Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/17 4:45 a.m.•2 views

Unzipper vulnerable to directory traversal

Overview Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.8CVSS6.9AI score0.01496EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/17 4:43 a.m.•4 views

Demaecan for Android. contains an issue where it fails to verify SSL server certificates

Overview Demaecan for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...

5.8CVSS6.5AI score0.00587EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/17 12:0 a.m.•33 views

JVN#38227002: Unzipper vulnerable to directory traversal

Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

5.8CVSS6.5AI score0.01496EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/17 12:0 a.m.•39 views

JVN#16263849: Demaecan for Android. contains an issue where it fails to verify SSL server certificates

Demaecan for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.8CVSS6.2AI score0.00587EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/11 7:33 a.m.•0 views

JP1/File Transmission Server / FTP vulnerable to access control violation

Overview JP1/File Transmission Server/FTP has a vulnerability where an FTP client with limited access rights can bypass the access control and access arbitrary directories on the FTP server when enabling the directory access control function. Impact An attacker with login privileges to the FTP...

6.5CVSS7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/11 6:54 a.m.•2 views

JP1/Integrated Management - Service Support vulnerable to cross-site scripting

Overview JP1/Integrated Management - Service Support has a cross-site scripting vulnerability, which occurs when receiving a request that contains malicious scripts when being used with JP1/Integrated Management - View. Impact An attacker can exploit this vulnerability to execute malicious script...

4CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 6:23 a.m.•2 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon contains a SQL injection vulnerability. Note that this vulnerability is different from JVN91153528. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection. Impact A user w...

6.5CVSS7.7AI score0.0104EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 6:22 a.m.•3 views

Cybozu Garoon vulnerable to directory traversal

Overview Cybozu Garoon contains a directory traversal vulnerability. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server...

4CVSS6.5AI score0.01488EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 6:21 a.m.•2 views

Cybozu Garoon vulnerable to session management

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management. Impact A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution For Cybozu Garoon 3.7: Apply...

4.9CVSS6.6AI score0.00962EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 6:21 a.m.•3 views

Denny's App for Android. contains an issue where it fails to verify SSL server certificates

Overview Denny's App for Android. contains an issue where it fails to verify SSL server certificates. kurisu and matt reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-minddle attack may allow an...

5.8CVSS6.5AI score0.00587EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 6:20 a.m.•3 views

Norman Security Suite vulnerable to privilege escalation

Overview Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability. Satoshi Tanda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker with...

7.2CVSS7.3AI score0.00802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 6:19 a.m.•1 views

XooNIps vulnerable to cross-site scripting

Overview XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Koki Takahashi of Keiji Takeda La...

4.3CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•24 views

JVN#02017463: Norman Security Suite vulnerable to privilege escalation

Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability. Impact An attacker with access to the target machine may obtain escalated privileges and execute arbitrary code. Solution Apply an Update Apply the update according to the...

7.2CVSS7.1AI score0.00802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•28 views

JVN#71045461: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter information on the system. Solution For Cybozu Garoon 3.7: Apply the Patch...

6.5CVSS7.1AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•28 views

JVN#48810179: Denny's App for Android. contains an issue where it fails to verify SSL server certificates

Denny's App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.8CVSS6.1AI score0.00587EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•31 views

JVN#87797318: XooNIps vulnerable to cross-site scripting

XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...

4.3CVSS5.9AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•40 views

JVN#26393529: Cybozu Garoon vulnerable to directory traversal

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server. Solution For Cybozu Garoon 3.7: Apply the Patch Apply the appropriate...

4CVSS6.2AI score0.01488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•53 views

JVN#24035499: Cybozu Garoon vulnerable to session management

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management. Impact A user who can log in to the product may impersonate an arbitrary user. As a result, information may be altered or disclosed. Solution For Cybozu Garoon 3.7: Apply the Patch...

4.9CVSS6.4AI score0.00962EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 5:19 a.m.•3 views

AutoCAD may insecurely load dynamic libraries

Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.8CVSS6.8AI score0.00428EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 5:16 a.m.•4 views

AutoCAD vulnerable to arbitrary VBScript execution

Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. kaito834 reported this vulnerability to...

7.5CVSS7.4AI score0.02493EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 5:12 a.m.•5 views

Blackboard Vista/CE vulnerable to cross-site scripting

Overview Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. ICHIHARA Ryohei of SERAKU Co.,Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.1AI score0.01773EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 12:0 a.m.•51 views

JVN#33382534: AutoCAD vulnerable to arbitrary VBScript execution

AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. Impact Arbitrary VBScript code may be executed wi...

7.5CVSS6.5AI score0.02493EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 12:0 a.m.•34 views

JVN#43254599: AutoCAD may insecurely load dynamic libraries

AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Upgrade t...

4.4CVSS6.3AI score0.00428EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 12:0 a.m.•28 views

JVN#24730765: Blackboard Vista/CE vulnerable to cross-site scripting

Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

4.3CVSS5.8AI score0.01773EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/10 8:21 a.m.•3 views

Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Overview Apache Commons FileUpload contains a denial-of-service DoS vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool ...

7.5CVSS8.8AI score0.83175EPSS
Exploits8References58
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/10 12:0 a.m.•52 views

JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Impact Processing a...

7.5CVSS7.2AI score0.83175EPSS
Exploits8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/07 3:26 a.m.•2 views

phpMyFAQ vulnerable to cross-site request forgery

Overview phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site reuqest forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information...

