Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 12:0 a.m.•35 views

JVN#61593104: ARROWS Me F-11D vulnerability where arbitrary areas may be accessed

ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed. Impact An attacker with local access may obtain or alter contents in the flash memory of the device. Solution Apply an Update Apply the update according to the information provided by the provider...

4.6CVSS6.2AI score0.00343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 12:0 a.m.•30 views

JVN#06302787: OS command injection vulnerability in multiple FUJITSU Android devices

Multiple FUJITSU Android devices contain an OS command injection vulnerability. Impact An attacker with local access may obtain root privileges and execute arbitrary OS commands. Solution Apply an Update Apply the appropriate update according to the information provided by the provider. Products...

7.2CVSS7.3AI score0.00444EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/01 6:24 a.m.•3 views

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Note that this vulnerability is different from JVN21907573...

7.8CVSS6.9AI score0.01799EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/01 6:18 a.m.•2 views

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Note that this vulnerability is different from JVN04895240. Impact By receiving a large volume of NTP request in a short time, the devi...

7.5CVSS6.9AI score0.03172EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/01 12:0 a.m.•34 views

JVN#21907573: SEIL Series routers vulnerable to denial-of-service (DoS)

SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing NTP requests. Impact By receiving a large volume of NTP request in a short time, the device might continue sending response packets. As a result, the device's...

7.5CVSS7.5AI score0.03172EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/01 12:0 a.m.•30 views

JVN#04895240: SEIL Series routers vulnerable to denial-of-service (DoS)

The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Impact By receiving a specially crafted packet, the device may be...

7.8CVSS6.5AI score0.01799EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/28 5:54 a.m.•3 views

FAST/TOOLS vulnerable to improper restriction of XML external entity references

Overview FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC coordinate...

3.2CVSS6.6AI score0.00319EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/28 12:0 a.m.•19 views

JVN#54775800: FAST/TOOLS vulnerable to improper restriction of XML external entity references

FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity XXE references are not properly restricted CWE-611. Impact When opening a project with a specially crafted XML file, information managed by the product may be disclosed or may become a victim o...

3.2CVSS6.1AI score0.00319EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/21 5:10 a.m.•2 views

BSD Operating Systems vulnerable to denial-of-service (DoS)

Overview BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Hiroki Takakura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

5CVSS6.6AI score0.04749EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/21 12:0 a.m.•29 views

JVN#07930208: BSD Operating Systems vulnerable to denial-of-service (DoS)

BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Impact When a sepcially crafted packet from a malicious server is received, a condition where client resources are not released may occur. As a result, clients...

5CVSS6.1AI score0.04749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/14 5:38 a.m.•6 views

iLogScanner vulnerable to cross-site scripting

Overview iLogScanner contains a cross-site scripting vulnerability. iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability CWE-79 d...

5CVSS5.9AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/14 5:37 a.m.•8 views

Direct Web Remoting (DWR) vulnerable to cross-site scripting

Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS5.9AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/14 5:33 a.m.•2 views

Direct Web Remoting (DWR) vulnerable to XML external entity injection

Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

5.8CVSS7.2AI score0.02318EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/14 12:0 a.m.•79 views

JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection

Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...

5CVSS6.6AI score0.02318EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/14 12:0 a.m.•68 views

JVN#52422792: Direct Web Remoting (DWR) vulnerable to cross-site scripting

Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version of DWR according to the...

4.3CVSS5.6AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/14 12:0 a.m.•26 views

JVN#89852154: iLogScanner vulnerable to cross-site scripting

iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability CWE-79 due to a flaw when processing analysis results and outputting the...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/13 7:52 a.m.•3 views

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. For more information, please refer to the developer's website...

10CVSS7.6AI score0.05335EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/13 12:0 a.m.•41 views

JVN#16318793: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. For more information, please refer to the developer's website. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution...

10CVSS6.8AI score0.05335EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/11 6:33 a.m.•4 views

Vulnerability in JP1/NETM/DM and Job Management Partner 1/Software Distribution data reproduction functionality

Overview JP1/NETM/DM and Job Management Partner 1/Software Distribution contain a vulnerability that prevents them from disabling writing to built-in USB storage devices. Impact An attacker can exploit this vulnerability to prevent the affected products from disabling writing to built-in type USB...

4.6CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/11 4:36 a.m.•2 views

Multiple Cybozu products vulnerable to buffer overflow

Overview Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Masaaki Chida of GREE, Inc. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker ma...

9CVSS7.7AI score0.03742EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/11 12:0 a.m.•31 views

JVN#14691234: Multiple Cybozu products vulnerable to buffer overflow

Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version according to the information provided by the developer...

9CVSS7.4AI score0.03742EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/10 5:23 a.m.•3 views

OpenAM vulnerable to denial-of-service (DoS)

Overview OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Yasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC...

6.8CVSS6.4AI score0.01067EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/10 12:0 a.m.•31 views

JVN#65559247: OpenAM vulnerable to denial-of-service (DoS)

OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Impact When an OpenAM system is running "site" configuration with multiple instances, an authenticated attacker may be able...

3.5CVSS5.9AI score0.01067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/28 5:39 a.m.•8 views

QNAP QTS vulnerable to OS command injection

Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the...

