Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:54 a.m.•8 views

WordPress plugin "Multi Feed Reader" vulnerable to SQL injection

Overview The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability CWE-89. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker who...

8.8CVSS7.8AI score0.01617EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:21 a.m.•1 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN80238098...

8.8CVSS7.9AI score0.01507EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:20 a.m.•2 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an information disclosure vulnerability. Masato Kinugawa reported this vulnerability to IPA...

4.3CVSS5.9AI score0.0114EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:19 a.m.•1 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN20870477...

8.8CVSS7.9AI score0.02325EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 5:19 a.m.•1 views

Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

Overview AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN80238098...

8.8CVSS7.9AI score0.01507EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 2:19 a.m.•5 views

The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

Overview The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported...

8.8CVSS7.1AI score0.01356EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•29 views

JVN#20870477: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...

8.8CVSS8.9AI score0.01507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•38 views

JVN#32120290: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an information disclosure vulnerability. Impact When accessing a specially crafted URL, a local file...

4.3CVSS4.3AI score0.0114EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•46 views

JVN#01404851: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, an arbitrary code may...

8.8CVSS8.9AI score0.01507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•54 views

JVN#98617234: WordPress plugin "Multi Feed Reader" vulnerable to SQL injection

The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by an attacker. Solution Update the plugin Update the plugin...

8.8CVSS8.9AI score0.01617EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•36 views

JVN#80238098: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...

8.8CVSS8.9AI score0.02325EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/05 4:47 a.m.•3 views

Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries

Overview Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to...

7.8CVSS6.9AI score0.01093EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/05 12:0 a.m.•38 views

JVN#24087303: Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries

Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Use the latest...

7.8CVSS7.8AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/02 5:0 a.m.•1 views

Installer of SaAT Personal may insecurely load Dynamic Link Libraries

Overview The installer of SaAT Personal provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

8.8CVSS7AI score0.01636EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/02 5:0 a.m.•4 views

Installer of SaAT Netizen may insecurely load Dynamic Link Libraries

Overview The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS7AI score0.01636EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/02 12:0 a.m.•34 views

JVN#08020381: Installer of SaAT Personal may insecurely load Dynamic Link Libraries

The installer of SaAT Personal provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

8.8CVSS8.8AI score0.01636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/02 12:0 a.m.•36 views

JVN#91170929: Installer of SaAT Netizen may insecurely load Dynamic Link Libraries

The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

8.8CVSS8.8AI score0.01636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 7:47 a.m.•6 views

RW-5100 tool to verify execution environment may insecurely load Dynamic Link Libraries

Overview RW-5100 tool to verify execution environment for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of...

9.3CVSS7AI score0.01644EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 7:44 a.m.•6 views

RW-5100 driver installer may insecurely load Dynamic Link Libraries

Overview RW-5100 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reporte...

9.3CVSS6.9AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 7:40 a.m.•2 views

RW-4040 tool to verify execution environment may insecurely load Dynamic Link Libraries

Overview RW-4040 tool to verify execution environment for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of...

9.3CVSS7AI score0.01644EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 7:25 a.m.•3 views

RW-4040 driver installer may insecurely load Dynamic Link Libraries

Overview RW-4040 driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation and BlackWingCat of PinkFlyingWhale reporte...

9.3CVSS6.9AI score0.01147EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 5:42 a.m.•3 views

Installer of Tera Term may insecurely load Dynamic Link Libraries

Overview The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

9.3CVSS7AI score0.02029EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 5:6 a.m.•6 views

WordPress plugin "WP Live Chat Support" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Live Chat Support" provided by CODECABIN contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...

6.1CVSS6AI score0.01293EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 12:0 a.m.•67 views

JVN#70951878: WordPress plugin "WP Live Chat Support" vulnerable to cross-site scripting

The WordPress plugin "WP Live Chat Support" provided by CODECABIN contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

6.1CVSS6AI score0.01293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 12:0 a.m.•84 views

JVN#51274854: Multiple software for Sharp IC Card Reader/Writer Devices may insecurely load Dynamic Link Libraries

The tool to verify execution environment and the driver installer for IC Card Reader/Writer devices provided by Sharp Corporation contain an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege o...

