Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/17 4:39 a.m.3 views

EC-CUBE vulnerable to session fixation

Overview EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability CWE-384. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

8.1CVSS6.8AI score0.01525EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/17 12:0 a.m.64 views

JVN#52695336: EC-CUBE vulnerable to session fixation

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability CWE-384. Impact A remote attacker impersonating a logged in user may perform an unintended operation with the user's privilege. Solution Update the Softwa...

8.1CVSS8AI score0.01525EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/13 4:52 a.m.3 views

Installer of SoundEngine Free may insecurely load Dynamic Link Libraries

Overview Installer of SoundEngine Free contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

9.3CVSS6.9AI score0.01119EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/13 12:0 a.m.46 views

JVN#85056623: Installer of SoundEngine Free may insecurely load Dynamic Link Libraries

Installer of SoundEngine Free contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest installer...

9.3CVSS7.7AI score0.01119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/12 5:33 a.m.3 views

Tenable Appliance vulnerable to cross-site scripting

Overview Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.8AI score0.00521EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/12 5:27 a.m.3 views

The installer of PhishWall Client Internet Explorer edition may insecurely load Dynamic Link Libraries

Overview PhishWall Client Internet Explorer edition provided by SecureBrain Corporation is anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer edition contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

9.3CVSS7AI score0.01119EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/12 12:0 a.m.74 views

JVN#92220486: The installer of PhishWall Client Internet Explorer edition may insecurely load Dynamic Link Libraries

PhishWall Client Internet Explorer edition provided by SecureBrain Corporation is anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer edition contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

9.3CVSS7.7AI score0.01119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/12 12:0 a.m.67 views

JVN#71255137: Tenable Appliance vulnerable to cross-site scripting

Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

5.4CVSS5.2AI score0.00521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/10 4:39 a.m.2 views

Hatena Bookmark App for iOS contains an address bar spoofing vulnerability

Overview Hatena Bookmark App for iOS provided by Hatena Co., Ltd. contains a vulnerability where the address bar displays a different URL than the URL that is being accessed. Kenichiro Wakitani reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS6.4AI score0.01017EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/10 12:0 a.m.54 views

JVN#77753476: Hatena Bookmark App for iOS contains an address bar spoofing vulnerability

Hatena Bookmark App for iOS provided by Hatena Co., Ltd. contains a vulnerability where the address bar displays a different URL than the URL that is being accessed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution...

6.5CVSS6AI score0.01017EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/09 5:27 a.m.3 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Operation restriction bypass in the "Folder settings" CWE-264 - CVE-2018-0531 Operation restriction bypass in the setting of Login...

8.8CVSS7.2AI score0.01422EPSS
Exploits0References21
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/09 12:0 a.m.99 views

JVN#65268217: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N|...

8.8CVSS5.9AI score0.01422EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/05 1:22 a.m.4 views

DoS Vulnerability in JP1/ServerConductor/Deployment Manager and Hitachi Compute Systems Manager

Overview A DoS Vulnerability was found in JP1/ServerConductor/Deployment Manager and Hitachi Compute Systems Manager Deployment Manager Plug-in. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the...

7.8CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/30 4:39 a.m.1 views

Safari vulnerable to script injection

Overview Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is...

6.1CVSS6.7AI score0.01161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/30 12:0 a.m.74 views

JVN#01161596: Safari vulnerable to script injection

Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output...

6.1CVSS7AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/29 5:0 a.m.3 views

LXR vulnerable to OS command injection

Overview LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact On a server where the product is running, a remote...

10CVSS7.6AI score0.03117EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/29 4:52 a.m.3 views

Multiple vulnerabilities in WZR-1750DHP2

Overview WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0554 Buffer Overflow CWE-119 - CVE-2018-0555 OS Command Injection CWE-78 - CVE-2018-0556 Taizoh...

9.3CVSS7.9AI score0.01585EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/29 12:0 a.m.64 views

JVN#93397125: Multiple vulnerabilities in WZR-1750DHP2

WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0554 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

9.3CVSS9.1AI score0.01585EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/29 12:0 a.m.54 views

JVN#72589538: LXR vulnerable to OS command injection

LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Impact On a server where the product is running, a remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version according to the information provided by the...

10CVSS9.7AI score0.03117EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/27 4:40 a.m.1 views

iRemoconWiFi App for Android fails to verify SSL server certificates

Overview iRemoconWiFi App for Android provided by Glamo Inc. fails to verify SSL server certificates. Seigo Yamamoto of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attac...

7.4CVSS6.5AI score0.00536EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/27 12:0 a.m.64 views

JVN#43382653: iRemoconWiFi App for Android fails to verify SSL server certificates

iRemoconWiFi App for Android provided by Glamo Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by th...

