Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/31 12:0 a.m.•27 views

JVN#85213412: Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection

Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Apply a Workaround The following workaround can mitigate t...

7.8CVSS7.7AI score0.01534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/25 5:26 a.m.•5 views

LINE for Windows fails to properly verify downloaded files

Overview The auto update function in LINE for Windows provided by LINE Corporation contains a vulnerability where downloaded files are not properly verified. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation...

8.1CVSS6.5AI score0.02201EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/25 12:0 a.m.•29 views

JVN#05924524: LINE for Windows fails to properly verify downloaded files

The auto update function in LINE for Windows provided by LINE Corporation contains a vulnerability where downloaded files are not properly verified. Impact A successful man-in-the-middle attack may result in a specially crafted file prepared by an attacker being downloaded and executed. Solution...

8.1CVSS7.9AI score0.02201EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/24 5:14 a.m.•4 views

YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)

Overview YoruFukurou NightOwl is a Twitter client application for OS X. YoruFukurou uses OS X API CTFramesetter to render text contents. CTFramesetter has a problem in processing a certain emoji character sequence, which may cause YoruFukurou to crash. This problem was verified on OS X v10.9...

6.5CVSS6.6AI score0.01741EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/24 12:0 a.m.•30 views

JVN#94816361: YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)

YoruFukurou NightOwl is a Twitter client application for OS X. YoruFukurou uses OS X API CTFramesetter to render text contents. CTFramesetter has a problem in processing a certain emoji character sequence, which may cause YoruFukurou to crash. This problem was verified on OS X v10.9 Mavericks. Th...

6.5CVSS6.4AI score0.01741EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/23 4:37 a.m.•4 views

simple chat vulnerable to cross-site scripting

Overview simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.01176EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/23 12:0 a.m.•31 views

JVN#42262137: simple chat vulnerable to cross-site scripting

simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected simple...

6.1CVSS6AI score0.01176EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•4 views

Cybozu Garoon fails to restrict access permissions

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon fails to restrict access permissions in the error page. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...

4.3CVSS6.5AI score0.01024EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•5 views

Cybozu Garoon vulnerable to authentication bypass

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an authentication bypass vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security...

9.8CVSS6.9AI score0.03284EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•5 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the "Messages" function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

8.8CVSS7.4AI score0.01537EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•5 views

"Check available times" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Check available times" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

6.1CVSS6AI score0.01077EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•6 views

"New appointment" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "New appointment" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under...

6.1CVSS6AI score0.01077EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•4 views

"User details" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "User details" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under th...

6.1CVSS6AI score0.01077EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•6 views

"Response request" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Response request" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated unde...

6.1CVSS6AI score0.01152EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•5 views

Cybozu Garoon vulnerable to open redirect

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the "Scheduler" function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

6.1CVSS6.6AI score0.01331EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•39 views

JVN#67595539: Cybozu Garoon multiple cross-site scripting vulnerabilities

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Cross-site scripting in the "Response request" function - CVE-2016-1214 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score:...

6.1CVSS6.5AI score0.01152EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•43 views

JVN#83568336: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the "Messages" function. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest version according to t...

8.8CVSS8.8AI score0.01537EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•28 views

JVN#89211736: Cybozu Garoon vulnerable to authentication bypass

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an authentication bypass vulnerability. Impact A remote attacker may bypass login authentication. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

9.8CVSS9.6AI score0.03284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•47 views

JVN#93411577: Cybozu Garoon fails to restrict access permissions

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon fails to restrict access permissions in the error page. Impact A user may be able to obtain product settings information. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS4.6AI score0.01024EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 12:0 a.m.•39 views

JVN#67266823: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the "Scheduler" function. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack...

6.1CVSS6.4AI score0.01331EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/19 5:13 a.m.•7 views

Geeklog IVYWE edition contains a cross-site scripting vulnerability

Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.1CVSS6AI score0.01307EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/19 12:0 a.m.•28 views

JVN#09836883: Geeklog IVYWE edition contains a cross-site scripting vulnerability

Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the appropriate patch according to the information provided by...

6.1CVSS6AI score0.01307EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 5:24 a.m.•6 views

OSSEC Web UI vulnerable to cross-site scripting

Overview OSSEC Web UI is a web interface for use with Open Source HIDS Security OSSEC. OSSEC Web UI contains a cross-site scripting CWE-79 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.1AI score0.01286EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 5:9 a.m.•4 views

ClipBucket vulnerable to cross-site scripting

Overview Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting CWE-79 vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

6.1CVSS6.1AI score0.01627EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 12:0 a.m.•39 views

JVN#58455472: OSSEC Web UI vulnerable to cross-site scripting

OSSEC Web UI is a web interface for use with Open Source HIDS Security OSSEC. OSSEC Web UI contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

6.1CVSS6.1AI score0.01286EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 12:0 a.m.•39 views

JVN#28386124: ClipBucket vulnerable to cross-site scripting

Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the vendor...

