Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 10:21 a.m.•6 views

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported...

4.3CVSS6AI score0.01223EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 10:18 a.m.•5 views

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Sen UENO of Tricorder Co. Ltd...

4.3CVSS6AI score0.01223EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 10:15 a.m.•6 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6AI score0.01042EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 12:0 a.m.•40 views

JVN#54074460: Multiple Cybozu products vulnerable to cross-site scripting

Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the lates...

4.3CVSS5.7AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 12:0 a.m.•35 views

JVN#80877328: Multiple Cybozu products vulnerable to cross-site scripting

Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to...

4.3CVSS5.8AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 12:0 a.m.•38 views

JVN#59779256: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the latest version according to the information provided by the developer...

4.3CVSS5.8AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 12:0 a.m.•39 views

JVN#55508059: Cybozu Office vulnerable to cross-site scripting

Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Update the software Update to the late...

4.3CVSS5.8AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/20 6:37 a.m.•3 views

WeblyGo vulnerable to cross-site scripting

Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...

4.3CVSS6.1AI score0.01086EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/20 12:0 a.m.•23 views

JVN#43386477: WeblyGo vulnerable to cross-site scripting

WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...

4.3CVSS5.9AI score0.01086EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 10:4 a.m.•5 views

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability differs from other issues that were previously published on JVN. The "Ichitaro" series word processing software, from...

9.3CVSS8AI score0.05564EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:28 a.m.•3 views

Microsoft MSXML vulnerability in HTTP request processing

Overview MSXML provided by Microsoft contains a vulnerability in the processing of HTTP requests. MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to...

4.3CVSS6.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:25 a.m.•3 views

Microsoft Outlook read receipt function vulnerability

Overview Microsoft Outlook contains a vulnerability in the read receipt function. Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Ayako Kozakai of NTT DATA SECURITY CORPORATION...

2.6CVSS6.4AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:23 a.m.•2 views

ASP.NET vulnerable to cross-site scripting

Overview ASP.NET contains a cross-site scripting vulnerability. ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Masato Anzai of Mitsui Bussan Secure Directions, Inc. reported this vulnerabilit...

4.3CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:21 a.m.•4 views

Internet Explorer vulnerable to cross-site scripting

Overview Internet Explorer contains a cross-site scripting vulnerability. Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...

4.3CVSS6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:18 a.m.•4 views

Clipboard contents alteration vulnerability in Internet Explorer

Overview Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the...

5.8CVSS6.5AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 3:11 a.m.•2 views

Microsoft Windows VBScript implementation file name disclosure vulnerability

Overview The Microsoft Windows VBScript implementation contains a file name disclosure vulnerability. When VBScript is used to load an image file in Internet Explorer, there is a vulnerability where an unauthenticated attacker may confirm the existence of a particular file. Impact As a step prior...

5CVSS6.3AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/16 12:0 a.m.•28 views

JVN#87239473: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...

9.3CVSS7AI score0.05564EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•14 views

JVN#63451350: Clipboard contents alteration vulnerability in Internet Explorer

Internet Explorer contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Internet Explorer is used with certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard may be leaked or...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•11 views

JVN#72586781: ASP.NET vulnerable to cross-site scripting

ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•12 views

JVN#73643130: Microsoft MSXML vulnerability in HTTP request processing

MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server. Impact When going through a proxy server, information such as authentication...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•13 views

JVN#40382909: Microsoft Outlook read receipt function vulnerability

Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•12 views

JVN#26408023: Internet Explorer vulnerable to cross-site scripting

Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Impact An arbitrary script may be executed on the user's web browser when the setting for "Use folder view for FTP sites" is turned off. Note that this setting is turned on by default...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 7:23 a.m.•6 views

Java Web Start may insecurely load dynamic libraries

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path...

7.6CVSS7.5AI score0.02948EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 7:23 a.m.•5 views

Java Web Start may insecurely load settings files

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load settings files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...

7.6CVSS7.5AI score0.02437EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 7:22 a.m.•5 views

Java Web Start may insecurely load policy files

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load policy files. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file...

7.6CVSS7.5AI score0.02347EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 12:0 a.m.•32 views

JVN#29212182: Java Web Start may insecurely load policy files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load policy files. Impact An attacker may execute arbitrary code with the...

7.6CVSS8.7AI score0.02347EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 12:0 a.m.•50 views

JVN#18680611: Java Web Start may insecurely load dynamic libraries

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrar...

7.6CVSS8.7AI score0.02948EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 12:0 a.m.•39 views

JVN#09206238: Java Web Start may insecurely load settings files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load settings files. Impact An attacker may execute arbitrary code with t...

