Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/16 12:0 a.m.44 views

JVN#96165722: WordPress plugin "WP Booking System" vulnerable to cross-site scripting

The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin according to...

6.1CVSS6.1AI score0.01379EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/12 4:36 a.m.1 views

PrimeDrive Desktop Application Installer may insecurely load executable files

Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Eili Masami of...

7.8CVSS6.8AI score0.01881EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/12 12:0 a.m.72 views

JVN#16248227: PrimeDrive Desktop Application Installer may insecurely load executable files

PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Impact Arbitrary code may be...

7.8CVSS7.7AI score0.01881EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/11 4:37 a.m.2 views

The installer of SOY CMS vulnerable to cross-site scripting

Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this...

6.1CVSS6AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/11 4:36 a.m.2 views

SOY CMS vulnerable to directory traversal

Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

7.5CVSS7.3AI score0.02483EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/11 12:0 a.m.39 views

JVN#51819749: SOY CMS vulnerable to directory traversal

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. Impact An authenticated attacker may execute arbitrary PHP code on the server. Solution Updat...

7.5CVSS7.7AI score0.02483EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/11 12:0 a.m.41 views

JVN#51978169: The installer of SOY CMS vulnerable to cross-site scripting

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Impact When a user accesses a malicious page that leads to where the SOY CMS...

6.1CVSS6.1AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/09 4:52 a.m.2 views

The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Note that this...

7.8CVSS6.9AI score0.00505EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/09 4:52 a.m.3 views

Nessus vulnerable to cross-site scripting

Overview Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CWE-79 CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found a...

5.4CVSS5.8AI score0.00775EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/09 12:0 a.m.61 views

JVN#87760109: Nessus vulnerable to cross-site scripting

Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found and fixed in Ness...

5.4CVSS5.2AI score0.01252EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/09 12:0 a.m.47 views

JVN#39605485: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...

7.3CVSS7.3AI score0.00505EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/25 4:36 a.m.4 views

Installer of Vivaldi for Windows may insecurely load executable files

Overview The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.8CVSS6.9AI score0.02516EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/25 12:0 a.m.55 views

JVN#71572107: Installer of Vivaldi for Windows may insecurely load executable files

The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest...

7.8CVSS7.7AI score0.02516EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/21 4:44 a.m.6 views

WNC01WH vulnerable to OS command injection

Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability CWE-78. Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

6.8CVSS7.3AI score0.00567EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/21 12:0 a.m.39 views

JVN#48790793: WNC01WH vulnerable to OS command injection

WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an authenticated attacker. Solution Update the Firmware Update to the latest version of firmware according to the information...

6.8CVSS6.8AI score0.00567EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 6:11 a.m.3 views

Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries

Overview Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...

7.8CVSS6.9AI score0.01173EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 6:11 a.m.1 views

WordPress plugin "Booking Calendar" vulnerable to cross-site scripting

Overview The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/C...

6.1CVSS5.8AI score0.0085EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 6:11 a.m.3 views

WordPress plugin "Booking Calendar" vulnerable to directory traversal

Overview The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A local file outside of th...

5.8CVSS6.4AI score0.02397EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 5:48 a.m.4 views

Hoozin Viewer vulnerable to buffer overflow

Overview Hoozin Viewer provided by ICON CORPORATION contains a buffer overflow vulnerability CWE-121. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page, arbitrary...

8.8CVSS7.5AI score0.02547EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 12:0 a.m.40 views

JVN#54762089: WordPress plugin "Booking Calendar" vulnerable to cross-site scripting

The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the Software Update to the latest...

6.1CVSS6AI score0.0085EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 12:0 a.m.39 views

JVN#18739672: WordPress plugin "Booking Calendar" vulnerable to directory traversal

The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability CWE-22. Impact A local file outside of the application on the server may be accessed by a remote attacker. Solution Update the Software Update to the latest version according to the...

5.3CVSS5.2AI score0.02397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 12:0 a.m.45 views

JVN#93931029: Hoozin Viewer vulnerable to buffer overflow

Hoozin Viewer provided by ICON CORPORATION contains a buffer overflow vulnerability CWE-121. Impact If a user views a malicious page, arbitrary code may be executed. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

8.8CVSS9AI score0.02547EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/20 12:0 a.m.43 views

JVN#54268888: Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries

Hanako and multiple software suites containing Hanako provided by JustSystems Corporation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the user running the application. Solution...

7.8CVSS7.7AI score0.01173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/19 5:43 a.m.4 views

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview The DNS forwarder, the PPP Access Concentrator L2TP and the MeasureiPerf server function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Internet Initiative Japan Inc. reported th...

