Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 5:42 a.m.•3 views

Security File Manager vulnerable to directory traversal

Overview Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.8CVSS7AI score0.01249EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 5:41 a.m.•4 views

tetra filer vulnerable to directory traversal

Overview tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.8CVSS6.9AI score0.01249EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 5:34 a.m.•2 views

ZIP with Pass vulnerable to directory traversal

Overview ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

5.8CVSS6.9AI score0.01142EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 12:0 a.m.•35 views

JVN#44392991: Security File Manager vulnerable to directory traversal

Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.6AI score0.01249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 12:0 a.m.•22 views

JVN#88313872: ZIP with Pass vulnerable to directory traversal

ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

5.8CVSS6.6AI score0.01142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 12:0 a.m.•43 views

JVN#51285738: tetra filer vulnerable to directory traversal

tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.6AI score0.01249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 12:0 a.m.•28 views

JVN#85716574: NeoFiler vulnerable to directory traversal

NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

5.8CVSS6.6AI score0.01392EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/26 3:32 a.m.•4 views

HP Autonomy Ultraseek vulnerable to cross-site scripting

Overview HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

3.5CVSS6.3AI score0.01826EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/26 12:0 a.m.•29 views

JVN#69700259: HP Autonomy Ultraseek vulnerable to cross-site scripting

HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the Software Update the...

3.5CVSS6.1AI score0.01826EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 10:13 a.m.•5 views

Xml eXternal Entity Vulnerability in Hitachi Cosminexus

Overview When using Cosminexus JAX-WS, XXE Xml eXternal Entity in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage. Impact A remote attacker could obtain information via SOAP message loading unexpected external entities. Solution Please refer to t...

2.6CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 3:22 a.m.•4 views

Cybozu Garoon Keitai vulnerable to authentication bypass

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may b...

5.8CVSS6.8AI score0.01986EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 3:21 a.m.•4 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection. Impact A user who can log in to the system may alter information stored in the database. Solution Apply the Patch Apply the appropria...

6.5CVSS7.2AI score0.01554EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 12:0 a.m.•40 views

JVN#60997973: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection. Impact A user who can log in to the system may alter information stored in the database. Solution Apply the Patch Apply the appropriate patch...

6.5CVSS6.5AI score0.01554EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 12:0 a.m.•32 views

JVN#81706478: Cybozu Garoon Keitai vulnerable to authentication bypass

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may be bypasse...

5.8CVSS6.4AI score0.01986EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 6:2 a.m.•7 views

VMware ESX and ESXi may allow access to arbitrary files

Overview VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warni...

4.4CVSS7AI score0.00353EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 6:2 a.m.•3 views

IrfanView vulnerable to buffer overflow

Overview IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA...

7.6CVSS7.5AI score0.05749EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 12:0 a.m.•41 views

JVN#63194482: IrfanView vulnerable to buffer overflow

IrfanView is an application for viewing images of many different file formats. IrfanView contains a buffer overflow vulnerability, when using the Thumbnails window with Thumbnail tooltips enabled. Impact When processing a specially crafted file contained in a folder named using multi-byte...

7.6CVSS7.2AI score0.05749EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 12:0 a.m.•44 views

JVN#13154935: VMware ESX and ESXi may allow access to arbitrary files

VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Impact Users that have privileges to execute "Add New Disk" or "Add Existing Disk" in vCenter Server may obtain read and write access to arbitra...

4.4CVSS6.3AI score0.00353EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/17 4:57 a.m.•8 views

Android OS vulnerable to arbitrary Java method execution

Overview Android OS contains a vulnerability where an arbitrary Java method may be executed. Tamami Eguchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When viewing a specially crafted page using the...

9.3CVSS7AI score0.42623EPSS
Exploits6References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/17 12:0 a.m.•44 views

JVN#53768697: Android OS vulnerable to arbitrary Java method execution

Android OS contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted page using the standard Android browser or an other application that uses the WebView class, Android OS may be rebooted or arbitrary code may be executed without intent from...

9.3CVSS6.4AI score0.42623EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/13 3:23 a.m.•4 views

Juniper ScreenOS vulnerable to denial-of-service (DoS)

Overview ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When processing a malicious packe...

7.8CVSS6.6AI score0.01881EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/13 12:0 a.m.•41 views

JVN#28436508: Juniper ScreenOS vulnerable to denial-of-service (DoS)

ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Impact When processing a malicious packet, the device may hang. Solution Enable the "Ping of Death Screen" Enable the "Ping of Death Screen" setting according to the information provided by the developer...

7.1CVSS6AI score0.01881EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/10 5:13 a.m.•2 views

Cybozu Dezie vulnerable to cross-site scripting

Overview Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the web browser o...

4.3CVSS6AI score0.01284EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/10 12:0 a.m.•41 views

JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting

Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

4.3CVSS5.9AI score0.01284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 4:51 a.m.•3 views

Cybozu Garoon vulnerable to session fixation

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the...

