Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 5:56 a.m.•4 views

WordPress plugin "Nofollow Links" vulnerable to cross-site scripting

Overview The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS5.9AI score0.01805EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 12:0 a.m.•48 views

JVN#01956993: Vtiger CRM does not properly restrict access to application data

Vtiger CRM is a customer relationship management CRM software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Impact A user with user privileges may create new users or alter existing user information. Solution Update the software Update t...

8.1CVSS7.9AI score0.02207EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 12:0 a.m.•31 views

JVN#13582657: WordPress plugin "Nofollow Links" vulnerable to cross-site scripting

The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution Update the plugin Update the plugin according to the information...

6.1CVSS6AI score0.01805EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/15 12:0 a.m.•38 views

JVN#68364327: WAONサービスアプリ App for Android fails to verify SSL server certificates

WAONサービスアプリ App for Android provided by AEON CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...

5.9CVSS5.5AI score0.00898EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/08 5:29 a.m.•5 views

LINE for Windows may insecurely load Dynamic Link Libraries

Overview LINE for Windows provided by LINE Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.8CVSS7.1AI score0.00382EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/08 12:0 a.m.•25 views

JVN#51565015: LINE for Windows may insecurely load Dynamic Link Libraries

LINE for Windows provided by LINE Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Update the Software For cuurent users of LINE for...

7.8CVSS7.9AI score0.00382EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/30 4:53 a.m.•3 views

Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Overview Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. TERASOLUNA FWStruts1 Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS8.7AI score0.35927EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/30 12:0 a.m.•59 views

JVN#89379547: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. Impact Processing a specially crafted request may result in the server's CPU resources to be exhausted. Solution Apply the update...

7.8CVSS6.8AI score0.35927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/29 5:27 a.m.•4 views

Sushiro App fails to verify SSL server certificates

Overview Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates. Yuta Teshima of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00953EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/29 12:0 a.m.•30 views

JVN#30260727: Sushiro App fails to verify SSL server certificates

Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00953EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 5:23 a.m.•5 views

DMM Movie Player App fails to verify SSL server certificates

Overview DMM Movie Player App provided by DMM.com Labo Co.,Ltd. fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00712EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 5:19 a.m.•4 views

Multiple Hikari Denwa routers vulnerable to cross-site request forgery

Overview Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability CWE-352. Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...

8.8CVSS6.7AI score0.01208EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 5:10 a.m.•4 views

Multiple Hikari Denwa routers vulnerable to OS command injection

Overview Multiple Hikari Denwa routers contain an OS command injection vulnerability CWE-78. Ryoya Tsukasaki of Urawa Commercial High School reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS...

7.2CVSS7.6AI score0.02512EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 4:48 a.m.•6 views

QNAP QTS vulnerable to cross-site scripting

Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a cross-site scripting vulnerability CWE-79. Keigo YAMAZAKI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01021EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 12:0 a.m.•43 views

JVN#39594409: DMM Movie Player App fails to verify SSL server certificates

DMM Movie Player App provided by DMM.com Labo Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...

5.9CVSS5.5AI score0.00712EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 12:0 a.m.•34 views

JVN#45034304: Multiple Hikari Denwa routers vulnerable to cross-site request forgery

Multiple Hikari Denwa routers contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Products Affecte...

8.8CVSS8.8AI score0.01208EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 12:0 a.m.•28 views

JVN#42930233: QNAP QTS vulnerable to cross-site scripting

QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update to the latest version of firmware according to the information provided by the...

6.1CVSS6.1AI score0.01021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 12:0 a.m.•29 views

JVN#77403442: Multiple Hikari Denwa routers vulnerable to OS command injection

Multiple Hikari Denwa routers contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed on the product by a logged-in attacker. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Products Affected NIPPON TELEGRA...

7.2CVSS7.3AI score0.02512EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 5:12 a.m.•3 views

WordPress plugin "Welcart e-Commerce" vulnerable to session management

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.5CVSS6.7AI score0.01772EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 5:12 a.m.•4 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN95082904. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

6.1CVSS6.1AI score0.01491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 4:43 a.m.•3 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN55826471. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

6.1CVSS6.1AI score0.01491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 4:43 a.m.•5 views

WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

Overview WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS7.6AI score0.02858EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•28 views

JVN#47363774: WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Update the Software Update to the latest version according to the information provided ...

6.8CVSS5.9AI score0.02858EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•32 views

JVN#55826471: WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the develope...

6.1CVSS6AI score0.01491EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•30 views

JVN#95082904: WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the develope...

6.1CVSS6AI score0.01491EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•40 views

JVN#61578437: WordPress plugin "Welcart e-Commerce" vulnerable to session management

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management. Impact A remote attacker who knows a user's e-mail address may log in with the user privilege. As a result, arbitrary operations may be conducted. Solution Update the Software Update to t...

6.5CVSS6.4AI score0.01772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 5:57 a.m.•4 views

CG-WLR300GNV Series does not limit authentication attempts

Overview CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegish...

