Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•40 views

JVN#46351856: Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery

L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Impact If a user views a malicious page while logged-in, unintended operations may be conducted. Solution Update the firmware Update the firmwa...

8.8CVSS8.6AI score0.00977EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•33 views

JVN#09736331: Cybozu Office vulnerable to information disclosure

Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page...

6.5CVSS6.3AI score0.02023EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•30 views

JVN#11288252: Cybozu Office vulnerable to Reflected File Download (RFD)

Cybozu Office contains a Reflected File Download RFD vulnerability. Impact If a user accesess a malicious page while logged in, unintended files may be downloaded. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

3.5CVSS3.8AI score0.0096EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•37 views

JVN#06726266: Cybozu Office multiple cross-site scripting vulnerabilities

Cybozu Office contains multiple cross-site scripting vulnerabilities below. Cross-site scripting in the "Customapp" function - CVE-2016-4865 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score:...

5.4CVSS5.4AI score0.00964EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•58 views

JVN#07148816: Multiple access restriction bypass vulnerabilities in Cybozu Office

Cybozu Office contains multiple access restriction bypass vulnerabilities below. Access restriction bypass in the "Project" function - CVE-2016-4867 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base...

4.3CVSS4.8AI score0.01366EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•4 views

baserCMS plugin Uploader vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Uploader contain a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS6.6AI score0.00924EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•4 views

baserCMS plugin Mail vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS6.5AI score0.00924EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•4 views

baserCMS plugin Feed vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Feed contain a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS6.5AI score0.00924EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•5 views

baserCMS plugin Blog vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS6.5AI score0.00924EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a stored cross-site scripting vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

5.4CVSS5.8AI score0.00902EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•5 views

baserCMS vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

8.8CVSS6.5AI score0.00924EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS6.5AI score0.00944EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•5 views

baserCMS plugin Blog vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

8.8CVSS6.5AI score0.00944EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•5 views

baserCMS plugin Blog vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a stored cross-site scripting vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

5.4CVSS5.8AI score0.00921EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS plugin Mail vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

8.8CVSS6.5AI score0.00878EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•5 views

baserCMS plugin Mail vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this...

5.4CVSS5.8AI score0.00897EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.9AI score0.00913EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 5:39 a.m.•6 views

ManageEngine ServiceDesk Plus uses an insecure method for cookie generation

Overview ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus uses an insecure method for generating cookies. Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.3CVSS6.7AI score0.03456EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 5:39 a.m.•4 views

ManageEngine ServiceDesk Plus fails to restrict access permissions

Overview ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus fails to restrict access permissions. Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS6.5AI score0.02683EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 5:39 a.m.•20 views

ManageEngine ServiceDesk Plus vulnerable to cross-site scripting

Overview ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting CWE-79 vulnerability. Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

5.4CVSS5.9AI score0.01927EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 12:0 a.m.•24 views

JVN#72559412: ManageEngine ServiceDesk Plus uses an insecure method for cookie generation

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus uses an insecure method for generating cookies. Impact If an attacker obtains a user's cookie, the password contained in the cookie can be easily guessed. Solution Update the software...

5.3CVSS5.2AI score0.03456EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 12:0 a.m.•47 views

JVN#50347324: ManageEngine ServiceDesk Plus vulnerable to cross-site scripting

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on a web browser of a user that is logged in. Solution Update the software Upda...

5.4CVSS5.2AI score0.01927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 12:0 a.m.•27 views

JVN#89726415: ManageEngine ServiceDesk Plus fails to restrict access permissions

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus fails to restrict access permissions. Impact A user logged in with guest privileges may access functions for which permissions are not granted. Solution Update the software Update to...

8.8CVSS8.6AI score0.02683EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 12:0 a.m.•82 views

JVN#92765814: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugins "Blog", "Mail", "Feed", and "Uploader" contain the following vulnerabilities. Cross-site request forgery CWE-352 - CVE-2016-4879, CVE-2016-4881, CVE-2016-4884, CVE-2016-4885,...

8.8CVSS7.4AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/23 5:15 a.m.•3 views

Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...

6.1CVSS6AI score0.0168EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/23 12:0 a.m.•33 views

JVN#46087986: Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution...

6.1CVSS6.1AI score0.0168EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/20 6:19 a.m.•7 views

Money Forward Apps for Android vulnerability that allows unintended operations

Overview Money Forward Apps for Android contain a vulnerability where unintended operations may be performed. Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS6.5AI score0.01367EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/20 6:19 a.m.•6 views

Money Forward Apps for Android vulnerable in the WebView class

Overview Money Forward Apps for Android contain a vulnerability in the WebView class. Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a us...