6.8CVSS6.7AI score0.01309EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 4:49 a.m.•3 views

Cybozu Garoon vulnerable to mail header injection

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered...

4CVSS7.1AI score0.00962EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 4:46 a.m.•3 views

Cybozu Garoon vulnerable to denial-of-service (DoS)

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact A denial-of-service DoS attack via Garoon 3 Keitai may cause high CPU usage on the server. Solution Update the Software Update to the latest version according to th...

5CVSS6.6AI score0.0157EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 4:45 a.m.•1 views

Cybozu Garoon vulnerable to SQL injection

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function. Impact A user who can log in to the product may execute an arbitrary SQL command in the database that the product is referencing. Solution Update the Softwar...

6.5CVSS8AI score0.0104EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 4:37 a.m.•5 views

Multiple cross-site scripting vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provid...

5CVSS8.6AI score0.01792EPSS
Exploits0References37
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 12:0 a.m.•85 views

JVN#23981867: Multiple cross-site scripting vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS8.9AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 12:0 a.m.•38 views

JVN#87729477: Cybozu Garoon vulnerable to session fixation

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result, information may be disclosed or altered. Solution Update the Software Update to the latest versi...

6.8CVSS6.3AI score0.01309EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 12:0 a.m.•36 views

JVN#82375148: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function. Impact A user who can log in to the product may execute an arbitrary SQL command in the database that the product is referencing. Solution Update the Software Update ...

6.5CVSS7.4AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 12:0 a.m.•34 views

JVN#94245330: Cybozu Garoon vulnerable to denial-of-service (DoS)

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact A denial-of-service DoS attack via Garoon 3 Keitai may cause high CPU usage on the server. Solution Update the Software Update to the latest version according to the...

5CVSS6.2AI score0.0157EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 12:0 a.m.•40 views

JVN#84221103: Cybozu Garoon vulnerable to mail header injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered. Solutio...

3.5CVSS6.5AI score0.00962EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/29 5:23 a.m.•1 views

TOWN (modified version) vulnerable to directory traversal

Overview TOWN modified version provided by Tattyan's HP contains a directory traversal vulnerability. Misukuro reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may obtain arbitrary...

5CVSS6.8AI score0.01854EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/29 12:0 a.m.•33 views

JVN#41703192: TOWN (modified version) vulnerable to directory traversal

TOWN modified version provided by Tattyan's HP contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...

5CVSS6.6AI score0.01854EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/28 7:38 a.m.•5 views

Buffer Overflow Vulnerability in the log function of Interstage HTTP Server

Overview The log function ihsrlog/rotatelogs of Interstage HTTP Server contains a buffer overflow vulnerability. Impact An attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS7.7AI score0.01824EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 8:39 a.m.•3 views

KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates

Overview KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates. Yamano Yasuaki of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-mindd...

5.8CVSS6.6AI score0.00582EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 5:51 a.m.•4 views

D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

Overview DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the Web manager function. Note that this vulnerability is different from JVN65312543. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA...

7.8CVSS6.7AI score0.01772EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 5:50 a.m.•7 views

D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

Overview DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the implementation of SSH. Note that this vulnerability is different from JVN28812735. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IP...

6.8CVSS6.6AI score0.01198EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 12:0 a.m.•27 views

JVN#28812735: D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the Web manager function. Impact A remote attacker may cause the product to stop responding. Solution Update the Firmware Update to the latest version of firmware according to the informatio...

7.8CVSS6.1AI score0.01772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 12:0 a.m.•28 views

JVN#97810280: KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates

KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by th...

5.8CVSS6.3AI score0.00582EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 12:0 a.m.•23 views

JVN#65312543: D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the implementation of SSH. Impact A user who can login using SSH may cause the product to stop responding. Solution Update the Firmware Update to the latest version of firmware according to...

6.8CVSS6AI score0.01198EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 7:14 a.m.•5 views

EC-CUBE information disclosure vulnerability

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the develope...

5.5CVSS6.3AI score0.01172EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 6:56 a.m.•5 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.1AI score0.01883EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 6:48 a.m.•2 views

EC-CUBE information disclosure vulnerability

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Gen Sato reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.3AI score0.01504EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 6:40 a.m.•1 views

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Gen Sato reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS6.5AI score0.01079EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 6:34 a.m.•4 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error messages, which may lead to cross-site scripting. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6.2AI score0.01207EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 6:19 a.m.•1 views

EC-CUBE vulnerable to information disclosure

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6.4AI score0.01309EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•29 views

JVN#55630933: EC-CUBE information disclosure vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. Impact User's information may be obtained or altered by other user who visits the shopping site. Solution...

5.5CVSS6.2AI score0.01172EPSS
Exploits1
Total number of security vulnerabilities5625