iVIEW Suite vulnerable to SQL injection

Overview iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to...

7.5CVSS7.6AI score0.01258EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 11:37 p.m.•3 views

Multiple Buffalo routers vulnerable to cross-site request forgery

Overview Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management...

5.8CVSS6.7AI score0.00475EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/08 5:9 a.m.•3 views

Password Vault Web Access vulnerable to cross-site scripting

Overview Password Vault Web Access PVWA provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerabilit...

4.3CVSS5.9AI score0.01053EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/01 6:52 a.m.•3 views

Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability

Overview Hitachi Tuning Manager Software contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/27 11:11 p.m.•3 views

Picasa may insecurely load executable files

Overview Picasa may use unsafe methods for determining how to load executables .exe Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load...

6.9CVSS7.5AI score0.0032EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/02/23 6:41 a.m.•3 views

Lunascape may insecurely load executable files

Overview Lunascape may use unsafe methods for determining how to load executables .exe. Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki...

6.2CVSS7.5AI score0.00285EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/07 5:39 a.m.•3 views

SquirrelMail vulnerable to cross-site scripting

Overview SquirrelMail contains a cross-site scripting vulnerability. SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Yosuk...

4.3CVSS5.7AI score0.0253EPSS
Exploits1References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/14 6:21 a.m.•3 views

EUR Form Client Arbitrary File Execution Vulnerability

Overview EUR Form Client has an arbitrary file execution vulnerability. Impact A remote attacker could execute arbitrary file on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS7.5AI score0.05265EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/08 9:26 a.m.•3 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...

4.3CVSS6.2AI score0.0125EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/08 9:25 a.m.•3 views

Vulnerability in Epson printer driver installer where access permissions are changed

Overview A vulnerability in printer driver installers provided by Epson cause access permissions to a certain folder on the system to be changed. When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. A...

4.6CVSS6.7AI score0.00311EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/01 11:27 a.m.•3 views

Clipboard contents alteration vulnerability in Grani

Overview Grani contains a vulnerability in which the contents of the clipboard may be altered. Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the...

5.8CVSS6.5AI score0.00867EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/01 11:27 a.m.•3 views

Clipboard contents alteration vulnerability in Sleipnir

Overview Sleipnir contains a vulnerability in which the contents of the clipboard may be altered. Sleipnir, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Sleipnir is being used under certain settings, the conten...

5.8CVSS6.5AI score0.01007EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/04 10:10 a.m.•3 views

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from JVN01948274, and other issues that were previously published on JVN. Impact When opening a specially crafted file...

9.3CVSS8AI score0.06065EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/25 8:42 a.m.•3 views

Sleipnir and Grani may insecurely load dynamic libraries

Overview Sleipnir and Grani may use unsafe methods for determining how to load DLLs. Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurel...

6.9CVSS7.4AI score0.00287EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/20 8:41 a.m.•3 views

Archive Decoder may insecurely load executable files

Overview Archive Decoder may use unsafe methods for determining how to load executables .exe. Archive Decoder is a file extraction software that supports multiple file en extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Makoto...

6.9CVSS7.5AI score0.00283EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/20 8:41 a.m.•3 views

Explzh may insecurely load executable files

Overview Explzh may use unsafe methods for determining how to load executables .exe. Explzh is a file compression/extraction software supporting multiple file formats. Explzh loads certain executables .exe when extracting files. Explzh contains an issue with the file search path, which may...

6.9CVSS7.5AI score0.00365EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/20 8:40 a.m.•3 views

XacRett may insecurely load executable files

Overview XacRett may use unsafe methods for determining how to load executables .exe. XacRett is a file extraction software that supports many file formats. XacRett loads certain executables .exe when extracting files. XacRett contains an issue with the file search path, which may insecurely load...

9.3CVSS7.5AI score0.02218EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/18 10:37 a.m.•3 views

Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server

Overview Oracle iPlanet Web Server formerly Sun Java System Web Server contains a cross-site request forgery vulnerability. Oracle iPlanet Web Server formerly Sun Java System Web Server is a web server. Oracle iPlanet Web Server contains a cross-site request forgery vulnerability. Yoshihiro...

5.8CVSS6.5AI score0.02371EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/13 7:58 a.m.•3 views

Phishing Vulnerability in Accela BizSearch Document View Window

Overview The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: display a fraudulent web page over a legitimate web page steal cookies stored in browser place arbitrary cookies into browser Impact A remote attacker could...