9.3CVSS7.6AI score0.01644EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 12:0 a.m.•71 views

JVN#06770361: Installer of Tera Term may insecurely load Dynamic Link Libraries

The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use...

9.3CVSS7.7AI score0.02029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/26 12:0 a.m.•35 views

JVN#92422409: The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the...

8.8CVSS8.9AI score0.01356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 5:14 a.m.•5 views

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Overview Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

8.8CVSS7.2AI score0.01749EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 5:14 a.m.•5 views

Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries

Overview Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

9.3CVSS7.3AI score0.01427EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 5:14 a.m.•5 views

GroupSession fails to restrict access permissions

Overview GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.5AI score0.01343EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 12:0 a.m.•35 views

JVN#75514460: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. ...

8.8CVSS8.8AI score0.01749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 12:0 a.m.•32 views

JVN#41185163: Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries

Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerabilit...

9.3CVSS7.7AI score0.01427EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 12:0 a.m.•33 views

JVN#42164352: GroupSession fails to restrict access permissions

GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions. Impact An authenticated attacker may obtain other user's senisitive information such as email. Solution Update the Software Update to the latest version according to t...

6.5CVSS6.3AI score0.01343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/24 5:41 a.m.•2 views

SSL Visibility Appliance may generate illegal RST packets

Overview SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management. It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web...

7.2CVSS6.8AI score0.01453EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/24 12:0 a.m.•25 views

JVN#91438377: SSL Visibility Appliance may generate illegal RST packets

SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management. It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web server behi...

5.9CVSS5.8AI score0.01453EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 5:57 a.m.•2 views

The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries

Overview The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

7.8CVSS7.1AI score0.01419EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 5:55 a.m.•4 views

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability. Note that this vulnerability is different from JVN85512750. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported...

6.1CVSS6.2AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 5:53 a.m.•2 views

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. report...

5.4CVSS6.1AI score0.00891EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 12:0 a.m.•40 views

JVN#12493656: The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries

The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoki...

7.8CVSS7.7AI score0.01419EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 12:0 a.m.•33 views

JVN#85512750: Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...

5.4CVSS5.3AI score0.00891EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 12:0 a.m.•37 views

JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 6:46 a.m.•4 views

FlashAir do not set credential information in PhotoShare

Overview FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wirele...

4.3CVSS6.8AI score0.00608EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 6:34 a.m.•5 views

FlashAir fails to restrict access permissions in PhotoShare

Overview FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection...

3.5CVSS6.7AI score0.00447EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 5:0 a.m.•3 views

Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting

Overview Multiple WordPress Plugins provided by BestWebSoft use a common function for displaying the BestWebSoft menu. This function contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.1CVSS6AI score0.00886EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 4:59 a.m.•1 views

WordPress plugin "MaxButtons" vulnerable to cross-site scripting

Overview The WordPress plugin "MaxButtons" provided by Max Foundry contains a cross-site scripting vulnerability CWE-79. ASAI Ken and Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.01379EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 4:58 a.m.•2 views

WordPress plugin "WP Booking System" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA...

6.1CVSS5.9AI score0.01379EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 12:0 a.m.•45 views

JVN#46372675: FlashAir fails to restrict access permissions in PhotoShare

FlashAirTM by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAirTM PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAirTM default to the wireless LAN connection fo...

3.5CVSS4.1AI score0.00447EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 12:0 a.m.•43 views

JVN#81820501: FlashAir do not set credential information in PhotoShare

FlashAirTM by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAirTM PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAirTM default to the wireless...

4.3CVSS4.6AI score0.00608EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 12:0 a.m.•48 views

JVN#24834813: Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting

Multiple WordPress Plugins provided by BestWebSoft use a common function for displaying the BestWebSoft menu. This function contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the...

6.1CVSS6AI score0.00886EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/16 12:0 a.m.•43 views

JVN#96165722: WordPress plugin "WP Booking System" vulnerable to cross-site scripting

The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin according to...

6.1CVSS6.1AI score0.01379EPSS
Exploits0
Total number of security vulnerabilities5625