6.8CVSS6.4AI score0.01071EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/07 3:25 a.m.•2 views

phpMyFAQ vulnerable to cross-site scripting

Overview phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of...

4.3CVSS6.3AI score0.01951EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/07 12:0 a.m.•34 views

JVN#30050348: phpMyFAQ vulnerable to cross-site scripting

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of the...

4.3CVSS5.9AI score0.01951EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/07 12:0 a.m.•34 views

JVN#50943964: phpMyFAQ vulnerable to cross-site request forgery

phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings may be changed unintentionally. Solution Apply an Update Update to the latest version according to the information provided by t...

6.8CVSS6AI score0.01071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/06 3:20 a.m.•3 views

Opera browser for Android issue in handling intent scheme URL's

Overview Opera browser for Android contains an issue in the handling of intent scheme URL's. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a use...

4.3CVSS6.7AI score0.01031EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/06 12:0 a.m.•24 views

JVN#23256725: Opera browser for Android issue in handling intent scheme URL's

Opera browser for Android contains an issue in the handling of intent scheme URL's. Impact When a user views a specially crafted page, the Opera browser for Android cookie file may be disclosed. Solution Apply an Update Apply the appropriate update for the version of the software being used...

4.3CVSS6.2AI score0.01031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/31 4:41 a.m.•3 views

Joyful Note vulnerable to cross-site scripting

Overview Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the lates...

5CVSS6.2AI score0.01161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/31 12:0 a.m.•74 views

JVN#30718178: Joyful Note vulnerable to cross-site scripting

Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version...

4.3CVSS5.9AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/28 5:48 a.m.•4 views

Sanshiro Series vulnerable to arbitrary code execution

Overview The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution Update the...

9.3CVSS7.5AI score0.03498EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/28 5:40 a.m.•0 views

Multiple SQL injection vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon contains multiple SQL injection vulnerabilities. Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Note that this vulnerability is different from JVN60997973. Impact A user who can log in to the...

6.5CVSS8AI score0.0104EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/28 12:0 a.m.•42 views

JVN#28011378: Sanshiro Series vulnerable to arbitrary code execution

The "Sanshiro" series software provided by JustSystems Corporation is a spreadsheet software. The "Sanshiro" series contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution Update the software App...

7.5CVSS6.7AI score0.03498EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/28 12:0 a.m.•40 views

JVN#91153528: Multiple SQL injection vulnerabilities in Cybozu Garoon

Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter data in the database. Solution Apply the Patch Apply the appropriate patch according to the information...

6.5CVSS6.4AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/24 3:36 a.m.•5 views

OpenPNE vulnerable to PHP Object Injection

Overview OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote,...

7.5CVSS7.3AI score0.01527EPSS
Exploits2References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/24 3:34 a.m.•2 views

SimZip (Simple Zip Viewer) vulnerable to directory traversal

Overview SimZip Simple Zip Viewer provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

4.3CVSS7AI score0.01505EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/24 12:0 a.m.•31 views

JVN#49384502: SimZip (Simple Zip Viewer) vulnerable to directory traversal

SimZip Simple Zip Viewer provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application...

4.3CVSS6.5AI score0.01505EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/24 12:0 a.m.•37 views

JVN#69986880: OpenPNE vulnerable to PHP Object Injection

OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Impact A remote, unauthenticated attacker may execute an arbitrary PHP code. Solution Apply an update Update to the latest version according to the information provided by the...

7.5CVSS6.8AI score0.01527EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 9:6 a.m.•1 views

A Problem of CPU Consumption in Host Data Collector bundled with Hitachi Device Manager Software

Overview Host Data Collector bundled with Hitachi Device Manager Software contains a problem of CPU consumption. Impact When Host Data Collector receives a malicious unexpected request, a process of Host Data Collector might consume CPU resources. Solution Please refer to the 'Vendor Information'...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 6:29 a.m.•7 views

Information disclosure vulnerability in Sleipnir Mobile for Android

Overview Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may resul...

4.3CVSS6.3AI score0.01066EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 6:28 a.m.•2 views

EC-CUBE vulnerable to authorization bypass

Overview EC-CUBE contains an authorization bypass vulnerability. EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. The developer reported this vulnerability to JPCERT/CC under Information Security...

9.1CVSS6.6AI score0.02245EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 6:27 a.m.•5 views

EC-CUBE vulnerable to information alteration

Overview EC-CUBE contains an information alteration vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. aratana inc. reported this vulnerability to the developer. JPCERT/CC coordinated with...

6.4CVSS6.6AI score0.01569EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 12:0 a.m.•29 views

JVN#81637882: Information disclosure vulnerability in Sleipnir Mobile for Android

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Impact When a website that a user is viewing requests the user's location information, Sleipnir...

4.3CVSS6.1AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 12:0 a.m.•30 views

JVN#17849447: EC-CUBE vulnerable to information alteration

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. Impact User's information may be altered by other user who visits the shopping site. Solution Apply the update or the patch Apply the update or the patch...

6.4CVSS6.3AI score0.01569EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 12:0 a.m.•47 views

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. Solution Apply the update or...

9.1CVSS9.1AI score0.02245EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 5:44 a.m.•3 views

NeoFiler vulnerable to directory traversal

Overview NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.8CVSS6.9AI score0.01392EPSS
Exploits0References8
Total number of security vulnerabilities5625