6.1CVSS6AI score0.01627EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/17 7:12 a.m.•11 views

Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries

Overview PhishWall Client Internet Explorer Version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer Version contains an issue with the DLL search path, which may lead to insecurely loading dynamic linking...

9.3CVSS6.9AI score0.01475EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/17 12:0 a.m.•45 views

JVN#45583702: Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries

PhishWall Client Internet Explorer Version, provided by SecureBrain Corporation, is an anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer Version contains an issue with the DLL search path, which may lead to insecurely loading dynamic linking libraries. This...

9.3CVSS7.7AI score0.01475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:14 a.m.•5 views

Cybozu Mailwise contains issue in preventing clickjacking attacks

Overview Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

4.3CVSS6.6AI score0.01481EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:14 a.m.•5 views

Cybozu Mailwise vulnerable to information disclosure

Overview Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained ...

6.5CVSS6.3AI score0.01892EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:14 a.m.•4 views

Cybozu Mailwise vulnerable to information disclosure

Overview Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinat...

4.7CVSS6.1AI score0.01586EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:10 a.m.•7 views

Cybozu Mailwise vulnerable to mail header injection

Overview Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

4.3CVSS6.9AI score0.01481EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 12:0 a.m.•31 views

JVN#02576342: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Impact When a user opens a specially crafted email, an attacker can notice that the user read the email. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS4.5AI score0.01586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 12:0 a.m.•36 views

JVN#03052683: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the pa...

6.5CVSS6.3AI score0.01892EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 12:0 a.m.•39 views

JVN#01353821: Cybozu Mailwise vulnerable to mail header injection

Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Impact If a user is tricked into sending a specially crafted request, the header of the email to be sent may be altered. Solution Update the Software Update to the latest version according to the...

4.3CVSS4.8AI score0.01481EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 12:0 a.m.•43 views

JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks

Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...

4.3CVSS4.8AI score0.01481EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/08 3:28 a.m.•4 views

Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery

Overview Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS6.9AI score0.02385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/08 12:0 a.m.•40 views

JVN#35062083: Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery

Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. Impact If a user views a malicious page, an arbitrary content may be deleted. Solution Update the Firmware Apply the appropriate...

8.8CVSS8.7AI score0.02385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/05 4:41 a.m.•3 views

Android stock browser vulnerable to denial-of-service (DoS)

Overview The Android stock browser contains a denial-of-service DoS vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When receiving a specially crafted packet, th...

4.3CVSS6.6AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/05 12:0 a.m.•11 views

JVN#09470233: Android stock browser vulnerable to denial-of-service (DoS)

The Android stock browser contains a denial-of-service DoS vulnerability. Impact When receiving a specially crafted packet, the Android stock browser may crash. Solution Do not use Android stock browser If using an affected version of the Android stock browser, it is recommended to use another...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/04 4:41 a.m.•6 views

Coordinate Plus App fails to verify SSL server certificates

Overview Coordinate Plus App provided by Toshiba Corporation fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle...

5.9CVSS6.5AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/04 12:0 a.m.•39 views

JVN#06920277: Coordinate Plus App fails to verify SSL server certificates

Coordinate Plus App provided by Toshiba Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by th...

5.9CVSS5.3AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/02 4:50 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/25 2:15 a.m.•6 views

EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection

Overview EC-CUBE plugin "Coupon Plugin" provided by Seed Inc. contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

9.8CVSS7.6AI score0.021EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/25 2:15 a.m.•5 views

Android OS issue where it is affected by the CRIME attack

Overview The implementation of the TLS protocol in Android OS contains a vulnerability where plaintext HTTP headers may be obtained. The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of...

3.7CVSS9.1AI score0.04266EPSS
Exploits2References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/25 2:14 a.m.•5 views

Android OS Contacts app fails to restrict access permissions

Overview The Contacts app within the Android OS contains a vulnerability where it fails to restrict access permissions. The Contacts app within the Android OS receives requests for outgoing calls through Intents and calls the Dialer app. The Contacts app contains a vulnerability where it fails to...

2.6CVSS6.5AI score
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/22 12:0 a.m.•75 views

JVN#65273415: Android OS issue where it is affected by the CRIME attack

The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of the unencrypted data. When this function is enabled on both the client and server, it results in a vulnerability where plaintext HTTP...

2.6CVSS5.2AI score0.04266EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/22 12:0 a.m.•11 views

JVN#06212291: Android OS Contacts app fails to restrict access permissions

The Contacts app within the Android OS receives requests for outgoing calls through Intents and calls the Dialer app. The Contacts app contains a vulnerability where it fails to restrict access permissions, since it receives and processes Intents from apps without CALLPHONE permissions. Impact Wh...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/22 12:0 a.m.•40 views

JVN#40696431: EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection

EC-CUBE plugin "Coupon Plugin" provided by Seed Inc. contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the...

9.8CVSS9.7AI score0.021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 5:56 a.m.•6 views

Vtiger CRM does not properly restrict access to application data

Overview Vtiger CRM is a customer relationship management CRM software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with th...

8.1CVSS6.5AI score0.02207EPSS
Exploits0References6
Total number of security vulnerabilities5625