Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 7:41 a.m.•6 views

SENCHA SNS vulnerable to cross-site request forgery

Overview SENCHA SNS contains a cross-site request forgery vulnerability. SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

6.8CVSS6.8AI score0.00643EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 7:40 a.m.•6 views

TOSHIBA TEC e-Studio series vulnerable to authentication bypass

Overview Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability. e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an...

10CVSS6.9AI score0.04725EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•32 views

JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass

e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...

10CVSS6.5AI score0.04725EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•29 views

JVN#44913777: SENCHA SNS vulnerable to cross-site request forgery

SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, arbitrary operations may be conducted on the vulnerable system. Solution Update the Software Update to the latest version provided by...

6.8CVSS6.6AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•27 views

JVN#97200417: SENCHA SNS vulnerable to session fixation

SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate an honest user of the affected product. As a result, information may be altered or obtained. Solution Update the Software Update to the latest...

4.3CVSS6.4AI score0.0118EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 5:31 a.m.•3 views

Janetter vulnerable to cross-site request forgery

Overview Janetter contains a cross-site request forgery vulnerability. Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA...

6.8CVSS6.7AI score0.00814EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 5:27 a.m.•2 views

Janetter vulnerable to information disclosure

Overview Janetter contains an information disclosure vulnerability. Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA. JPCERT/...

5CVSS6.2AI score0.016EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 3:4 a.m.•3 views

JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability

Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...

7.8CVSS7.4AI score0.02929EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 12:0 a.m.•40 views

JVN#83459967: Janetter vulnerable to cross-site request forgery

Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...

6.8CVSS6.5AI score0.00814EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 12:0 a.m.•42 views

JVN#10745573: Janetter vulnerable to information disclosure

Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, session information used to communicate with Twitter may be disclosed. Solution Update the software...

5CVSS6.2AI score0.016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/13 4:39 a.m.•21 views

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6AI score0.01822EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/13 4:36 a.m.•4 views

twicca fails to restrict access permissions

Overview twicca contains an issue where access permissions are not restricted. twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this...

5CVSS6.7AI score0.01563EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/13 12:0 a.m.•45 views

JVN#93406632: Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affecte...

4.3CVSS5.5AI score0.01822EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/13 12:0 a.m.•31 views

JVN#31860555: twicca fails to restrict access permissions

twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...

5CVSS6.4AI score0.01563EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/09 5:35 a.m.•3 views

Jenkins vulnerable to cross-site scripting

Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Note that this vulnerability is different from JVN14791558. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.3CVSS6.1AI score0.01137EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/09 5:28 a.m.•2 views

Jenkins vulnerable to cross-site scripting

Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA...

4.3CVSS6.1AI score0.01137EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/09 5:18 a.m.•3 views

SquirrelMail plugin Autocomplete vulnerable to cross-site scripting

Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...

4.3CVSS6AI score0.01443EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/09 12:0 a.m.•38 views

JVN#56653852: SquirrelMail plugin Autocomplete vulnerable to cross-site scripting

The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

4.3CVSS5.9AI score0.01443EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/09 12:0 a.m.•36 views

JVN#79950061: Jenkins vulnerable to cross-site scripting

Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN14791558. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...

4.3CVSS5.5AI score0.01137EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/09 12:0 a.m.•37 views

JVN#14791558: Jenkins vulnerable to cross-site scripting

Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...

4.3CVSS5.5AI score0.01137EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/05 6:50 a.m.•3 views

ES File Explorer fails to restrict access permissions

Overview ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted. ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Shiongu of satoweb and...

4.3CVSS6.4AI score0.01054EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/05 12:0 a.m.•33 views

JVN#08871006: ES File Explorer fails to restrict access permissions

ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Impact When using a specific function, a remote attacker may obtain local files that the application has permissions to view. Solution Upda...

4.3CVSS6.3AI score0.01054EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/01 5:3 a.m.•8 views

Kingsoft Internet Security 2011 vulnerable to denial-of-service

Overview Kingsoft Internet Security 2011 contains a denial-of-service DoS vulnerability. Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Satoshi TANDA of Fourteenforty Research Institute Inc. reported this vulnerability t...

4.9CVSS6.7AI score0.00387EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/01 12:0 a.m.•58 views

JVN#31517714: Kingsoft Internet Security 2011 vulnerable to denial-of-service

Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Impact An attacker that can login to the system with the software running may cause a denial-of-service DoS. Solution Update the Software Update to the latest version...

2.1CVSS6AI score0.00387EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 5:28 a.m.•3 views

Movable Type vulnerable to session hijacking

Overview Movable Type contains a session hijacking vulnerability. Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software...

7.5CVSS6.8AI score0.02677EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 5:21 a.m.•2 views

Movable Type vulnerable to OS command injection

Overview Movable Type contains an OS command injection vulnerability. Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest...

6.5CVSS7.7AI score0.02421EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 5:20 a.m.•4 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each produ...

4.3CVSS6.2AI score0.0134EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 5:19 a.m.•5 views

Movable Type vulnerable to cross-site request forgery

Overview Movable Type contains a cross-site request forgery vulnerability. Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or...

