Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 7:43 a.m.•2 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 4:36 a.m.•2 views

Jetstar App for iOS fails to verify SSL server certificates

Overview Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.4AI score0.00642EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 3:27 a.m.•3 views

php-contact-form vulnerable to cross-site scripting

Overview php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

6.1CVSS6AI score0.01633EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 3:24 a.m.•5 views

HumHub vulnerable to cross-site scripting

Overview HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

5.4CVSS6AI score0.01129EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 12:0 a.m.•31 views

JVN#43529183: Jetstar App for iOS fails to verify SSL server certificates

Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update to the latest version according to the information provided ...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 12:0 a.m.•40 views

JVN#85112513: php-contact-form vulnerable to cross-site scripting

php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS6AI score0.01633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 12:0 a.m.•36 views

JVN#56167268: HumHub vulnerable to cross-site scripting

HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provide...

5.4CVSS5.3AI score0.01129EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/20 5:22 a.m.•5 views

MP Form Mail CGI Professional Edition vulnerable to directory traversal

Overview MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability CWE-22. Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.1CVSS6.6AI score0.02289EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/20 12:0 a.m.•25 views

JVN#42545812: MP Form Mail CGI Professional Edition vulnerable to directory traversal

MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by the product's administrator. Solution Update the software Update to the latest version according to the information provide...

4CVSS3.6AI score0.02289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/19 4:37 a.m.•3 views

Web Mailing List vulnerable to cross-site scripting

Overview Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01417EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/19 12:0 a.m.•32 views

JVN#43076390: Web Mailing List vulnerable to cross-site scripting

Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS6AI score0.01417EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/18 6:26 a.m.•5 views

105 BANK App fails to verify SSL server certificates

Overview 105 BANK App provided by THE HYAKUGO BANK, LTD. is a mobile app for internet banking. 105 BANK App fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

5.9CVSS6.4AI score0.00642EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/18 12:0 a.m.•26 views

JVN#11877654: 百五銀行 (105 BANK) App fails to verify SSL server certificates

百五銀行 105 BANK App provided by THE HYAKUGO BANK, LTD. is a mobile app for internet banking. 百五銀行 App fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 7:14 a.m.•3 views

Cybozu KUNAI App fails to verify SSL server certificates

Overview Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates. Kusano Kazuhiko reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

6.8CVSS6.5AI score0.01194EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 5:48 a.m.•19 views

a-blog cms vulnerable to cross-site scripting

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 5:48 a.m.•6 views

a-blog cms vulnerable to session management

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.5CVSS6.9AI score0.01277EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 12:0 a.m.•48 views

JVN#03975805: a-blog cms vulnerable to session management

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Impact An arbitrary comment posted may be deleted or a commenter's e-mail address may be obtained by an unauthenticated remote attacker...

6.5CVSS6.6AI score0.01277EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 12:0 a.m.•28 views

JVN#73166466: a-blog cms vulnerable to cross-site scripting

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 12:0 a.m.•42 views

JVN#11994518: Cybozu KUNAI App fails to verify SSL server certificates

Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.8CVSS6.4AI score0.01194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/13 5:27 a.m.•25 views

WordPress plugin "Ninja Forms" vulnerable to PHP object injection

Overview WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according...

9.8CVSS7.4AI score0.61612EPSS
Exploits4References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/13 5:27 a.m.•8 views

FileMaker server issue where PHP source code may be viewable

Overview FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Atsushi Matsuo of Emic Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7.5CVSS6.9AI score0.01324EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/13 12:0 a.m.•67 views

JVN#44657371: WordPress plugin "Ninja Forms" vulnerable to PHP object injection

WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according to the...

9.8CVSS9.6AI score0.61612EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/13 12:0 a.m.•38 views

JVN#91638315: FileMaker server issue where PHP source code may be viewable

FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Impact PHP source code may be viewable. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected FileMake...

7.5CVSS7.6AI score0.01324EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/12 5:34 a.m.•6 views

WN-G300R Series vulnerable to cross-site scripting

Overview WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure...

5.4CVSS6.1AI score0.00802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/12 5:34 a.m.•2 views

WN-GDN/R3 Series does not limit authentication attempts

Overview WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force...

4.3CVSS7.1AI score0.00632EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/12 12:0 a.m.•24 views

JVN#25674893: WN-GDN/R3 Series does not limit authentication attempts

WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perform a brute...

4.3CVSS4.8AI score0.00632EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/12 12:0 a.m.•44 views

JVN#22978346: WN-G300R Series vulnerable to cross-site scripting

WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the appropriate firmware update provide...