5.8CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/15 4:45 a.m.•3 views

Denial of Service (DoS) Vulnerability in Hitachi Storage Command Suite Built-in Database

Overview A built-in database in Hitachi Storage Command Suite HSCS abends upon receiving maliciously-crafted data intended to exploit its denial of service DoS vulnerability. As a result, HSCS may become not operational or shutdown, for example, making operations from the screen and access to the...

7.8CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/10 8:25 a.m.•3 views

Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Overview Access Analyzer CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI...

4.3CVSS6.2AI score0.01053EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:12 a.m.•3 views

Denial of Service (DoS) Vulnerability in JP1/PAM

Overview A Built-in database in JP1/Performance Analysis - Manager and JP1/Performance Management - Analysis Manager JP1/PAM contains a vulnerability that could cause a denial of service DoS condition due to the abnormal ending of the database process when receiving unexpected data. After the...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/09/01 5:11 a.m.•3 views

Denial of Service (DoS) Vulnerability in Cosminexus

Overview Cosminexus series products contain a vulnerability that could cause a denial of service DoS condition when receiving unexpected data. After it abends, the service can be restarted by rebooting the system. Impact A remote attacker could cause a denial of service DoS condition. Solution...

7.8CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/31 5:16 a.m.•3 views

moobbs2 vulnerable to cross-site scripting

Overview moobbs2 contains a cross-site scripting vulnerability. moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5CVSS6.1AI score0.01033EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/20 8:17 a.m.•3 views

Winny BBS information processing vulnerability

Overview Winny contains a vulnerability in the processing of BBS information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Yuji Ukai of eEye Digital Security...

10CVSS6.7AI score0.01446EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/17 10:50 a.m.•3 views

Multiple vulnerabilities in ActiveGeckoBrowser

Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...

6.8CVSS7.8AI score0.02129EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/01 8:37 a.m.•3 views

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability is different from JVN98467259. The "Ichitaro" series word processing software, from JustSystems Corporation contains a...

9.3CVSS7.9AI score0.05557EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/18 2:34 a.m.•3 views

XMAP3 Arbitrary Code Execution Vulnerability

Overview An arbitrary code execution vulnerability exists in the system installed with XMAP3/Web, or it may experience unexpected shutdown of Internet Explorer. The same issues exist in the Web browser testing tool, a web system development feature that comes with XMAP3/NET and XMAP3/Enterprise...

9.3CVSS8.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 7:43 a.m.•3 views

CapsSuite Small Edition PatchMeister vulnerable to denial of service

Overview CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Servers or...

7.8CVSS6.7AI score0.02816EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/09 7:36 a.m.•3 views

Accela BizSearch Access Control Bypass Vulnerability

Overview The local file seraching function in IntelligentSearch and Accela BizSearch is prone to an access control bypass vulnerability. Impact Users without permission can access restricted files on the local Windows machine via the BizSearch search results. Solution Please refer to the 'Vendor...

5CVSS6.6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/02 8:32 a.m.•3 views

Compiere vulnerable to cross-site scripting

Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...

4.3CVSS6AI score0.01528EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/12/24 5:32 a.m.•3 views

StartTLS not enabled in Hitachi Storage Command Suite products

Overview When a Hitachi Storage Command Suite product uses an LDAP directory server as the server to be used for external authentication, StartTLS won't be enabled even if it is specified as the connection protocol. Impact StartTLS won't be enabled even if it is specified as the connection...

5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/12/15 10:52 a.m.•3 views

Active! mail 2003 cookie disclosure vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which cookies may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which cookies may be disclosed. Kenichi Maehashi of CIS RAT at Hosei Universi...

5.8CVSS6.6AI score0.0105EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/12/15 10:52 a.m.•3 views

Active! mail 2003 session ID disclosure vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a vulnerability in which session IDs may be disclosed. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Kenichi Maehashi of CIS RAT at Hosei...

5.8CVSS6.6AI score0.01083EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/12/15 10:52 a.m.•3 views

Active! mail 2003 cross-site scripting vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...

4.3CVSS6.1AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/11/19 6:45 a.m.•3 views

Redmine vulnerable to cross-site request forgery

Overview Redmine contains a cross-site request forgery vulnerability. Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.8CVSS6.6AI score0.00719EPSS
Exploits0References10
Total number of security vulnerabilities5000