Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/10 12:0 a.m.•52 views

JVN#17633442: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.01678EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/10 12:0 a.m.•33 views

JVN#25598952: ​CS-Cart Japanese Edition fails to restrict access permissions

CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Impact An unauthenticated remote attacker may create a request of return an item that a consumer has purchased. Solution Update the Software Update to the latest versi...

5.3CVSS5.3AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/10 12:0 a.m.•45 views

JVN#14396697: CS-Cart Japanese Edition fails to restrict access permissions

CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Impact An unauthenticated remote attacker may obtain consumer's information such as its name and street address registered in the website. Solution Update the Software...

5.3CVSS5.3AI score0.01224EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/07 5:47 a.m.•3 views

Tablacus Explorer vulnerable to script injection

Overview Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS7.2AI score0.0137EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/07 12:0 a.m.•64 views

JVN#64451600: Tablacus Explorer vulnerable to script injection

Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Impact When a user accesses a crafted directory, an arbitrary script may be executed on Tablacus Explorer. As a result, an arbitrary OS command may...

8.8CVSS8.8AI score0.0137EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/30 6:1 a.m.•4 views

Vulnerability in JP1/Cm2/Network Node Manager i

Overview A vulnerability CVE-2016-4397 exists in JP1/Cm2/Network Node Manager i. Impact An attacker may have unspecified impact. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.8CVSS7AI score0.01041EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/30 5:37 a.m.•2 views

CentreCOM AR260S V2 vulnerable to privilege escalation

Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Ziv Chang of Trend Micro Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.8CVSS7.2AI score0.01916EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/30 12:0 a.m.•72 views

JVN#55121369: CentreCOM AR260S V2 vulnerable to privilege escalation

​CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Impact Unintended operations may be performed with administrative privileges by a user who can log into the product with "guest" account. Solution Apply...

8.8CVSS9.1AI score0.01916EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/23 3:23 a.m.•2 views

WordPress plugin "YOP Poll" vulnerable to cross-site scripting

Overview The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.9AI score0.00936EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/23 12:0 a.m.•41 views

JVN#55294532: WordPress plugin "YOP Poll" vulnerable to cross-site scripting

The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the web browser of a user accessing the poll generated by the application. Solution Update the plugin Update the plugin according to the information provided ...

5.4CVSS5.3AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/22 5:43 a.m.•1 views

Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries

Overview PhishWall Client Internet Explorer version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer version contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

7.8CVSS7AI score0.01735EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/22 12:0 a.m.•36 views

JVN#93699304: Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries

PhishWall Client Internet Explorer version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer version contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

7.8CVSS7.7AI score0.01735EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/16 4:32 a.m.•2 views

Security guide for website operators vulnerable to OS command injection

Overview Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. This vulnerability was reported by IPA to notify users of its solution through JVN. JPCERT/CC a...

8.8CVSS7.6AI score0.01596EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/16 12:0 a.m.•46 views

JVN#11448789: Security guide for website operators vulnerable to OS command injection

Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Do...

8.8CVSS8.9AI score0.01596EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/13 4:42 a.m.•4 views

Cybozu KUNAI for Android information management vulnerability

Overview Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default. Cybozu KUNAI for Android contains an issu...

2.6CVSS6.5AI score0.01052EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/13 12:0 a.m.•37 views

JVN#88745657: Cybozu KUNAI for Android information management vulnerability

Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default. Cybozu KUNAI for Android contains an issue where i...

2.6CVSS3.5AI score0.01052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/08 12:57 a.m.•4 views

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Note that this vulnerability is different from JVN49408248. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication...

6.1CVSS6.1AI score0.01146EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/08 12:57 a.m.•0 views

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the language selection screen. Note that this vulnerability is different from JVN13003724. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this...

6.1CVSS6.1AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/07 12:0 a.m.•22 views

JVN#49408248: OneThird CMS vulnerable to cross-site scripting

OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the language selection screen. Impact An arbitrary script may be executed on the user's web browser. Solution For the users who have installed OneThird CMS already: Update th...

6.1CVSS6.2AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/07 12:0 a.m.•29 views

JVN#13003724: OneThird CMS vulnerable to cross-site scripting

OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the...

6.1CVSS6AI score0.01146EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/02 5:36 a.m.•2 views

Multiple I-O DATA network camera products vulnerable to buffer overflow

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS7.8AI score0.01592EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/02 5:36 a.m.•3 views

Multiple I-O DATA network camera products vulnerable to OS command injection

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

8.8CVSS8AI score0.01664EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/02 5:36 a.m.•1 views

Multiple I-O DATA network camera products vulnerable to HTTP header injection

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

6.1CVSS7AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/02 12:0 a.m.•66 views

JVN#46830433: Multiple I-O DATA network camera products multiple vulnerabilities

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. HTTP header injection CWE-113 - CVE-2017-2111 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2|...

8.8CVSS8.5AI score0.01664EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/01 7:31 a.m.•2 views

Access CX App fails to verify SSL server certificates

Overview Access CX App provided by NISSAN SECURITIES CO., LTD. fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle...

5.9CVSS6.5AI score0.00642EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/01 6:53 a.m.•7 views

PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries

Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application is vulnerable to load specific Dynamic Link Libraries in the same directory CWE-427 . Eiji James Yoshida of Security...