7.4CVSS7.2AI score0.00536EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/15 4:38 a.m.4 views

The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries

Overview PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loadin...

7.8CVSS6.8AI score0.00963EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/15 12:0 a.m.56 views

JVN#39896275: The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries

PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic...

7.8CVSS7.6AI score0.00963EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:48 a.m.1 views

WebProxy vulnerable to directory traversal

Overview WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held...

7.5CVSS7AI score0.02344EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:48 a.m.2 views

TinyFTP Daemon vulnerable to buffer overflow

Overview TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that an...

10CVSS7.6AI score0.0323EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:48 a.m.2 views

ViX may insecurely load Dynamic Link Libraries

Overview ViX provided by KOKADA is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file CWE-427. During the meeting of Committee for authorizing the...

7.8CVSS6.9AI score0.00961EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:47 a.m.1 views

PHP 2chBBS vulnerable to cross-site scripting

Overview PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing...

6.1CVSS6AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:46 a.m.3 views

ArsenoL vulnerable to cross-site scripting

Overview ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed wh...

6.1CVSS6AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:43 a.m.4 views

QQQ SYSTEMS vulnerable to arbitrary command injection

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that ...

10CVSS7.7AI score0.02703EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:43 a.m.3 views

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Note...

8.2CVSS5.8AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:43 a.m.3 views

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on...

6.1CVSS5.9AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:43 a.m.5 views

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on t...

6.1CVSS5.9AI score0.00746EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.50 views

JVN#30864198: ArsenoL vulnerable to cross-site scripting

ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed when the...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.66 views

JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection

QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. Impact An attacker may execute an arbitrary OS command with the web server's execution privilege. Solution Consider stop using QQQ SYTEMS 2.24 Sinc...

10CVSS9.8AI score0.02703EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.66 views

JVN#56764650: ViX may insecurely load Dynamic Link Libraries

ViX provided by K_OKADA is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file CWE-427. Impact Arbitrary code may be executed with the privileges of the...

7.8CVSS7.7AI score0.00961EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.65 views

JVN#92259864: TinyFTP Daemon vulnerable to buffer overflow

TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. Impact An attacker may be able to cause a denial-of-service DoS condition or execute arbitrary code. Solution Consider stop using Tiny FTP Daemon...

10CVSS9.6AI score0.0323EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.46 views

JVN#87226910: WebProxy vulnerable to directory traversal

WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. Impact A remote attacker may create an arbitrary file on the server where the product is running. Solution...

7.5CVSS7.4AI score0.02344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.55 views

JVN#48774168: PHP 2chBBS vulnerable to cross-site scripting

PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. Impact Due to this vulnerability, a victim being tricked...

6.1CVSS5.8AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.54 views

JVN#64990648: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user's...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.60 views

JVN#46471407: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Impact Due to...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.47 views

JVN#96655441: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/09 4:56 a.m.2 views

Multiple vulnerabilities in CG-WGR1200

Overview CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Buffer Overflow CWE-78 - CVE-2017-10853 Authentication bypass CWE-306 - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure...

8.8CVSS8.1AI score0.00868EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/09 12:0 a.m.78 views

JVN#15201064: Multiple vulnerabilities in CG-WGR1200

CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS9.4AI score0.00868EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/08 5:10 a.m.3 views

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a reflected cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN33527174. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.1CVSS5.9AI score0.01537EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/08 5:10 a.m.3 views

WordPress plugin "WP All Import" vulnerable to cross-site scripting

Overview The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Note that this vulnerability is different from JVN60032768. Mardan Muhidin of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

6.1CVSS6.1AI score0.01537EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/08 12:0 a.m.46 views

JVN#60032768: WordPress plugin "WP All Import" vulnerable to cross-site scripting

The WordPress plugin "WP All Import" provided by Soflyy contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

6.1CVSS6AI score0.01537EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/08 12:0 a.m.50 views

JVN#33527174: WordPress plugin "WP All Import" vulnerable to cross-site scripting

The WordPress plugin "WP All Import" provided by Soflyy contains a cross-site scripting vulnerability CWE-79 in the file upload function. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.01537EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/05 6:10 a.m.2 views

Installer of WinShot may insecurely load Dynamic Link Libraries

Overview Installer of WinShot contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.3CVSS6.8AI score0.01076EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/05 5:7 a.m.2 views

Installer of JTrim may insecurely load Dynamic Link Libraries

Overview Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.3CVSS6.8AI score0.00925EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/05 12:0 a.m.51 views

JVN#71816327: Installer of JTrim may insecurely load Dynamic Link Libraries

Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format JTrim When using JTrim, download the ZIP fi...

9.3CVSS7.6AI score0.00925EPSS
Exploits0
Total number of security vulnerabilities5625