Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 6:13 a.m.•2 views

Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting

Overview Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site scripting CWE-79 vulnerability in admin.php. Yuji Tounai of NTT Com SecurityJapan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.3CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 6:13 a.m.•3 views

Microsoft Office discloses a file path of a local file

Overview When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Yosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.2AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 12:0 a.m.•39 views

JVN#78240242: Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery

Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site request forgery CWE-352 vulnerability in admin.php. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Replace admin.ph...

6.8CVSS6.3AI score0.00649EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 12:0 a.m.•32 views

JVN#69175956: Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting

Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site scripting CWE-79 vulnerability in admin.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Replace admin.php with a new version according to...

4.3CVSS6AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 12:0 a.m.•18 views

JVN#20459920: Microsoft Office discloses a file path of a local file

When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Impact An attacker may obtain information about the file system or the user name through Office documents. Solution Upgrade the Software Upgrade to the...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 4:50 a.m.•3 views

Yodobashi App for Android vulnerable to arbitrary Java method execution

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.8CVSS7AI score0.02031EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 4:50 a.m.•2 views

Yodobashi App for Android fails to verify SSL server certificates

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. fails to verify SSL server certificates. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack ma...

5.9CVSS6.5AI score0.00828EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 12:0 a.m.•30 views

JVN#29053368: Yodobashi App for Android fails to verify SSL server certificates

Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information...

5.9CVSS5.5AI score0.00828EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 12:0 a.m.•29 views

JVN#70465405: Yodobashi App for Android vulnerable to arbitrary Java method execution

Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android devices...

6.8CVSS6.7AI score0.02031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•7 views

yoyaku_v41 vulnerable to OS command injection

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.6AI score0.01383EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•3 views

yoyaku_v41 vulnerable to authentication bypass

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS7AI score0.01277EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•3 views

yoyaku_v41 vulnerable to arbitrary file creation

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7.3AI score0.02288EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 12:0 a.m.•26 views

JVN#17522792: yoyaku_v41 vulnerable to OS command injection

yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed with the privileges of the web server on the server where yoyakuv41 is running. Solution Do no...

7.5CVSS7.2AI score0.01383EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 12:0 a.m.•38 views

JVN#52248864: yoyaku_v41 vulnerable to authentication bypass

yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Impact A remote attacker could bypass yoyakuv41's authentication, and make an unintentional reservation. Solution Do not use yoyakuv41...

5CVSS6.9AI score0.01277EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 12:0 a.m.•30 views

JVN#46674982: yoyaku_v41 vulnerable to arbitrary file creation

yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the serve...

7.5CVSS7.1AI score0.02288EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/28 4:47 a.m.•2 views

Gazou BBS plus vulnerability in file upload processing

Overview Gazou BBS plus provided by LEMON-S PHP contains a vulnerability in the processing of file uploads. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An image file may be specially crafted t...

5CVSS6.7AI score0.01344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/28 12:0 a.m.•38 views

JVN#86680970: Gazou BBS plus vulnerability in file upload processing

Gazou BBS plus provided by LEMON-S PHP contains a vulnerability in the processing of file uploads. Impact An image file may be specially crafted to upload arbitrary HTML files. Solution Apply an Update Apply the update according to the information provided by the provider. Products Affected Gazou...

5CVSS6.3AI score0.01344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:52 a.m.•6 views

Welcart vulnerable to SQL injection

Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection CWE-89 vulnerability due to the processing of changeSort parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.5CVSS7.4AI score0.02334EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:46 a.m.•3 views

Research Artisan Lite does not properly perform authentication

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite does not properly perform authentication CWE-592. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

5CVSS6.7AI score0.01344EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:36 a.m.•2 views

Research Artisan Lite vulnerable to cross-site scripting

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:33 a.m.•5 views

Welcart vulnerable to cross-site scripting

Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.02033EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 12:0 a.m.•33 views

JVN#92828286: Welcart vulnerable to SQL injection

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection CWE-89 vulnerability due to the processing of changeSort parameter in admin.php. Impact An attacker that can log in to WordPress with this plugin enabled may obtain or alter...

7.5CVSS6.7AI score0.02334EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 12:0 a.m.•42 views

JVN#97971874: Welcart vulnerable to cross-site scripting

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Impact If a user views a malicious page while logged into WordPress with this plugin...

4.3CVSS5.8AI score0.02033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 12:0 a.m.•24 views

JVN#58020495: Research Artisan Lite vulnerable to cross-site scripting

Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Impact There are two attack scenarios. 1. If a user views a malicious web page, an arbitrary script may be executed on the...

4.3CVSS6AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 12:0 a.m.•39 views

JVN#10559378: Research Artisan Lite does not properly perform authentication

Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite does not properly perform authentication CWE-592. Impact An attacker may perform operations in Research Artisan Lite without logging into the system. Solution Update the Software Update to...

5CVSS6.4AI score0.01344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/17 5:44 a.m.•4 views

PHP for Windows vulnerable to OS command injection

Overview PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Specifying a specially craft...

10CVSS7.5AI score0.05999EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/17 12:0 a.m.•62 views

JVN#73568461: PHP for Windows vulnerable to OS command injection

PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Impact Specifying a specially crafted parameter in the escapeshellarg function may result in an arbitrary OS command being executed. Solution Apply the patch Apply the patch according to the...