7.8CVSS6.9AI score0.00739EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/01 12:0 a.m.•30 views

JVN#82619692: Access CX App fails to verify SSL server certificates

Access CX App provided by NISSAN SECURITIES CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/01 12:0 a.m.•45 views

JVN#88713190: PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries

PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application is vulnerable to load specific Dynamic Link Libraries in the same directory CWE-427 . Impact Arbitrary code may be executed wit...

7.8CVSS7.6AI score0.00739EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 5:22 a.m.•3 views

WBCE CMS vulnerable to SQL injection

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains an SQL injection vulnerability CWE-89. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.2CVSS7.8AI score0.01294EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 5:21 a.m.•4 views

WBCE CMS vulnerable to directory traversal

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

8.6CVSS6.6AI score0.0351EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 5:21 a.m.•4 views

WBCE CMS vulnerable to cross-site scripting

Overview WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains a cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.1CVSS6.1AI score0.01209EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 5:13 a.m.•1 views

CubeCart vulnerable to directory traversal

Overview CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.9CVSS6.4AI score0.02127EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 12:0 a.m.•28 views

JVN#63474730: CubeCart vulnerable to directory traversal

CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. Impact A local file outside of CubeCart may be accessed by an administrator of CubeCart. Solution Update the Software Update to the latest...

4.9CVSS4.9AI score0.02127EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/28 12:0 a.m.•55 views

JVN#73083905: Multiple vulnerabilities in WBCE CMS

WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.6CVSS7.1AI score0.0351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 6:40 a.m.•2 views

Cybozu Garoon fails to restrict access permission in the mail function

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may alter the order of the mail folders. Solution...

4.3CVSS6.6AI score0.01206EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 6:40 a.m.•2 views

Cybozu Garoon fails to restrict access permission in Workflow and the function "MultiReport"

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in Workflow and the function "MultiReport". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may alter or delete...

4.3CVSS6.5AI score0.01056EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 6:40 a.m.•2 views

Cybozu Garoon vulnerable to information disclosure

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Token used for cross-site request forgery CSRF protection may be...

4.3CVSS6.3AI score0.01467EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 6:38 a.m.•2 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

6.5CVSS8AI score0.0247EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 6:38 a.m.•5 views

Cybozu Garoon fails to restrict access permission in the Phone Messages function

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...

4.3CVSS6.5AI score0.01206EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 6:38 a.m.•2 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

5.4CVSS6.1AI score0.00891EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 12:0 a.m.•56 views

JVN#73182875: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-2090 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2| AV:N/AC:L/Au:S/C:P/I:P/A:P|...

6.5CVSS6.4AI score0.0247EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/17 6:13 a.m.•3 views

Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries

Overview 7-ZIP32.DLL is an open source library for compressing and decompressing 7z and zip format files. It can also create self-extracting archive files. Self-extracting archive files created by 7-ZIP32.DLL contain an issue with the DLL search path, which may lead to insecurely loading Dynamic...

7.8CVSS6.8AI score0.00816EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/17 12:0 a.m.•30 views

JVN#86200862: Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries

7-ZIP32.DLL is an open source library for compressing and decompressing 7z and zip format files. It can also create self-extracting archive files. Self-extracting archive files created by 7-ZIP32.DLL contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

7.8CVSS7.7AI score0.00816EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/15 7:20 a.m.•2 views

Apache Brooklyn vulnerable to cross-site scripting

Overview Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains cross-site scripting vulnerabilities. It is known that proof-of-concept code to exploit these vulnerabilties exist. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc...

8.8CVSS6.6AI score0.01963EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/15 7:20 a.m.•3 views

Apache Brooklyn vulnerable to cross-site request forgery

Overview Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains a cross-site request forgery vulnerability. It is known that proof-of-concept code to exploit these vulnerabilties exist. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

8.8CVSS7AI score0.01318EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/15 12:0 a.m.•57 views

JVN#55489964: Multiple vulnerabilities in Apache Brooklyn

Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains the following vulnerabilities. It is known that proof-of-concept code to exploit these vulnerabilties exist. Cross-site Scripting Vulnerabilities CWE-79 - CVE-2017-3165 Version| Vector|...

8.8CVSS6.5AI score0.01963EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/10 6:14 a.m.•0 views

TVer App for Android fails to verify SSL server certificates

Overview TVer App for Android provided by PRESENTCAST INC. fails to verify SSL server certificates. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attac...

5.9CVSS6.5AI score0.00667EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/10 5:58 a.m.•3 views

Norton Download Manager may insecurely load Dynamic Link Libraries

Overview Norton Download Manager provided by Symantec Japan, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS6.8AI score0.0096EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/10 12:0 a.m.•20 views

JVN#53880182: TVer App for Android fails to verify SSL server certificates

TVer App for Android provided by PRESENTCAST INC. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.5AI score0.00667EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/10 12:0 a.m.•52 views

JVN#40667528: Norton Download Manager may insecurely load Dynamic Link Libraries

Norton Download Manager provided by Symantec Japan, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the user running the application. Solution Use the latest Norton Download...

7.8CVSS7.7AI score0.0096EPSS
Exploits0
Total number of security vulnerabilities5625