Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 6:37 a.m.•4 views

Oracle WebLogic Server vulnerable to cross-site scripting

Overview Oracle WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Minetoshi Takizawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

3.5CVSS5.9AI score0.01074EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•22 views

JVN#38216398: osCommerce vulnerable to directory traversal

osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by the...

5CVSS6.5AI score0.096EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•27 views

JVN#36559450: osCommerce Japanese version vulnerable to cross-site scripting

osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the software Update to the latest version according to the...

4.3CVSS5.9AI score0.01145EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•27 views

JVN#54779201: Oracle WebLogic Server vulnerable to cross-site scripting

Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Impact An arbitrary script may be executed on the browser of the user who is logged into the administration console of Oracle WebLogic Server. Solution Update the Software Apply the latest update...

3.5CVSS5.5AI score0.01074EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•36 views

JVN#64386898: osCommerce vulnerable to cross-site scripting

osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by th...

4.3CVSS6AI score0.01135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 6:22 a.m.•2 views

Cogent DataHub vulnerable to cross-site scripting

Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center ICST, Taiwan R.O.C. reported this vulnerability to JPCERT/CC...

4.3CVSS6.1AI score0.01341EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 6:12 a.m.•6 views

Cogent DataHub vulnerable to HTTP header injection

Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology...

5.8CVSS7AI score0.01512EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 6:2 a.m.•7 views

Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service

Overview CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Kuang-Chun Hung of Security Research and Service Institute -...

5CVSS6.7AI score0.05107EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 12:0 a.m.•32 views

JVN#63249231: Cogent DataHub vulnerable to HTTP header injection

Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Impact If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on th...

5.8CVSS6.4AI score0.01512EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 12:0 a.m.•33 views

JVN#78901873: Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service

CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...

5CVSS6.1AI score0.05107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 12:0 a.m.•40 views

JVN#12983784: Cogent DataHub vulnerable to cross-site scripting

Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the...

4.3CVSS5.8AI score0.01341EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/06 10:53 a.m.•4 views

An authentication information Exposure Vulnerability in JP1/IT Resource Management - Manager

Overview An authentication information exposure vulnerability was found in JP1/IT Resource Management - Manager. Impact An authentication information might be exposured. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/06 10:51 a.m.•2 views

JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability

Overview JP1/Cm2/Network Node Manager i NNMi contains vulnerabilities could allow a remote attacker to cause a denial of service DoS condition or execute arbitrary code. Impact A remote attacker could cause a denial of service DoS condition or execute arbitrary code. Solution Please refer to the...

7.8CVSS7.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 5:49 a.m.•4 views

Movable Type Plugin MailForm vulnerable to cross-site scripting

Overview MailForm contains a cross-site scripting vulnerability. MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 5:28 a.m.•2 views

WordPress vulnerable to arbitrary PHP code execution

Overview WordPress contains a vulnerability where arbitrary PHP code may be executed. WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this...

6.5CVSS7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 5:26 a.m.•2 views

WordPress Japanese vulnerable to cross-site scripting

Overview WordPress Japanese contains a cross-site scripting vulnerability. WordPress provided by WordPress.Org is a weblog system. WordPress Japanese contains a cross-site scripting vulnerability. Katsuhiro Kawahara, Kozo Fukui of Kobe Digital Labo.,Inc. and Yuya Yoshida of Mitsui Bussan Secure...

4.3CVSS6.1AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 12:0 a.m.•17 views

JVN#44439553: WordPress Japanese vulnerable to cross-site scripting

WordPress provided by WordPress.Org is a weblog system. WordPress Japanese contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 12:0 a.m.•25 views

JVN#40498018: WordPress vulnerable to arbitrary PHP code execution

WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/26 12:0 a.m.•34 views

JVN#60887968: Movable Type Plugin MailForm vulnerable to cross-site scripting

MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the fixed version according to the information provided by the developer. Products Affected...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/22 9:16 a.m.•4 views

PukiWiki Plus! vulnerable to cross-site scripting

Overview PukiWiki Plus! contains a cross-site scripting vulnerability. PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Koki Nakayasu of Keiji Takeda Lab, Keio...

4.3CVSS5.8AI score0.01135EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/22 9:8 a.m.•8 views

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts may create web applications that contain a cross-site scripting vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting...

4.3CVSS6.1AI score0.33111EPSS
Exploits3References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/22 12:0 a.m.•31 views

JVN#76515037: PukiWiki Plus! vulnerable to cross-site scripting

PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS6.3AI score0.01135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/22 12:0 a.m.•63 views

JVN#25435092: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update t...

2.6CVSS8.9AI score0.33111EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/15 7:30 a.m.•1 views

Safari for iOS vulnerable to denial-of-service

Overview Safari for iOS contains a denial-of-service DoS vulnerability. Shuichiro Suzuki of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may be abl...

4.3CVSS6.5AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/15 7:26 a.m.•4 views

Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK

Overview Products that use the Preboot Execution Environment PXE SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories...

