Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•36 views

JVN#23549283: CG-WLR300NX fails to restrict access permissions

CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Impact An attacker who can access the product may perform an arbitrary operation in the product while an administrator logs in. Solution Update the Firmware Update to the latest version ...

8.8CVSS8.6AI score0.00889EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•29 views

JVN#34103586: Multiple I-O DATA network camera products vulnerable to information disclosure

Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability CWE-200. Impact Information such as authentication credentials may be disclosed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware...

7.5CVSS7.5AI score0.02663EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•39 views

JVN#92237169: CG-WLR300NX vulnerable to cross-site scripting

CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update to the latest version of firmware according to the information...

4.8CVSS4.9AI score0.00765EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•41 views

JVN#23823838: CG-WLR300NX vulnerable to cross-site request forgery

CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest version of...

8.8CVSS8.7AI score0.00913EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 12:0 a.m.•39 views

JVN#25060672: Multiple Corega wireless LAN routers vulnerable to cross-site scripting

Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Use CG-WLR300NX or CG-WFR600 CG-WLBARGMH and CG-WLBARGNL are no longer being supported, therefore fix for this vulnerability wil...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/10 7:59 a.m.•2 views

Vulnerabilitie in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM

Overview A Remote Command Execution Vulnerability was found in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM. Impact Remote attackers might exploit this vulnerability to execute arbitrary commands. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...

10CVSS7.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/02 7:21 a.m.•3 views

Access restriction bypass vulnerability in WFS-SR01

Overview WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of it...

7.5CVSS6.9AI score0.02016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/02 7:20 a.m.•4 views

Command injection vulnerability in WFS-SR01

Overview WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its soluti...

10CVSS8.1AI score0.03977EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/02 12:0 a.m.•48 views

JVN#18228200: Multiple vulnerabilities in WFS-SR01

WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains multiple vulnerabilities in "Pocket Router Function" listed below. Command injection - CVE-2016-7806 Version| Vector| Score ---|---|--- CVSS v3|...

10CVSS8.8AI score0.03977EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 7:44 a.m.•3 views

The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT...

9.3CVSS6.8AI score0.01829EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 4:47 a.m.•3 views

mobiGate App fails to verify SSL server certificates

Overview mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to Nihon Unisys, Ltd., and Nihon Unisys, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

5.9CVSS6.5AI score0.00642EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 12:0 a.m.•39 views

JVN#91002412: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...

9.3CVSS7.7AI score0.01829EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/01 12:0 a.m.•39 views

JVN#27260483: mobiGate App fails to verify SSL server certificates

mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/26 6:13 a.m.•4 views

Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries

Overview 7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this...

7.8CVSS6.9AI score0.01811EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/26 12:0 a.m.•39 views

JVN#76780067: Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries

7-Zip for Windows is an open source compression and decompression software. The installer of 7-Zip for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.7AI score0.01811EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/20 5:22 a.m.•4 views

SQL injection vulnerability in WordPress plugin WP-OliveCart

Overview WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains an SQL injection vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under information...

9.8CVSS7.6AI score0.01918EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/20 5:22 a.m.•6 views

Cross-site request forgery vulnerability in WordPress plugin WP-OliveCart

Overview WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site request forgery vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.6AI score0.00923EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/20 5:22 a.m.•4 views

Cross-site scripting vulnerability in WordPress plugin WP-OliveCart

Overview WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site scripting vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...

6.1CVSS6.2AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/20 12:0 a.m.•34 views

JVN#14567604: Multiple vulnerabilities in WordPress plugin WP-OliveCart

WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains the following vulnerabilities. Cross-site scripting CWE-79 - CVE-2016-4903 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

9.8CVSS7.8AI score0.01918EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/19 6:32 a.m.•7 views

Installer of Evernote for Windows may insecurely load Dynamic Link Libraries

Overview The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

7.8CVSS6.9AI score0.01534EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/19 3:29 a.m.•4 views

The installer of e-Tax Software may insecurely load Dynamic Link Libraries

Overview The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS7.3AI score0.01534EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/19 12:0 a.m.•30 views

JVN#03251132: Installer of Evernote for Windows may insecurely load Dynamic Link Libraries

The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the latest installer...

7.8CVSS7.6AI score0.01534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/18 12:0 a.m.•79 views

JVN#63012325: The installer of e-Tax Software may insecurely load Dynamic Link Libraries

The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, arbitrary co...

