Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/29 5:4 a.m.•2 views

Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

Overview cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

4.3CVSS7.2AI score0.0343EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/29 12:0 a.m.•51 views

JVN#21612597: Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

4.3CVSS6.5AI score0.0343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/29 12:0 a.m.•20 views

JVN#20355129: niconico App for iOS fails to verify SSL server certificates

niconico App for iOS provided by DWANGO Co., Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

7.4CVSS7.1AI score0.00945EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/17 4:36 a.m.•3 views

H2O vulnerable to directory traversal

Overview H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Yusuke OSUMI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.8AI score0.01655EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/17 12:0 a.m.•27 views

JVN#65602714: H2O vulnerable to directory traversal

H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Impact A remote attacker may obtain arbitrary files on the server if "file.dir" directive is specified. Solution Update the Software Update to the...

4.3CVSS6.4AI score0.01655EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•4 views

Photon vulnerable to URL whitelist bypass

Overview Photon provided by Newphoria Corporation Inc. is an application for Android built using "applican". Photon contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this...

6.8CVSS6.7AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•2 views

Reversi vulnerable to URL whitelist bypass

Overview Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•4 views

Koritore vulnerable to URL whitelist bypass

Overview Koritore provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Koritore contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reporte...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•5 views

MEGAPHONE MUSIC vulnerable to URL whitelist bypass

Overview MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprou...

6.8CVSS6.6AI score0.01503EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•3 views

Auction Camera vulnerable to URL whitelist bypass

Overview Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•8 views

applican vulnerable to URL whitelist bypass

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the...

6.8CVSS6.5AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•34 views

JVN#24517322: Koritore vulnerable to URL whitelist bypass

Koritore provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Koritore contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to b...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•39 views

JVN#83862346: MEGAPHONE MUSIC vulnerable to URL whitelist bypass

MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an...

6.8CVSS6.2AI score0.01503EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•33 views

JVN#19948778: Photon vulnerable to URL whitelist bypass

Photon provided by Newphoria Corporation Inc. is an application for Android built using "applican". Photon contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to be executed if th...

6.8CVSS6.4AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•43 views

JVN#73346595: applican vulnerable to URL whitelist bypass

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the access...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•27 views

JVN#71815309: Auction Camera vulnerable to URL whitelist bypass

Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•31 views

JVN#67586379: Reversi vulnerable to URL whitelist bypass

Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to be...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:17 a.m.•2 views

PIXMA MG7500 Series vulnerable to cross-site request forgery

Overview PIXMA MG7500 Series provided by Canon Inc. contain a cross-site request forgery vulnerability. TOMITA Ryo of Fukuoka Junior High School attached to the Fukuoka University of Education FUE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6.7AI score0.00649EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:17 a.m.•1 views

Japan Connected-free Wi-Fi vulnerable to script injection

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. is vulnerable to script injection when displaying malformed strings contained in SSID. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS6.9AI score0.01184EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:16 a.m.•3 views

Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.8CVSS6.8AI score0.01118EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 12:0 a.m.•33 views

JVN#41048401: Japan Connected-free Wi-Fi vulnerable to script injection

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. is vulnerable to script injection when displaying malformed strings contained in SSID. Impact When the device running the app connects to an access point and its SSID contains malicious script, the script may be executed. Solutio...

4.3CVSS6.2AI score0.01184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 12:0 a.m.•29 views

JVN#04644117: Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Impact Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are grant...

6.8CVSS6.6AI score0.01118EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 12:0 a.m.•25 views

JVN#07427376: PIXMA MG7500 Series vulnerable to cross-site request forgery

PIXMA MG7500 Series provided by Canon Inc. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into the Remote UI, unintended operations may be performed. Solution Apply a Workaround The following workaround can mitigate the affects of this...

6.8CVSS6.5AI score0.00649EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/07 4:38 a.m.•1 views

ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow

Overview ELPhoneBtnV6 ActiveX control was used for "Click to Live" service provided by FreeBit Co., Ltd. Although "Click to Live" service has been discontinued, PCs that used the "Click to Live" service may still have the ActiveX control installed. ELPhoneBtnV6 ActiveX control, which is provided ...

6.8CVSS7.9AI score0.02324EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/07 12:0 a.m.•25 views

JVN#62078684: ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow

ELPhoneBtnV6 ActiveX control was used for "Click to Live" service provided by FreeBit Co., Ltd. Although "Click to Live" service has been discontinued, PCs that used the "Click to Live" service may still have the ActiveX control installed. ELPhoneBtnV6 ActiveX control, which is provided by the fi...

6.8CVSS7.6AI score0.02324EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 9:13 a.m.•4 views

OpenDocMan vulnerable to cross-site scripting

Overview OpenDocMan is a document management system DMS. OpenDocMan contains a cross-site scripting vulnerability due to a processing flaw in the "redirection" parameter. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS5.9AI score0.22789EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 6:12 a.m.•4 views

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6.1AI score0.07551EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 6:12 a.m.•5 views

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...

6.1CVSS5.7AI score0.05618EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 12:0 a.m.•43 views

JVN#88408929: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Impact An arbitrary script may be executed on the user's Internet Explorer when the...