10CVSS7.8AI score0.05531EPSS
Exploits4References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/15 12:0 a.m.•45 views

JVN#05255562: Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK

Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Impact Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Solution Update the software Update according to th...

10CVSS2.4AI score0.05531EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/15 12:0 a.m.•13 views

JVN#15549168: Safari for iOS vulnerable to denial-of-service

Safari for iOS contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version of iOS according to the information provided by the developer. Products Affected Safari contained in iOS...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/09 8:8 a.m.•5 views

FFFTP may insecurely load executable files

Overview FFFTP may use unsafe methods for determining how to load executables .exe FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Fumihiko Sano reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.5AI score0.02192EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/09 12:0 a.m.•44 views

JVN#94002296: FFFTP may insecurely load executable files

FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...

9.3CVSS7.2AI score0.02192EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/08 8:15 a.m.•5 views

phpWebSite vulnerable to cross-site scripting

Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

4.3CVSS6.1AI score0.00921EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/08 12:0 a.m.•36 views

JVN#70502960: phpWebSite vulnerable to cross-site scripting

phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.9AI score0.00921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/06 8:45 a.m.•35 views

Etomite vulnerable to cross-site scripting

Overview Etomite contains a cross-site scripting vulnerability. Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

4.3CVSS5.8AI score0.00921EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/06 7:49 a.m.•3 views

PowerChute Business Edition vulnerable to cross-site scripting

Overview PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported th...

4.3CVSS6AI score0.00921EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/06 12:0 a.m.•34 views

JVN#04329324: Etomite vulnerable to cross-site scripting

Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

4.3CVSS6.2AI score0.00921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/02 12:0 a.m.•23 views

JVN#61695284: PowerChute Business Edition vulnerable to cross-site scripting

PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version accordin...

4.3CVSS5.7AI score0.00921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/21 9:23 a.m.•3 views

Nikki vulnerable to OS command injection

Overview Nikki from HP no Mawashimono contains an OS command injection vulnerability. Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.5CVSS7.3AI score0.02262EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/21 9:22 a.m.•3 views

Nikki vulnerable to directory traversal

Overview Nikki from HP no Mawashimono contains a directory traversal vulnerability. Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.5CVSS6.8AI score0.0174EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/21 12:0 a.m.•31 views

JVN#48839888: Nikki vulnerable to OS command injection

Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of the web server. Solution Update the software Update to the latest version according to the...

7.5CVSS7AI score0.02262EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/21 12:0 a.m.•24 views

JVN#80081509: Nikki vulnerable to directory traversal

Nikki from HP no Mawashimono is CGI software for posting diary entries. Nikki contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by...

7.5CVSS6.6AI score0.0174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/08 9:31 a.m.•2 views

ChaSen vulnerable to buffer overflow

Overview ChaSen provided by Nara Institute of Science and Technology contains a buffer overflow vulnerability. ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a...

9.3CVSS7.2AI score0.04153EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/08 9:25 a.m.•3 views

Iwate Portal Bar vulnerable to arbitrary script execution

Overview Iwate Portal Bar is vulnerable to arbitrary script execution. Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper...

4.3CVSS7AI score0.0098EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/08 12:0 a.m.•21 views

JVN#16901583: ChaSen vulnerable to buffer overflow

ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a buffer overflow. ChaSen legacy project has inherited development of ChaSen since 11/8/2011. Impact An arbitrary...

9.3CVSS6.1AI score0.04153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/08 12:0 a.m.•41 views

JVN#33861625: Iwate Portal Bar vulnerable to arbitrary script execution

Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An...

4.3CVSS6.3AI score0.0098EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/04 8:36 a.m.•5 views

WebObjects vulnerable to cross-site scripting

Overview WebObjects provided by Apple, contains a cross-site scripting vulnerability. WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...

4.3CVSS5.9AI score0.00845EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/04 8:34 a.m.•4 views

Opengear console servers vulnerable to authentication bypass

Overview Opengear console servers contains an authentication bypass vulnerability. Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Tadayoshi Nakahira reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7AI score0.01367EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/04 12:0 a.m.•37 views

JVN#37223351: WebObjects vulnerable to cross-site scripting

WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the develope...

4.3CVSS5.6AI score0.00845EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/04 12:0 a.m.•37 views

JVN#71349007: Opengear console servers vulnerable to authentication bypass

Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Impact A remote attacker may change the settings in the Opengear console server or gain access to products that are connected to the console server...

7.5CVSS6.8AI score0.01367EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/01 7:5 a.m.•9 views

CSWorks LiveData Service vulnerable to denial-of-service (DoS)

Overview LiveData Service, a server component of CSWorks contains a denial-of-service DoS vulnerability. LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Kuang-Chun Hung of Security Research and Service...

5CVSS6.7AI score0.02351EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/01 12:0 a.m.•28 views

JVN#98649286: CSWorks LiveData Service vulnerable to denial-of-service (DoS)

LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...

5CVSS6.3AI score0.02351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 9:3 a.m.•6 views

Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery

Overview Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged...

6.8CVSS6.6AI score0.00586EPSS
Exploits0References6
Total number of security vulnerabilities5625