7.8CVSS7.8AI score0.01534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/13 12:0 a.m.•58 views

JVN#70380788: BASP21 vulnerable to mail header injection

BASP21 provided by B21Soft, Inc. contains a mail header injection vulnerability. Impact The header of an email created by BASP21 to be sent from a web application mail form may be altered by an unauthenticated remote attacker. As a result, an unintended email may be sent or a denial-of-service Do...

6.4CVSS6.6AI score0.01449EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/12 1:3 a.m.•6 views

Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...

5.4CVSS7.3AI score0.00711EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to cross-site request forgery

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains cross-site request forgery vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

8.8CVSS6.7AI score0.00977EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to cross-site scripting

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains cross-site scripting vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.1CVSS6.2AI score0.01278EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to SQL injection

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains an SQL injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact An arbitrary...

8.8CVSS8AI score0.01559EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•4 views

SetucoCMS vulnerable to denial-of-service (DoS)

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains denial-of-service DoS vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact A remot...

5.3CVSS6.8AI score0.02136EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•4 views

SetucoCMS vulnerable to code injection

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact Arbitrary code...

8.8CVSS7.3AI score0.02025EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to session management

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains session management vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS6.7AI score0.01347EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 5:11 a.m.•5 views

Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)

Overview Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. ASHINO, Yuki of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

4.3CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 4:50 a.m.•6 views

Usermin cross-site scripting vulnerabilties

Overview Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/saveforward.cgi, /filter/save.cgi and /man/search.cgi. Toshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6.1AI score0.01114EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•57 views

JVN#80157683: SetucoCMS multiple vulnerabilities

SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains multiple vulnerabilities listed below. Cross-site request forgery - CVE-2016-4891 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

8.8CVSS7.3AI score0.02136EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•38 views

JVN#32504719: Usermin cross-site scripting vulnerabilities

Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/saveforward.cgi, /filter/save.cgi and /man/search.cgi. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the software...

6.1CVSS6.3AI score0.01114EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•31 views

JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet pass-thru Mode...

4.3CVSS5.2AI score0.00711EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•15 views

JVN#20786316: Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)

Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. Impact If CNG processes a specially crafted key data, the product may be terminated abnormally. Solution Upgrade Windows According to the developer, CNG included in Windows 8 and...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:47 a.m.•4 views

Cybozu Office vulnerable to Reflected File Download (RFD)

Overview Cybozu Office contains a Reflected File Download RFD vulnerability. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...

3.5CVSS6.5AI score0.0096EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:46 a.m.•4 views

Cybozu Office vulnerable to denial-of-service (DoS)

Overview Cybozu Office contains a denial-of-service DoS vulnerability. Shuichi Uruma reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...

6.8CVSS6.4AI score0.02265EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•5 views

"Project" function in Cybozu Office vulnerable vulnerable to operation restriction bypass

Overview Cybozu Office provided by Cybozu,Inc. contains an operation restriction bypass vulnerability in the "Project" function. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/C...

4.3CVSS6.6AI score0.01183EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•6 views

Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass

Overview Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

4.3CVSS6.5AI score0.01366EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•6 views

"Schedule" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

5.4CVSS6AI score0.00964EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•9 views

Cybozu Office vulnerable to information disclosure

Overview Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in...

6.5CVSS6.3AI score0.02023EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•2 views

Cybozu Office vulnerable to mail header injection

Overview Cybozu Office contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnershi...

4.3CVSS6.9AI score0.01481EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•4 views

"Project" function in Cybozu Office vulnerable vulnerable to access restriction bypass

Overview Cybozu Office provided by Cybozu,Inc. contains an access restriction bypass vulnerability in the "Project" function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security...

4.3CVSS6.6AI score0.01366EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•4 views

"Project" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated unde...

4.8CVSS6AI score0.00845EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•3 views

"Customapp" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. Impact ...

4.8CVSS6AI score0.00845EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:17 a.m.•5 views

Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery

Overview L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.5AI score0.00977EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•36 views

JVN#08736331: Cybozu Office vulnerable to mail header injection

Cybozu Office contains a mail header injection vulnerability in the process of sending emails. Impact If a user is tricked into sending a specially crafted request, the header of the email to be sent may be altered. As a result, unintended emails may be sent. Solution Update the Software Update t...

4.3CVSS4.5AI score0.01481EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•30 views

JVN#10092452: Cybozu Office vulnerable to denial-of-service (DoS)

Cybozu Office contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS that consumes system resources. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cybozu...

6.8CVSS6.2AI score0.02265EPSS
Exploits0
Total number of security vulnerabilities5625