Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/28 6:37 a.m.3 views

Library Information Management System LIMEDIO vulnerable to open redirect

Overview Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability CWE-601. Takeshi Imai of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.8AI score0.00851EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/28 12:0 a.m.99 views

JVN#45633549: Library Information Management System LIMEDIO vulnerable to open redirect

Library Information Management System LIMEDIO provided by RICOH COMPANY, LTD. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solutio...

6.1CVSS6.2AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/23 7:0 a.m.3 views

PowerCMS vulnerable to open redirect

Overview PowerCMS provided by Alfasado Inc. contains an open redirect vulnerability CWE-601. Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...

6.1CVSS6.6AI score0.00851EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/23 12:0 a.m.128 views

JVN#34634458: PowerCMS vulnerable to open redirect

PowerCMS provided by Alfasado Inc. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software t...

6.1CVSS6.2AI score0.00851EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/18 5:21 a.m.1 views

Multiple Vulnerabilities in Hitachi Global Link Manager

Overview Multiple vulnerabilities have been found in Hitachi Global Link Manager. Cross-site Scripting DoS Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/18 5:18 a.m.5 views

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview A vulnerability CVE-2019-10092 exists in Cosminexus HTTP Server and Hitachi Web Server. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

6.1CVSS7.9AI score0.81466EPSS
Exploits4References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/15 3:39 a.m.2 views

NetCommons3 vulnerable to cross-site scripting

Overview NetCommons3 provided by The NetCommons Project contains a cross-site scripting vulnerability CWE-79. Toshiki Sasazaki of Waseda University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...

6.1CVSS6AI score0.00781EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/15 12:0 a.m.124 views

JVN#74530672: NetCommons3 vulnerable to cross-site scripting

NetCommons3 provided by The NetCommons Project contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS6AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/11 6:8 a.m.3 views

Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"

Overview WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 SQL Injection CWE-89 - CVE-2019-6012 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...

7.2CVSS7.8AI score0.01447EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/11 12:0 a.m.133 views

JVN#14776551: Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"

WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

7.2CVSS7.4AI score0.01447EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/07 6:17 a.m.4 views

Multiple OS command injection vulnerabilities in DBA-1510P

Overview DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in Command Line Interface CLI CWE-78 - CVE-2019-6013 OS command injection vulnerability in Web User Interface CWE-78 - CVE-2019-6014 Katsuhiko...

8.8CVSS7.8AI score0.01245EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/07 6:9 a.m.3 views

Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"

Overview EC-CUBE module "REMISE Payment module 2.11, 2.12 and 2.13" provided by REMISE Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2019-6016 Information disclosure CWE-200 - CVE-2019-6017 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported...

6.1CVSS6.4AI score0.01072EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/07 12:0 a.m.120 views

JVN#95875796: Multiple OS command injection vulnerabilities in DBA-1510P

DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in Command Line Interface CLI CWE-78 - CVE-2019-6013 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score...

8.8CVSS7.8AI score0.01245EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/07 12:0 a.m.130 views

JVN#59436681: Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"

EC-CUBE module "REMISE Payment module 2.11, 2.12 and 2.13" provided by REMISE Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2019-6016 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.1AI score0.01072EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/02 1:59 a.m.2 views

FON routers may behave as an open resolver

Overview FON routers contain an issue where they may behave as open resolvers. A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver". FON routers contain an issue where they may behave as open resolvers. Hideyoshi Okazaki of ARTERI...

7.8CVSS6.6AI score0.01608EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/19 8:59 a.m.5 views

Multiple integer overflow vulnerabilities in LINE(Android)

Overview LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Integer overflow vulnerability in processing images - CVE-2019-6010 LINE Corporation...

8.8CVSS7.5AI score0.02028EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/19 12:0 a.m.167 views

JVN#97845465: Multiple integer overflow vulnerabilities in LINE(Android)

LINEAndroid provided by LINE Corporation contains multiple integer overflow vulnerabilities CWE-190 listed below. Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L| Base...