10CVSS7.8AI score0.99999EPSS
Exploits158References30
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/28 12:0 a.m.•186 views

JVN#55667175: QNAP QTS vulnerable to OS command injection

QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Impact A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. Solution Update...

10CVSS8.4AI score0.99999EPSS
Exploits158
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/23 4:43 a.m.•3 views

SumaHo for Android fails to verify SSL/TLS server certificates

Overview SumaHo for Android fails to verify SSL/TLS server certificates. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an...

5.9CVSS6.5AI score0.00642EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/23 12:0 a.m.•29 views

JVN#27388160: SumaHo for Android fails to verify SSL/TLS server certificates

SumaHo for Android fails to verify SSL/TLS server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Apply the appropriate update according to the information provided by the developer. Products Affected...

5.9CVSS5.5AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/16 4:51 a.m.•8 views

GIGAPOD vulnerable to denial-of-service (DoS)

Overview GIGAPOD provided by TripodWorks CO.,LTD. contains a denial-of-service DoS vulnerability. GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interfa...

7.8CVSS8.6AI score0.01652EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/16 4:35 a.m.•3 views

Aflax vulnerable to cross-site scripting

Overview Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

4.3CVSS6.2AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/16 4:26 a.m.•4 views

BirdBlog vulnerable to cross-site scripting

Overview BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

4.3CVSS6.2AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/16 12:0 a.m.•34 views

JVN#87373393: BirdBlog vulnerable to cross-site scripting

BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use BirdBlog BirdBlog is no longer being developed or maintained, therefore it is recommended to stop using BirdBlog. Produc...

4.3CVSS6.1AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/16 12:0 a.m.•78 views

JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)

GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interface via port 8001. The administrative web interface uses a version of the Apache HTTP server which...

7.8CVSS7.6AI score0.98945EPSS
Exploits17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/16 12:0 a.m.•30 views

JVN#66285408: Aflax vulnerable to cross-site scripting

Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Aflax According t...

4.3CVSS6AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/10 5:3 a.m.•6 views

Huawei E5332 vulnerable to denial-of-service (DoS)

Overview Huawei E5332 contains a denial-of-service DoS vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contain an issue when processing a URL that is extremely long, which may lead to the device to terminate abnormally. Shuto Imai of Chukyo Univ...

6.8CVSS6.4AI score0.0122EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/10 5:2 a.m.•4 views

Huawei E5332 vulnerable to denial-of-service (DoS)

Overview Huawei E5332 contains a denial-of-service DoS vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Shuto Imai of Chukyo...

6.8CVSS6.4AI score0.0122EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/10 12:0 a.m.•32 views

JVN#63587560: Huawei E5332 vulnerable to denial-of-service (DoS)

Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Impact An attacker that can send requests to the device may cause the device to become...

6.8CVSS6.2AI score0.0122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/10 12:0 a.m.•37 views

JVN#58417930: Huawei E5332 vulnerable to denial-of-service (DoS)

Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contain an issue when processing a URL that is extremely long, which may lead to the device to terminate abnormally. Impact An attacker that can send requests to the device may cause the device to become unresponsive...

6.8CVSS6.1AI score0.0122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 5:54 a.m.•3 views

Safari issue in handling application cache

Overview Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on. Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...

5CVSS6.4AI score0.01746EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 5:54 a.m.•3 views

Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates

Overview Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN. JPCERT/CC coordinated with Yahoo Japan...

5.4CVSS6.5AI score0.00354EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 5:53 a.m.•5 views

N-Media file uploader vulnerability in handling uploaded files

Overview N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...

6.5CVSS7AI score0.01739EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 5:52 a.m.•2 views

jigbrowser+ for iOS same origin policy bypass

Overview jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

5.8CVSS6.3AI score0.01282EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 5:52 a.m.•3 views

SLFileManager for Android vulnerable to directory traversal

Overview SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.4CVSS6.9AI score0.01847EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 12:0 a.m.•34 views

JVN#16485017: SLFileManager for Android vulnerable to directory traversal

SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges ...

6.4CVSS6.5AI score0.01847EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 12:0 a.m.•36 views

JVN#80531230: jigbrowser+ for iOS same origin policy bypass

jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Impact By using JavaScript, an attacker may obtain sensitive data from a different domain in violation of the same origin policy. Solution Update the Software Update to the late...

5.8CVSS5.9AI score0.01282EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 12:0 a.m.•53 views

JVN#45442753: Safari issue in handling application cache

Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on. Impact After a website is visited when the private browsing function is turned off and the...

4.3CVSS5.8AI score0.01746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 12:0 a.m.•40 views

JVN#87863382: N-Media file uploader vulnerability in handling uploaded files

N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Impact A user with "Author" privileges and above may execute an arbitrary command o...

6.5CVSS6.6AI score0.01739EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 12:0 a.m.•30 views

JVN#48270605: Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates

Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...

5.4CVSS6.2AI score0.00354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/22 4:50 a.m.•2 views

Yuko Yuko App for Android fails to verify SSL server certificates

Overview Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.4CVSS6.5AI score0.00248EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/22 12:0 a.m.•34 views

JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates

Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...

5.4CVSS6.2AI score0.00248EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/19 4:42 a.m.•2 views

Dotclear vulnerable to cross-site scripting

Overview Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a crafted page while...

4.3CVSS6.1AI score0.01187EPSS
Exploits0References5
Total number of security vulnerabilities5625