5.4CVSS5.3AI score0.00802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/11 5:16 a.m.•4 views

Apache Cordova vulnerable to arbitrary plugin execution

Overview Apache Cordova contains a vulnerability where arbitrary plugins may be executed. Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where...

6.8CVSS7AI score0.04623EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/11 5:16 a.m.•5 views

Apache Cordova fails to restrict access permissions

Overview Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied. Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a...

7.5CVSS6.7AI score0.02879EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/11 12:0 a.m.•42 views

JVN#35341085: Apache Cordova fails to restrict access permissions

Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Impact Accessing a specially crafted URL may...

7.5CVSS5.1AI score0.02879EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/11 12:0 a.m.•35 views

JVN#41772178: Apache Cordova vulnerable to arbitrary plugin execution

Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where arbitrary plugins may be executed. Impact Accessing a specially crafted URL may result in...

4.4CVSS4.6AI score0.04623EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 5:24 a.m.•6 views

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

8.8CVSS6.6AI score0.00636EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 5:18 a.m.•7 views

Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.1CVSS6AI score0.0102EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 4:56 a.m.•4 views

EC-CUBE fails to restrict access permissions

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Note that this vulnerability is different from JVN47473944. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

6.5CVSS6.5AI score0.009EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 4:56 a.m.•4 views

EC-CUBE fails to restrict access permissions

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Note that this vulnerability is different from JVN11458774. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

5.3CVSS6.7AI score0.01301EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 12:0 a.m.•43 views

JVN#63384827: Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting

EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the...

6.1CVSS6AI score0.0102EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 12:0 a.m.•25 views

JVN#47473944: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Impact A remote attacker may bypass IP address restrictions and access the login page to the management screen. Solution Apply the update or the patch Apply the upda...

5.3CVSS5.5AI score0.01301EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 12:0 a.m.•35 views

JVN#11458774: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Impact A logged in attacker may bypass access restrictions, or delete access restriction settings. Solution Apply the update or the patch Apply the update or the pat...

6.5CVSS5.4AI score0.009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 12:0 a.m.•28 views

JVN#73776243: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. Impact If an administrator views a malicious page while logged in, unintended operations may be performed. Solution Apply the update or the...

8.8CVSS8.6AI score0.00636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/25 6:36 a.m.•4 views

kintone mobile for Android fails to verify SSL server certificates

Overview kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

5.9CVSS6.5AI score0.00928EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/25 6:35 a.m.•5 views

kintone mobile for Android information management vulnerability

Overview kintone mobile for Android provided by Cybozu, Inc. contains an authentication information management vulnerability. Kusano Kazuhiko and Gopinath reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

2.6CVSS6.6AI score0.00744EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/25 12:0 a.m.•40 views

JVN#91816422: kintone mobile for Android fails to verify SSL server certificates

kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.5AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/25 12:0 a.m.•36 views

JVN#89026267: kintone mobile for Android information management vulnerability

kintone mobile for Android provided by Cybozu, Inc. contains an authentication information management vulnerability. Impact If using Android versions prior to 4.1, the token may be disclosed by an application with READLOGS permission or by a user who can access the device. If using Android versio...

2.6CVSS3.6AI score0.00744EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/22 4:49 a.m.•2 views

Electron may insecurely load Node modules

Overview Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript. Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron...

7.8CVSS6.9AI score0.00431EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/22 12:0 a.m.•46 views

JVN#00324715: Electron may insecurely load Node modules

Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron is used in applications such as Atom editor, Microsoft Visual Studio Code, etc.. Electron contains a flaw where the search...

7.8CVSS7.5AI score0.00431EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/19 4:44 a.m.•3 views

Photopt App fails to verify SSL server certificates

Overview Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Yuto Iso reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

5.9CVSS6.5AI score0.0084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/19 12:0 a.m.•26 views

JVN#11815655: Photopt App fails to verify SSL server certificates

Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by th...

5.9CVSS5.5AI score0.0084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/13 5:30 a.m.•3 views

Tokyo Star bank App fails to verify SSL server certificates

Overview Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00989EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/13 12:0 a.m.•43 views

JVN#00272277: Tokyo Star bank App fails to verify SSL server certificates

Tokyo Star bank App provided by The Tokyo Star Bank, Limited fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided...

5.9CVSS5.3AI score0.00989EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/08 3:31 a.m.•4 views

EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" provided by Cyber-Will Inc. contain a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.1CVSS6.1AI score0.01625EPSS
Exploits0References6
Total number of security vulnerabilities5625