5.5CVSS6.5AI score0.01661EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/20 12:0 a.m.•26 views

JVN#61297210: Money Forward Apps for Android vulnerable in the WebView class

Money Forward Apps for Android contain a vulnerability in the WebView class. Impact If a user of the affected product uses another malicious Android application, information managed by the affected product may be disclosed. Solution Update the application Update to the latest version according to...

5.5CVSS5.2AI score0.01661EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/20 12:0 a.m.•47 views

JVN#49343562: Money Forward Apps for Android vulnerability that allows unintended operations

Money Forward Apps for Android contain a vulnerability where unintended operations may be performed. Impact When a user executes a malicious application, it may perform an unintended operation. Solution Update the Application Update to the latest version according to the information provided by t...

7.8CVSS7.4AI score0.01367EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 5:31 a.m.•3 views

Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met. An attacker can place a specific file into the system The attacker can execute a specific API fr...

4.7CVSS6.9AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 5:17 a.m.•2 views

Splunk Enterprise and Splunk Light vulnerable to cross-site scripting

Overview Splunk Enterprise and Splunk Light contain a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN71462075. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.1CVSS6.1AI score0.00631EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 5:16 a.m.•4 views

Splunk Enterprise and Splunk Light vulnerable to open redirect

Overview Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Note that this vulnerability is different from JVN39926655. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6.6AI score0.01432EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 5:8 a.m.•6 views

Splunk Enterprise and Splunk Light vulnerable to open redirect

Overview Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Note that this vulnerability is different from JVN64800312. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6.6AI score0.00812EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 4:56 a.m.•6 views

Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting

Overview Splunk Enterprise and Splunk Lite contain a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN74244518. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.8CVSS5.9AI score0.00976EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•38 views

JVN#74244518: Splunk Enterprise and Splunk Light vulnerable to cross-site scripting

Splunk Enterprise and Splunk Light contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Splunk...

4.8CVSS5.2AI score0.00631EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•44 views

JVN#64800312: Splunk Enterprise and Splunk Light vulnerable to open redirect

Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...

6.1CVSS6.2AI score0.01432EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•42 views

JVN#39926655: Splunk Enterprise and Splunk Light vulnerable to open redirect

Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...

6.1CVSS6.3AI score0.00812EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•35 views

JVN#71462075: Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting

Splunk Enterprise and Splunk Lite contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser by an attacker who can log-in to the system as an administrator. Solution Update the Software Update to the latest version according t...

4.8CVSS4.8AI score0.00976EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•14 views

JVN#98126322: Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met. An attacker can place a specific file into the system The attacker can execute a specific API from the...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 5:26 a.m.•7 views

H2O use of externally-controlled format string

Overview H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information...

7.5CVSS7AI score0.01802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 5:11 a.m.•3 views

Zend Framework vulnerable to SQL injection

Overview Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC...

9.8CVSS7.6AI score0.04124EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 12:0 a.m.•27 views

JVN#18926672: Zend Framework vulnerable to SQL injection

Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Impact Information stored in the database may be obtained or altered by a remote attacker...

9.8CVSS9.6AI score0.04124EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 12:0 a.m.•39 views

JVN#94779084: H2O use of externally-controlled format string

H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Impact An unauthenticated remote attacker may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.5AI score0.01802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/14 6:0 a.m.•6 views

CS-Cart add-on "Twigmo" vulnerable to PHP object injection

Overview CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

8.8CVSS7.7AI score0.02071EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/14 12:0 a.m.•37 views

JVN#55389065: CS-Cart add-on "Twigmo" vulnerable to PHP object injection

CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Edit twigmo.php This vulnerability can be addressed by deleting or commenting out the following part...

8.8CVSS9AI score0.02071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/06 4:45 a.m.•4 views

ADOdb vulnerable to cross-site scripting

Overview ADOdb is a database abstraction layer for PHP. The library's test script test.php contains a cross-site scripting CWE-79 vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01946EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/06 12:0 a.m.•36 views

JVN#48237713: ADOdb vulnerable to cross-site scripting

ADOdb is a database abstraction layer for PHP. The library's test script test.php contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

6.1CVSS6.2AI score0.01946EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/02 7:9 a.m.•5 views

Information Disclosure Vulnerability in Hitachi Automation Director and JP1/Automatic Operation

Overview An Information Disclosure Vulnerability was found in Hitachi Automation Director and JP1/Automatic Operation. Impact Remote attackers might exploit this vulnerability to obtain user credentials. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...

3.5CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/31 6:33 a.m.•3 views

Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection

Overview Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

7.8CVSS7.6AI score0.01534EPSS
Exploits0References5
Total number of security vulnerabilities5625