Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/24 12:0 a.m.54 views

JVN#58559719: WordPress plugin "BackupGuard" vulnerable to cross-site scripting

The WordPress plugin "BackupGuard" provided by BackupGuard contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.00923EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/24 12:0 a.m.71 views

JVN#39628662: Multiple vulnerabilities in SEO Panel

SEO Panel provided by SEO Panel contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-10838 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 SQL injection...

8.8CVSS7.4AI score0.01071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/24 12:0 a.m.64 views

JVN#23340457: Multiple vulnerabilities in WebCalendar

WebCalendar provided by k5n.us contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-10840 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Directory...

6.1CVSS6.1AI score0.02353EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/23 6:36 a.m.2 views

Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Overview Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Improper access restriction CWE-425 - CVE-2017-10833 Directory traversal CWE-22 - CVE-2017-10834 Arbitrary PHP...

10CVSS8.1AI score0.0295EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/23 6:24 a.m.4 views

The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

Overview The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome and BlackWingCat of...

9.3CVSS7.1AI score0.01456EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/23 12:0 a.m.83 views

JVN#87410770: Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

10CVSS8.5AI score0.0295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/23 12:0 a.m.54 views

JVN#30866130: The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed wi...

9.3CVSS7.8AI score0.01456EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/22 3:34 a.m.4 views

Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files

Overview Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

9.3CVSS7.2AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/22 12:0 a.m.105 views

JVN#67954465: Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files

Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact This vulnerability can be exploited when the following condition is...

9.3CVSS7.8AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/21 5:30 a.m.2 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS vulnerability in the application menu's edit function CWE-20 - CVE-2017-2254 Stored cross-site scripting in the "Rich text" function of the application "Space" CWE-79 -...

6.1CVSS6.1AI score0.01326EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/21 12:0 a.m.66 views

JVN#63564682: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS vulnerability in the application menu's edit function CWE-20 - CVE-2017-2254 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H| Base Score: 5.5 CVSS...

6.1CVSS5.5AI score0.01326EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/18 4:41 a.m.5 views

Installer and self-extracting archive containing the installer of TDB CA TypeA use software may insecurely load Dynamic Link Libraries

Overview TDB CA TypeA use software provided by Teikoku Databank, Ltd. is a software which provides environment for using system and management function of TDB electronic authentication service TypeA. The installer and the self-extracting archive containing the installer of TDB CA TypeA use softwa...

9.3CVSS7.1AI score0.00912EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/18 12:0 a.m.98 views

JVN#18641169: Installer and self-extracting archive containing the installer of TDB CA TypeA use software may insecurely load Dynamic Link Libraries

TDB CA TypeA use software provided by Teikoku Databank, Ltd. is a software which provides environment for using system and management function of TDB electronic authentication service TypeA. The installer and the self-extracting archive containing the installer of TDB CA TypeA use software contai...

9.3CVSS7.9AI score0.00912EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 8:29 a.m.4 views

Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability ...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 8:29 a.m.3 views

Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.8AI score0.01061EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 8:29 a.m.5 views

Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 6:31 a.m.2 views

Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries

Overview Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. The tool is provided as a ZIP archive. It is assumed that a user extracts the too...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 12:0 a.m.40 views

JVN#53292345: Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries

Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. The tool is provided as a ZIP archive. It is assumed that a user extracts the tool the...

9.3CVSS7.7AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 12:0 a.m.44 views

JVN#71104430: Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege...

9.3CVSS7.6AI score0.01061EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 12:0 a.m.58 views

JVN#23546631: Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the use...

9.3CVSS7.6AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 12:0 a.m.41 views

JVN#73559859: Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries

Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of...

9.3CVSS7.6AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 9:7 a.m.3 views

WSR-300HP vulnerable to arbitrary code execution

Overview WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability. Impact By executing a specially crafted request prepared by a remote attacker,...

10CVSS7.7AI score0.99975EPSS
Exploits6References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 9:6 a.m.4 views

WCR-1166DS vulnerable to OS command injection

Overview WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

7.7CVSS7.5AI score0.00732EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 6:35 a.m.5 views

Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries

Overview Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to...

9.3CVSS6.8AI score0.01238EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 12:0 a.m.217 views

JVN#74871939: WSR-300HP vulnerable to arbitrary code execution

WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability. Impact By executing a specially crafted request prepared by a remote attacker, arbitrary code may be executed. Solution Update the Firmware Apply the firmware update accordin...

10CVSS9.4AI score0.99975EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 12:0 a.m.117 views

JVN#05340005: WCR-1166DS vulnerable to OS command injection

WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Impact A user who can access the administrative console of the device may execute an arbitrary OS command. Solution Update the Firmware Apply the firmware update accordin...