7.6CVSS8.7AI score0.02437EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/26 4:37 a.m.•8 views

WalRack upload file handilng vulnerability

Overview WalRack Walrus File Rack CGI contains a vulnerability in handling upload files. WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files. Impact An arbitrary PHP script may be executed on the server where WalRack is...

6.8CVSS6.9AI score0.01424EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/26 12:0 a.m.•26 views

JVN#46984044: WalRack upload file handilng vulnerability

WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files. Impact An arbitrary PHP script may be executed on the server where WalRack is installed. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.3AI score0.01424EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/25 8:37 a.m.•4 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Takesh...

5CVSS6.1AI score0.0105EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/25 12:0 a.m.•32 views

JVN#45658190: Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS6AI score0.0105EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/19 7:49 a.m.•3 views

iVIEW Suite vulnerable to SQL injection

Overview iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to...

7.5CVSS7.6AI score0.01258EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/19 12:0 a.m.•27 views

JVN#77697803: iVIEW Suite vulnerable to SQL injection

iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Impact A remote attacker may view or alter the information on the system. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.2AI score0.01258EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/17 8:17 a.m.•5 views

Virus Buster 2009 key input encryption function vulnerability

Overview Virus Buster 2009 contains a vulnerability within the key input encryption function. The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted. Nobuhiro Tsuji of NTT DATA SECURI...

2.1CVSS6.7AI score0.0023EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/17 12:0 a.m.•33 views

JVN#99175647: Virus Buster 2009 key input encryption function vulnerability

The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted. Impact When input information is stolen by a key logger, portions of the information may be leaked in plaintext. Solution Updat...

2.1CVSS6.3AI score0.0023EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/13 10:36 a.m.•5 views

Applications that use the Windows Help function may be vulnerable to privilege escalation

Overview Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the...

10CVSS6.4AI score0.01694EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/13 10:17 a.m.•4 views

La Fonera+ vulnerable to denial-of-service (DoS)

Overview La Fonera+ provided by FON contains a denial-of-service DoS vulnerability. La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service DoS vulnerability. Impact An attacker who can communicate with La Fonera+ directly may cause a denial-of-service DoS...

6.1CVSS6.6AI score0.00795EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/11 12:0 a.m.•24 views

JVN#96839637: La Fonera+ vulnerable to denial-of-service (DoS)

La Fonera+ provided by FON is a wireless LAN router. La Fonera+ contains a denial-of-service DoS vulnerability. Impact An attacker who can communicate with La Fonera+ directly may cause a denial-of-service DoS. Solution Update the firmware Update to the latest firmware version according to the...

6.1CVSS6.2AI score0.00795EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/11 12:0 a.m.•55 views

JVN#63898867: Applications that use the Windows Help function may be vulnerable to privilege escalation

Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus...

10CVSS6.2AI score0.01694EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 11:44 p.m.•6 views

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site request forgery vulnerability. EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Masako Oono reported this vulnerability to IP...

5.8CVSS6.4AI score0.0061EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 11:37 p.m.•3 views

Multiple Buffalo routers vulnerable to cross-site request forgery

Overview Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management...

5.8CVSS6.7AI score0.00475EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 11:32 p.m.•6 views

Multiple Yamaha routers vulnerable to denial-of-service (DoS)

Overview Multiple routers provided by Yamaha contain a denial-of-service vulnerability. Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IP...

7.8CVSS6.8AI score0.01633EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 12:0 a.m.•39 views

JVN#37878530: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...

5.8CVSS6AI score0.0061EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/19 12:0 a.m.•27 views

JVN#50505257: Multiple Buffalo routers vulnerable to cross-site request forgery

Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Impact If a user views a malicious page while logged into the management screen, settings...

5.8CVSS2.1AI score0.00475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/11 12:0 a.m.•39 views

JVN#55714408: Multiple Yamaha routers vulnerable to denial-of-service (DoS)

Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Impact A remote attacker may cause a denial-of-service DoS. Solution Update the firmware Update to the latest version of firmware according to the information provided by th...

7.8CVSS6.4AI score0.01633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/08 5:9 a.m.•3 views

Password Vault Web Access vulnerable to cross-site scripting

Overview Password Vault Web Access PVWA provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerabilit...

4.3CVSS5.9AI score0.01053EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/08 12:0 a.m.•39 views

JVN#11424086: Password Vault Web Access vulnerable to cross-site scripting

Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Apply a patch Apply t...

4.3CVSS5.8AI score0.01053EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/01 6:52 a.m.•3 views

Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability

Overview Hitachi Tuning Manager Software contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5CVSS6.3AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/27 11:11 p.m.•3 views

Picasa may insecurely load executable files

Overview Picasa may use unsafe methods for determining how to load executables .exe Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load...

6.9CVSS7.5AI score0.0032EPSS
Exploits1References8
Total number of security vulnerabilities5625