6.1CVSS6.2AI score0.05618EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 12:0 a.m.•50 views

JVN#95989300: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Impact An arbitrary script may be executed on the user's web browser. Solution Update th...

6.1CVSS6.2AI score0.07551EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 12:0 a.m.•34 views

JVN#00015036: OpenDocMan vulnerable to cross-site scripting

OpenDocMan is a document management system DMS. OpenDocMan contains a cross-site scripting vulnerability due to a processing flaw in the "redirection" parameter. Impact An arbitrary script may be executed on the user's Mozilla Firefox. Solution Update the software Update to the latest version...

4.3CVSS5.8AI score0.22789EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/03 6:0 a.m.•2 views

BBS X102 vulnerable to cross-site scripting

Overview BBS X102 provided by guide-park.com is a bulletin board software. BBS X102 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this vulnerabili...

5CVSS6.2AI score0.0095EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/03 5:46 a.m.•2 views

hitSuji (rktSNS2) vulnetable to cross-site scripting

Overview hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this...

4.3CVSS6.2AI score0.0095EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/03 12:0 a.m.•29 views

JVN#13684924: BBS X102 vulnerable to cross-site scripting

BBS X102 provided by guide-park.com is a bulletin board software. BBS X102 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using BBS X102 Ver1.03 Since the developer was unreachable, existence of any...

4.3CVSS6.1AI score0.0095EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/03 12:0 a.m.•61 views

JVN#24692261: hitSuji (rktSNS2) vulnetable to cross-site scripting

hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using hitSuji rktSNS2 0.2.2b Since the developer was unreachable,...

4.3CVSS6.1AI score0.0095EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/02 6:46 a.m.•2 views

NScripter vulnerable to buffer overflow

Overview NScripter is a script engine to build and execute games. NScripter contains a buffer overflow vulnerability due to a flaw in processing save data. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS7.6AI score0.02728EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/02 12:0 a.m.•37 views

JVN#08494613: NScripter vulnerable to buffer overflow

NScripter is a script engine to build and execute games. NScripter contains a buffer overflow vulnerability due to a flaw in processing save data. Impact By processing a specially crafted save data, arbitrary code may be executed. Solution For developers using NScripter: Update and Rebuild the Ga...

6.8CVSS7.3AI score0.02728EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 5:18 a.m.•3 views

Twit BBS vulnerable to cross-site scripting

Overview Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.2AI score0.0095EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 5:18 a.m.•2 views

Rakuten card App for iOS fails to verify SSL server certificates

Overview Rakuten card App for iOS provided by Rakuten Card Co., Ltd. fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow...

7.4CVSS6.4AI score0.01026EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 3:36 a.m.•3 views

desknet's NEO vulnerable to directory traversal

Overview desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Hiroyuki Yamashita of M Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4CVSS6.6AI score0.01557EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 12:0 a.m.•33 views

JVN#09283606: desknet's NEO vulnerable to directory traversal

desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Impact An authenticated attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

4CVSS6.2AI score0.01557EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 12:0 a.m.•43 views

JVN#77193915: Twit BBS vulnerable to cross-site scripting

Twit BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of imagetitle parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Twit BBS Twit BBS is no longer being developed or...

4.3CVSS6.1AI score0.0095EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 12:0 a.m.•33 views

JVN#81207766: Rakuten card App for iOS fails to verify SSL server certificates

Rakuten card App for iOS provided by Rakuten Card Co., Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided ...

7.4CVSS7AI score0.01026EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/27 6:3 a.m.•6 views

File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

Overview File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED"...

2.6CVSS6.5AI score0.00695EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/27 12:0 a.m.•26 views

JVN#91474878: File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED" encrypts...

2.6CVSS7.3AI score0.00695EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/20 6:53 a.m.•2 views

Apache Tapestry deserializes untrusted data

Overview Apache Tapestry contains a vulnerability where it may deserialize untrusted data. Apache Tapestry is a framework for creating Java web applications. Apache Tapestry contains an interface where client side serialized data sent to the server is deserialized after it is received by the...

7.8CVSS7.2AI score0.09598EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/20 12:0 a.m.•66 views

JVN#17611367: Apache Tapestry deserializes untrusted data

Apache Tapestry is a framework for creating Java web applications. Apache Tapestry contains an interface where client side serialized data sent to the server is deserialized after it is received by the server. This data serialization / deserialization process does not contain data validation...

7.8CVSS6.8AI score0.09598EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/18 6:21 a.m.•2 views

Multiple I-O DATA LAN routers vulnerable in UPnP functionality

Overview A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution For NP-BBRS: Do not use NP-BBRS The developer has stated that...

5CVSS6.7AI score0.016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/18 12:0 a.m.•34 views

JVN#17964918: Multiple I-O DATA LAN routers vulnerable in UPnP functionality

A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution For NP-BBRS: Do not use NP-BBRS The developer has stated that the suppo...

5CVSS6.3AI score0.016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 6:13 a.m.•1 views

Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery

Overview Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site request forgery CWE-352 vulnerability in admin.php. Yuji Tounai of NTT Com SecurityJapan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

6.8CVSS6.5AI score0.00649EPSS
Exploits0References5
Total number of security vulnerabilities5625