10CVSS7.6AI score0.05999EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/15 6:54 a.m.•1 views

Thetis vulnerable to SQL injection

Overview Thetis provided by Sysphonic Co., Ltd. is an open source groupware and SNS. Thetis contains a SQL injection CWE-89 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attack...

7.5CVSS7.5AI score0.0261EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/15 6:53 a.m.•2 views

acmailer vulnerable to directory traversal

Overview acmailer provided by Seeds Co.,Ltd. contains a directory traversal CWE-22 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An authenticated attacker may delete files on the...

5.5CVSS6.5AI score0.01575EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/15 12:0 a.m.•28 views

JVN#19011483: Thetis vulnerable to SQL injection

Thetis provided by Sysphonic Co., Ltd. is an open source groupware and SNS. Thetis contains a SQL injection CWE-89 vulnerability. Impact An attacker may obtain or alter information stored in the database. Solution Apply an Update Apply the update according to the information provided by the...

7.5CVSS6.9AI score0.0261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/15 12:0 a.m.•40 views

JVN#64051989: acmailer vulnerable to directory traversal

acmailer provided by Seeds Co.,Ltd. contains a directory traversal CWE-22 vulnerability. Impact An authenticated attacker may delete files on the server. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected acmailer...

5.5CVSS6AI score0.01575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 5:50 a.m.•3 views

LINE@ vulnerable to script injection

Overview LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...

5.9CVSS6.5AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 4:57 a.m.•1 views

Simple Oekaki BBS vulnerable to cross-site scripting

Overview Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 4:57 a.m.•1 views

Simple Oekaki BBS vulnerability where arbitrary files may be deleted

Overview Simple Oekaki BBS provided by LEMON-S PHP contains a flaw in parsing the oekakis parameter in index.php, which may allow a remote attacker to delete arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.4CVSS6.8AI score0.01643EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 12:0 a.m.•38 views

JVN#61935381: Simple Oekaki BBS vulnerability where arbitary files may be deleted

Simple Oekaki BBS provided by LEMON-S PHP contains a flaw in parsing the oekakis parameter in index.php, which may allow a remote attacker to delete arbitrary files. Impact A remote attacker may delete arbitrary files on the server. Solution Update the Software Update to the latest version...

6.4CVSS6.4AI score0.01643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 12:0 a.m.•44 views

JVN#67540183: Simple Oekaki BBS vulnerable to cross-site scripting

Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

4.3CVSS5.9AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 12:0 a.m.•40 views

JVN#22546110: LINE@ vulnerable to script injection

LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

5.9CVSS5.3AI score0.0018EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 5:41 a.m.•2 views

Cacti vulnerable to cross-site scripting

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IP...

4.3CVSS5.8AI score0.05739EPSS
Exploits6References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 5:41 a.m.•2 views

Cacti vulnerable to cross-site request forgery

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site request forgery vulnerability CWE-352. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS6.4AI score0.02297EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 5:41 a.m.•2 views

Cacti vulnerable to cross-site scripting

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in settings.php. Daiki Fukumori of Cyber Defense Institute, Inc. and Masako Ohno reported this vulnerabilit...

4.3CVSS5.8AI score0.01846EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 12:0 a.m.•31 views

JVN#09758120: Cacti vulnerable to cross-site scripting

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on th...

4.3CVSS5.2AI score0.05739EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 12:0 a.m.•47 views

JVN#78187936: Cacti vulnerable to cross-site scripting

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in settings.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on the...

4.3CVSS5.3AI score0.01846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 12:0 a.m.•42 views

JVN#55076671: Cacti vulnerable to cross-site request forgery

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the software Update to the latest...

6.8CVSS8.4AI score0.02297EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/30 4:56 a.m.•2 views

Explorer+ File Manager vulnerable to directory traversal

Overview Explorer+ File Manager provided by Droidware UK contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

6.4CVSS7AI score0.01703EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/30 4:55 a.m.•1 views

OpenEMR vulnerable to authentication bypass

Overview OpenEMR is an electronic health records and medical practice management application. OpenEMR contains an authentication bypass vulnerability CWE-302. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.8AI score0.02874EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/30 12:0 a.m.•29 views

JVN#22677713: OpenEMR vulnerable to authentication bypass

OpenEMR is an electronic health records and medical practice management application. OpenEMR contains an authentication bypass vulnerability CWE-302. Impact Sensitive information may be obtained by a remote attacker who can access the web interface of the product. Solution Update the software and...

5CVSS6.5AI score0.02874EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/30 12:0 a.m.•32 views

JVN#77386811: Explorer+ File Manager vulnerable to directory traversal

Explorer+ File Manager provided by Droidware UK contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

6.4CVSS6.5AI score0.01703EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 6:53 a.m.•2 views

osCommerce Japanese version vulnerable to directory traversal

Overview osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a directory traversal vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4CVSS6.7AI score0.01982EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 6:0 a.m.•5 views

namshi/jose fails to verify token signatures

Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5CVSS6.6AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 12:0 a.m.•36 views

JVN#96312698: osCommerce Japanese version vulnerable to directory traversal

osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a directory traversal vulnerability. Impact A user who can log in to the system as an administrator may obtain arbitrary files on the server. Solution Update the Software Update to the latest...

4CVSS6.4AI score0.01982EPSS
Exploits0
Total number of security vulnerabilities5625