8.8CVSS8.9AI score0.02028EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/13 5:29 a.m.2 views

Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)

Overview Multiple printers and Multifunction Printers MFPs provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. Buffer overflow in parsing HTTP cookie header CWE-119 - CVE-2019-14300 Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3,...

9.8CVSS7.9AI score0.0312EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/13 12:0 a.m.149 views

JVN#11708203: Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)

Multiple printers and Multifunction Printers MFPs provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. Buffer overflow in parsing HTTP cookie header CWE-119 - CVE-2019-14300 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS9.8AI score0.0312EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/12 4:55 a.m.4 views

apng-drawable vulnerable to integer overflow

Overview apng-drawable provided by LINE Corporation contains an integer overflow vulnerability CWE-190. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning...

8.8CVSS7.4AI score0.02028EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/12 12:0 a.m.142 views

JVN#39383894: apng-drawable vulnerable to integer overflow

apng-drawable provided by LINE Corporation contains an integer overflow vulnerability CWE-190. Impact An attacker may cause a denial of service DoS condition or execute arbitrary code. Solution Update the Software The developer released apng-drawable that contains a fix for this vulnerability...

8.8CVSS9AI score0.02028EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/10 4:56 a.m.4 views

SHIRASAGI vulnerable to open redirect

Overview SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.1CVSS6.5AI score0.0185EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/10 12:0 a.m.146 views

JVN#74699196: SHIRASAGI vulnerable to open redirect

SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the...

6.1CVSS6.1AI score0.0185EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/09 6:58 a.m.3 views

Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure...

7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/02 4:57 a.m.6 views

Panasonic Video Insight VMS vulnerable to SQL injection

Overview Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability CWE-89. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...

8.8CVSS7.7AI score0.01522EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/09/02 12:0 a.m.198 views

JVN#93833849: Panasonic Video Insight VMS vulnerable to SQL injection

Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability CWE-89. Impact A logged in user may execute an arbitrary SQL statement to the database. Solution Update the software Update the softwa...

8.8CVSS9AI score0.01522EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/26 4:48 a.m.5 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in the processing of Todo portlet. Shoji Baba reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/C...

7.6CVSS7.5AI score0.01208EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/26 12:0 a.m.145 views

JVN#71877187: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability CWE-89 in the processing of Todo portlet. Impact A user who can login to the product may obtain or alter information stored in the database. Solution Apply the Patch Apply the patch according to the information provide...

7.6CVSS7.7AI score0.01208EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/23 6:57 a.m.3 views

Smart TV Box fails to restrict access permissions

Overview Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled...

9.8CVSS6.7AI score0.02123EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/23 12:0 a.m.77 views

JVN#17127920: Smart TV Box fails to restrict access permissions

Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if...

9.8CVSS9.3AI score0.02123EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/15 5:29 a.m.3 views

ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability

Overview ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution. These software products contain an open redirect...

6.1CVSS6.5AI score0.01122EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/15 12:0 a.m.83 views

JVN#07679150: ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability

ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution. These software products contain an open redirect vulnerability...

6.1CVSS6.2AI score0.01122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/09 3:23 a.m.3 views

WonderCMS vulnerable to directory traversal

Overview WonderCMS contains a directory traversal vulnerability CWE-22. Note that the original fix for this vulnerability was insufficient CVE-2018-7172. However, an updated version of the software, which completely addressed this vulnerability has been released by the developer. Sosuke Tokuda...

7.5CVSS6.6AI score0.01862EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/07 4:58 a.m.4 views

EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" provided by IPLOGIC CO.,LTD. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6AI score0.01031EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/08/07 12:0 a.m.68 views

JVN#29343839: EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" vulnerable to cross-site scripting

EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" provided by IPLOGIC CO.,LTD. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who logs in to the product with the administrative privilege. Solution Update the Plugin Update...

6.1CVSS6.1AI score0.01031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/31 6:29 a.m.2 views

Central Dogma vulnerable to cross-site scripting

Overview Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability CWE-79. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning...