7.7CVSS6.9AI score0.00732EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 12:0 a.m.105 views

JVN#81659403: Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries

Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to insecurely...

9.3CVSS7.6AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/03 5:35 a.m.2 views

Installer of IP Messenger may insecurely load Dynamic Link Libraries

Overview IP Messenger is a LAN Messenger based on TCP/IP. IP Messenger contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.3CVSS6.9AI score0.01129EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/03 3:28 a.m.3 views

Installer of Baidu IME may insecurely load Dynamic Link Libraries

Overview Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/03 12:0 a.m.74 views

JVN#86724730: Installer of IP Messenger may insecurely load Dynamic Link Libraries

IP Messenger is a LAN Messenger based on TCP/IP. IP Messenger contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

9.3CVSS7.7AI score0.01129EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/03 12:0 a.m.101 views

JVN#17788774: Installer of Baidu IME may insecurely load Dynamic Link Libraries

Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest installer according...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 6:38 a.m.4 views

NFC Port Software remover may insecurely load Dynamic Link Libraries

Overview NFC Port Software remover provided by Sony Corporation is an application to remove NFC Port Software. NFC Port Software remover contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this...

9.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 6:38 a.m.10 views

Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries

Overview PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab...

9.3CVSS7AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 5:31 a.m.3 views

Installer of LhaForge may insecurely load Dynamic Link Libraries

Overview LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

9.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 5:26 a.m.14 views

Multiple vulnerabilities in I-O DATA WN-AX1167GR

Overview WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 OS command injection CWE-78 - CVE-2017-2281 Buffer overflow CWE-119 - CVE-2017-2282 Taizoh Tsukamoto of Mitsu...

8.8CVSS8.2AI score0.00843EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 5:13 a.m.3 views

I-O DATA WN-G300R31 uses hard-coded credentials

Overview WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials CWE-798. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS7.5AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.37 views

JVN#33797604: NFC Port Software remover may insecurely load Dynamic Link Libraries

NFC Port Software remover provided by Sony Corporation is an application to remove NFC Port Software. NFC Port Software remover contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.57 views

JVN#16136413: Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries

PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with t...

9.3CVSS7.8AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.55 views

JVN#01312667: Multiple vulnerabilities in I-O DATA WN-AX1167GR

WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS8.7AI score0.00843EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.53 views

JVN#51410509: I-O DATA WN-G300R31 uses hard-coded credentials

WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials CWE-798. Impact A user with access to the network that is connected to the affected device may execute arbitrary code on the device. Solution Update the Firmware Apply the appropriate...

8CVSS8AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.41 views

JVN#74554973: Installer of LhaForge may insecurely load Dynamic Link Libraries

LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution U...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 6:8 a.m.3 views

Installer of Tween may insecurely load Dynamic Link Libraries

Overview Tween is a twitter client application. Installer of Tween contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 6:8 a.m.1 views

RBB SPEED TEST App fails to verify SSL server certificates

Overview RBB SPEED TEST App provided by IID, Inc. fails to verify SSL server certificates. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...

5.9CVSS6.5AI score0.00632EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 4:52 a.m.5 views

Multiple cross-site scripting vulnerabilities in ScreenOS

Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

9.6CVSS6.3AI score0.01194EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 4:52 a.m.2 views

WordPress plugin "Simple Custom CSS and JS" vulnerable to cross-site scripting

Overview The WordPress plugin "Simple Custom CSS and JS" provided by SilkyPress contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS5.9AI score0.01466EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 4:52 a.m.2 views

WordPress plugin "Popup Maker" vulnerable to cross-site scripting

Overview The WordPress plugin "Popup Maker" provided by Popup Maker contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary scri...

6.1CVSS5.9AI score0.01634EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 12:0 a.m.65 views

JVN#74247807: Multiple cross-site scripting vulnerabilities in ScreenOS

ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

9.6CVSS6.2AI score0.01194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 12:0 a.m.67 views

JVN#24238648: RBB SPEED TEST App fails to verify SSL server certificates

RBB SPEED TEST App provided by IID, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the developer...

5.9CVSS5.3AI score0.00632EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 12:0 a.m.65 views

JVN#92921024: WordPress plugin "Popup Maker" vulnerable to cross-site scripting

The WordPress plugin "Popup Maker" provided by Popup Maker contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.01634EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 12:0 a.m.51 views

JVN#17523256: Installer of Tween may insecurely load Dynamic Link Libraries

Tween is a twitter client application. Installer of Tween contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Total number of security vulnerabilities5625