7.5CVSS6.8AI score0.01545EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/19 12:0 a.m.44 views

JVN#86171513: SEIL Series routers vulnerable to denial-of-service (DoS)

The DNS forwarder, the PPP Access Concentrator L2TP and the MeasureiPerf server function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Impact Receiving a specially crafted packet may...

7.5CVSS7.4AI score0.01545EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/18 4:42 a.m.2 views

NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control

Overview ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for...

4.3CVSS6.5AI score0.01261EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/18 12:0 a.m.66 views

JVN#08740778: NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control

ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for SOAP...

4.3CVSS4.1AI score0.01261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/14 5:9 a.m.3 views

Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries

Overview Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...

9.3CVSS7AI score0.0299EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/14 4:55 a.m.3 views

WN-AC1167GR vulnerable to cross-site scripting

Overview WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS5.9AI score0.00891EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/14 12:0 a.m.46 views

JVN#05340816: Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries

Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installe...

9.3CVSS8.8AI score0.0299EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/14 12:0 a.m.46 views

JVN#01537659: WN-AC1167GR vulnerable to cross-site scripting

WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Impact If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Firmware...

5.4CVSS5.3AI score0.00891EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/13 4:49 a.m.4 views

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN62392065. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS5.8AI score0.01278EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/13 4:49 a.m.2 views

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Note that this vulnerability is different from JVN77253951. Gen Sato of Mitsui Bussan Secure...

6.1CVSS5.8AI score0.02603EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/13 12:0 a.m.44 views

JVN#62392065: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by th...

6.1CVSS6AI score0.02603EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/13 12:0 a.m.39 views

JVN#77253951: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the plugin Update the plugin accordi...

6.1CVSS6AI score0.01278EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 7:5 a.m.1 views

The API in Cybozu Office vulnerable to denial-of-service (DoS)

Overview The API in Cybozu Office contains a denial-of-service DoS vulnerability. Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. Impact A...

7.8CVSS9AI score0.01661EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 7:5 a.m.2 views

Cybozu Office fails to restrict access permission in the templates delete function in "customapp"

Overview Cybozu Office contains an access restriction flaw in the templates delete function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

5.5CVSS6.7AI score0.01206EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 7:5 a.m.3 views

Cybozu Office fails to restrict access permission in the file export function in "customapp"

Overview Cybozu Office contains an access restriction flaw in the file export function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

4.3CVSS6.7AI score0.01041EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 7:5 a.m.2 views

The design setting screen in Cybozu Office vulnerable to cross-site scripting

Overview The design setting screen in Cybozu Office contains a cross-site scripting vulnerability. Kazuto Sagamihara reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

5.4CVSS6AI score0.00872EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 4:37 a.m.2 views

ASSETBASE vulnerable to cross-site scripting

Overview ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6AI score0.01174EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 12:0 a.m.74 views

JVN#17535578: Multiple vulnerabilities in Cybozu Office

Cybozu Office contains multiple vulnerabilities listed below. Cross-site scripting in the design setting screen CWE-79 - CVE-2017-2114 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0...

7.1CVSS7.8AI score0.01661EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/11 12:0 a.m.40 views

JVN#82019695: ASSETBASE vulnerable to cross-site scripting

ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the Software Update to the latest...

6.1CVSS6.1AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 9:13 a.m.2 views

CS-Cart Japanese Edition vulnerable to cross-site request forgery

Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery CWE-352 vulnerability. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.5AI score0.01031EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 9:13 a.m.2 views

CS-Cart Japanese Edition fails to restrict access permissions

Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.3CVSS6.7AI score0.01224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 4:47 a.m.1 views

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a reflected cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS5.9AI score0.01678EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 4:47 a.m.6 views

CS-Cart Japanese Edition fails to restrict access permissions

Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Note that this vulnerability is different from JVN14396697. Hirota Kazuki of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/C...

5.3CVSS6.8AI score0.01174EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 4:40 a.m.4 views

WN-G300R3 vulnerable to stack based buffer overflow

Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

10CVSS7.6AI score0.03076EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 4:36 a.m.3 views

WN-G300R3 vulnerable to OS command injection

Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

9CVSS7.6AI score0.01632EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 12:0 a.m.57 views

JVN#81024552: Multiple vulnerabilities in WN-G300R3

WN-G300R3 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2141 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...

10CVSS8.5AI score0.03076EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 12:0 a.m.46 views

JVN#87770873: CS-Cart Japanese Edition vulnerable to cross-site request forgery

​CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery CWE-352 vulnerability. Impact If a consumer views a malicious page while logged in, an unintended item may be purchased. Solution Update the Software Update to the latest...

8.8CVSS8.7AI score0.01031EPSS
Exploits0
Total number of security vulnerabilities5625