6.1CVSS6.1AI score0.0115EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/31 12:0 a.m.165 views

JVN#94889214: Central Dogma vulnerable to cross-site scripting

Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...

6.1CVSS6AI score0.0115EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/18 4:56 a.m.4 views

WordPress Plugin "Category Specific RSS feed Subscription" vulnerable to cross-site request forgery

Overview WordPress Plugin "Category Specific RSS feed Subscription" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Gota Abe of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this...

8.8CVSS6.5AI score0.00846EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/18 12:0 a.m.214 views

JVN#92510087: WordPress Plugin "Category Specific RSS feed Subscription" vulnerable to cross-site request forgery

WordPress Plugin "Category Specific RSS feed Subscription" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...

8.8CVSS8.6AI score0.00846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/16 7:16 a.m.1 views

WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" provided by Mike Castro Demaria contains a cross-site request forgery vulnerability CWE-352. Yuta Kikuchi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this...

8.8CVSS6.5AI score0.00853EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/16 7:8 a.m.3 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. DOM-based cross-site scripting in the application "Portal" CWE-79 - CVE-2019-5975 Denial-of-service DoS CWE-20 - CVE-2019-5976 Mail header injection in the application "E-mail" CWE-74 - CVE-2019-5977...

6.1CVSS6.7AI score0.01161EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/16 12:0 a.m.158 views

JVN#48981892: WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" vulnerable to cross-site request forgery

WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" provided by Mike Castro Demaria contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...

8.8CVSS8.6AI score0.00853EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/16 12:0 a.m.183 views

JVN#62618482: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. DOM-based cross-site scripting in the application "Portal" CWE-79 - CVE-2019-5975 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.4 CVSS v2|...

6.1CVSS5.7AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/10 5:7 a.m.9 views

Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)

Overview Intel Dual Band Wireless-AC 8260 contains a denial-of-service DoS vulnerability CWE-400. Yusuke Ogawa of Cisco Systems G.K. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker may be able to...

7.4CVSS7.6AI score0.0407EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/10 12:0 a.m.115 views

JVN#75617741: Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)

Intel Dual Band Wireless-AC 8260 contains a denial-of-service DoS vulnerability CWE-400. Impact An attacker may be able to cause a denial-of-service DoS. Solution Update the device driver Apply the appropriate device driver update according to the information provided by the developer. Products...

7.4CVSS8AI score0.0407EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/05 6:28 a.m.3 views

Multiple vulnerabilities in Access analysis CGI An-Analyzer

Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Stored cross-site scripting in the Management Page CWE-79 - CVE-2019-5988 DOM-based cross-site scripting in t...

9CVSS7AI score0.02497EPSS
Exploits3References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/05 12:0 a.m.221 views

JVN#37230341: Multiple vulnerabilities in Access analysis CGI An-Analyzer

Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

9CVSS7.8AI score0.02497EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/01 5:31 a.m.2 views

The management console of iDoors Reader vulnerable to authentication bypass

Overview The management console of iDoors Reader provided by A.T.WORKS, Inc. contains an authentication bypass vulnerability CWE-288. Yusuke Nakano of Secure Cycle Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

8.8CVSS6.8AI score0.00716EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/07/01 12:0 a.m.36 views

JVN#28218613: The management console of iDoors Reader vulnerable to authentication bypass

The management console of iDoors Reader provided by A.T.WORKS, Inc. contains an authentication bypass vulnerability CWE-288. Impact An attacker in the same segment may access the management console and operate the product. Solution Update the Firmware Apply the firmware update according to the...

8.8CVSS8.8AI score0.00716EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/28 9:28 a.m.3 views

Multiple vulnerabilities in Panasonic BN-SDWBP3

Overview BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2018-0676 OS Command InjectionCWE-78 - CVE-2018-0677 Buffer Overflow CWE-119 - CVE-2018-0678 Taizoh...

8.8CVSS7.7AI score0.0112EPSS
Exploits0References13
Total number of security vulnerabilities5625