6.8CVSS6.5AI score0.01082EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 12:0 a.m.•37 views

JVN#49836527: Movable Type vulnerable to cross-site scripting

mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each product according to the information provided by the developer. Products...

4.3CVSS5.7AI score0.0134EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 12:0 a.m.•27 views

JVN#20083397: Movable Type vulnerable to session hijacking

Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software Update to the latest version of each product according to the...

7.5CVSS6.2AI score0.02677EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 12:0 a.m.•30 views

JVN#92683325: Movable Type vulnerable to OS command injection

Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest version of each product according to the information provided by the...

6.5CVSS7AI score0.02421EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 12:0 a.m.•36 views

JVN#70683217: Movable Type vulnerable to cross-site request forgery

Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or altered. Solution Update the software Update to the latest version for each...

6.8CVSS6AI score0.01082EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/22 5:44 a.m.•3 views

Multiple COOKPAD applications for Android vulnerable in WebView class

Overview Multiple COOKPAD applications for Android contain a vulnerability in WebView class. Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Gaku Mochizuki of Mitsui Bussan...

5CVSS6.6AI score0.01496EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/22 12:0 a.m.•46 views

JVN#25731073: Multiple COOKPAD applications for Android vulnerable in WebView class

Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Impact If an user of the affected product uses other malicious Android application, the information contained in the affecte...

5CVSS6.3AI score0.01496EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/15 8:14 a.m.•21 views

cforms II vulnerable to cross-site scripting

Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.1AI score0.04285EPSS
Exploits3References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/15 12:0 a.m.•51 views

JVN#35256978: cforms II vulnerable to cross-site scripting

cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS5.6AI score0.04285EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/13 6:58 a.m.•5 views

ALFTP may insecurely load executable files

Overview ALFTP may use unsafe methods for determining how to load executables. ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files. For example, if an user tries to open README a file without extention which exists in t...

9.3CVSS7.5AI score0.02207EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/13 12:0 a.m.•24 views

JVN#85695061: ALFTP may insecurely load executable files

ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files. For example, if an user tries to open README a file without extention which exists in the same directory where README.exe a file with .exe extention exists, README.ex...

9.3CVSS7AI score0.02207EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/10 5:29 a.m.•4 views

Apache Struts 2 vulnerable to an arbitrary Java method execution

Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...

10CVSS7.1AI score0.1388EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/10 12:0 a.m.•38 views

JVN#79099262: Apache Struts 2 vulnerable to an arbitrary Java method execution

Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action. Impact If a remote attacker sends a malformed request parameter ...

10CVSS9.5AI score0.1388EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/01 5:12 a.m.•4 views

Pocket WiFi (GP02) vulnerable to cross-site request forgery

Overview Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Pocket WiFi GP02 provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IPA...

6.8CVSS6.7AI score0.00641EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/01 12:0 a.m.•25 views

JVN#33021167: Pocket WiFi (GP02) vulnerable to cross-site request forgery

Pocket WiFi GP02 provided by eAccess Ltd. is a mobile wireless LAN router. Pocket WiFi GP02 contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, settings of Pocket WiFi GP02 may be initialized, or Pocket WiFi GP02 may be rebooted. Solution...

6.8CVSS6.6AI score0.00641EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/27 1:44 a.m.•4 views

Arbitrary Code Execution Vulnerability in Hitachi COBOL2002

Overview Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite contain a vulnerability where arbitrary code may be executed. Impact A remote attacker could execute arbitrary code via unknown attack vectors. Solution Please refer to the 'Vendor Information' section for the offici...

10CVSS7.7AI score0.04172EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/27 1:38 a.m.•4 views

Hitachi IT Operations Director Cross-Site Scripting Vulnerability

Overview Hitachi IT Operations Director contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/27 1:37 a.m.•4 views

Hitachi IT Operations Analyzer Cross-Site Scripting Vulnerability

Overview Hitachi IT Operations Analyzer contains a cross-site scripting vulnerability. Impact A remote attacker could inject arbitrary web script or HTML. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/23 9:27 a.m.•6 views

glucose 2 vulnerable to arbitrary script execution

Overview glucose 2 is vulnerable to arbitrary script execution. glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

4.3CVSS7AI score0.01135EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/23 12:0 a.m.•37 views

JVN#65869891: glucose 2 vulnerable to arbitrary script execution

glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Impact An arbitrary script may be executed on the vulnerable system. Solution Update the software Update to the latest version...

4.3CVSS6.5AI score0.01135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 7:23 a.m.•4 views

osCommerce Japanese version vulnerable to cross-site scripting

Overview osCommerce Japanese version contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this...

4.3CVSS6.1AI score0.01145EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 7:15 a.m.•5 views

osCommerce vulnerable to cross-site scripting

Overview osCommerce contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

4.3CVSS6.1AI score0.01135EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 7:9 a.m.•4 views

osCommerce vulnerable to directory traversal

Overview osCommerce contains a directory traversal vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to...

5CVSS6.9AI score0.096EPSS
Exploits1References8
Total number of security vulnerabilities5625