5.3CVSS7.1AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 5:57 a.m.•4 views

CG-WLBARAGM vulnerable to denial-of-service (DoS)

Overview CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service DoS vulnerability. Yuji Ukai of FFRI, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.8CVSS6.7AI score0.01939EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 5:56 a.m.•3 views

CG-WLBARGL vulnerable to command injection

Overview CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8CVSS7.2AI score0.01067EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 12:0 a.m.•32 views

JVN#75028871: CG-WLR300GNV Series does not limit authentication attempts

CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perfor...

5.3CVSS5.5AI score0.01385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 12:0 a.m.•27 views

JVN#76653039: CG-WLBARGL vulnerable to command injection

CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Impact An arbitrary command may be executed by an authenticated attacker. Solution Do not use CG-WLBARGL As of Jun 22nd, 2016, there are no practical solutions to this issue. It is...

8CVSS8AI score0.01067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 12:0 a.m.•24 views

JVN#24409899: CG-WLBARAGM vulnerable to denial-of-service (DoS)

CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service DoS vulnerability. Impact An unauthenticated remote attacker may cause the product to reboot. Solution Apply a Workaround The following workarounds may mitigate the affects of this vulnerability...

7.8CVSS7.6AI score0.01939EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 8:20 a.m.•7 views

Apache Struts vulnerable to input validation bypass

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain an input validation bypass vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc...

7.5CVSS6.7AI score0.10013EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 8:19 a.m.•6 views

Apache Struts vulnerable to validation bypass in Getter method

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a validation bypass in Getter method vulnerability. JPCERT/CC Addendum Update: August 25, 2016...

7.5CVSS6.8AI score0.10013EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 8:18 a.m.•2 views

Apache Struts vulnerable to cross-site request forgery

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a cross-site request forgery vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc...

8.8CVSS6.7AI score0.03801EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 7:36 a.m.•50 views

Apache Struts vulnerable to denial-of-service (DoS)

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. ASAI Ken reported this...

5.3CVSS6.8AI score0.10638EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 7:36 a.m.•6 views

Apache Struts vulnerable to remote code execution

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is...

9.8CVSS8.1AI score0.17171EPSS
Exploits2References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 12:0 a.m.•49 views

JVN#12352818: Apache Struts 2 vulnerable to denial-of-service (DoS)

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. Impact An unauthenticated remote...

5.3CVSS5.5AI score0.10638EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 12:0 a.m.•66 views

JVN#07710476: Apache Struts 2 vulnerable to remote code execution

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is publicly...

9.8CVSS9.8AI score0.17171EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 12:0 a.m.•73 views

JVN#45093481: Multiple vulnerabilities in Apache Struts 2

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain multiple vulnerabilities listed below. Cross-site request forgery S2-038 - CVE-2016-4430 Version| Vector|...

8.8CVSS8.5AI score0.10013EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/16 5:3 a.m.•27 views

Deep Discovery Inspector vulnerable to remote code execution

Overview Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the...

9CVSS8.3AI score0.07768EPSS
Exploits2References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/16 12:0 a.m.•32 views

JVN#55428526: Deep Discovery Inspector vulnerable to remote code execution

Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability. Impact An attacker who can access the product as an administrator may execute arbitrary code with the root privilege. Solution For Deep Discovery Inspector 3.5 and later: Apply the patch...

9CVSS7.4AI score0.07768EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/14 5:0 a.m.•6 views

ETX-R vulnerable to denial-of-service (DoS)

Overview ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service DoS vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.3CVSS6.7AI score0.01599EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/14 4:55 a.m.•9 views

ETX-R vulnerable to cross-site request forgery

Overview ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/14 12:0 a.m.•33 views

JVN#96052093: ETX-R vulnerable to denial-of-service (DoS)

ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service DoS vulnerability. Impact A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally. Solution Apply a Workaround The following workarounds may mitigate the...

5.3CVSS5.3AI score0.01599EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/14 12:0 a.m.•37 views

JVN#61317238: ETX-R vulnerable to cross-site request forgery

ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workarounds may mitigate the...

8.8CVSS8.7AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/08 5:30 a.m.•4 views

DX Library vulnerable to remote code execution

Overview DX Library is an open source library for creating Windows applications. DX Library contains a remote code execution vulnerability due to an issue in printfDx. Tomoya Kitagawa of Graduate School of Information Science, Nara Institute of Science and Technology reported this vulnerability t...

9.8CVSS8.2AI score0.03816EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/08 12:0 a.m.•49 views

JVN#15205734: DX Library vulnerable to remote code execution

DX Library is an open source library for creating Windows applications. DX Library contains a remote code execution vulnerability due to an issue in printfDx. Impact When processing a specially crafted string, an application built using DX Library may allow arbitrary code to be executed. Solution...

9.8CVSS9.8AI score0.03816EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 7:26 a.m.•5 views

TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter

Overview The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB has a function to restrict access to contents with specified file extentions from browser requests. This functio...

4.3CVSS6.6AI score0.01771EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 7:26 a.m.•5 views

Apache Struts 1 vulnerable to input validation bypass

Overview The Apache Struts 1 Validator contains a vulnerability where input validation configurations validation rules, error messages, etc. may be modified. This occurs when the following ActionForm including its subclasses are in the session scope. ValidatorForm ValidatorActionForm Impact Effec...

8.2CVSS8AI score0.25737EPSS
Exploits0References14
Total number of security vulnerabilities5625