Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/22 2:23 a.m.•2 views

Improper Authentication Vulnerability in Handling of Revoked Certificate in Hitachi Web Server SSL Client Authentication

Overview SSL client authentication in Hitachi Web Server has a vulnerability which allows an attacker to access a Hitachi Web Server using the client certificates registered in the Certification Revocation List CRL. This vulnerability does not apply if SSL or SSL client authentication is not in...

4.3CVSS7.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/22 2:23 a.m.•1 views

TP1/Message Control Denial of Service (DoS) Vulnerability

Overview The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service DoS condition...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/22 12:0 a.m.•18 views

JVN#34729123 Explzh buffer overflow vulnerability

Explzh, a file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability when processing a LHA file header. Impact When processing a specially crafted LHA file, a remote attacker may be able to execute arbitrary code. Solution Update...

8.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/17 10:50 a.m.•3 views

Multiple vulnerabilities in ActiveGeckoBrowser

Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...

6.8CVSS7.8AI score0.02129EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/14 12:0 a.m.•26 views

JVN#67120749 Multiple vulnerabilities in ActiveGeckoBrowser

ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attacker may execute an arbitrary code or script, or conduct a denial of service DoS...

6.8CVSS7.6AI score0.02129EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/08 5:3 a.m.•2 views

Stack-Based Buffer Overflow Vulnerability in Collaboration Common Utility

Overview Collaboration Common Utility, a component of multiple Hitachi products, is vulnerable to stack-based buffer overflow when the Drag and Drop Component for Collaboration feature is also installed. Impact No details available. Solution Please refer to the 'Vendor Information' section for th...

10CVSS7.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/08 5:3 a.m.•1 views

Arbitrary Code Execution Vulnerability in CA ARCserve Backup and BrightStor ARCserve Backup

Overview The version of JRE shipped with CA ARCserve Backup and BrightStor ARCserve Backup is vulnerable to arbitrary code execution. Impact A remote attacker could execute arbitrary code on the affected system. Solution Please refer to the 'Vendor Information' section for the official...

10CVSS8.1AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/03 2:29 a.m.•4 views

e-Pares vulnerable to session fixation

Overview e-Pares contains a session fixation vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a session fixation vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web application...

4CVSS6.7AI score0.0174EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/03 2:29 a.m.•2 views

e-Pares vulnerable to cross-site request forgery

Overview e-Pares contains a cross-site request forgery vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the...

2.6CVSS6.6AI score0.00824EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/03 2:29 a.m.•2 views

e-Pares vulnerable to cross-site scripting

Overview e-Pares contains a cross-site scripting vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web...

4.3CVSS6.2AI score0.01645EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/02 12:0 a.m.•37 views

JVN#58439007: e-Pares vulnerable to cross-site scripting

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...

4.3CVSS5.9AI score0.01645EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/02 12:0 a.m.•40 views

JVN#82465391: e-Pares vulnerable to cross-site request forgery

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into e-Pares, facility reservation data may be altered. Solution Update the Software Update to the latest...

2.6CVSS6.2AI score0.00824EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/02 12:0 a.m.•25 views

JVN#36925871: e-Pares vulnerable to session fixation

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user may perform arbitrary operations. As a result, disclosure or alteration of information may occur. Solution Updat...

4CVSS6.5AI score0.0174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/01 8:37 a.m.•3 views

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. This vulnerability is different from JVN98467259. The "Ichitaro" series word processing software, from JustSystems Corporation contains a...

9.3CVSS7.9AI score0.05557EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/01 12:0 a.m.•37 views

JVN#17293765 Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...

9.3CVSS7.2AI score0.05557EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/18 2:34 a.m.•3 views

XMAP3 Arbitrary Code Execution Vulnerability

Overview An arbitrary code execution vulnerability exists in the system installed with XMAP3/Web, or it may experience unexpected shutdown of Internet Explorer. The same issues exist in the Web browser testing tool, a web system development feature that comes with XMAP3/NET and XMAP3/Enterprise...

9.3CVSS8.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/18 2:33 a.m.•1 views

Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability

Overview An arbitrary code execution vulnerability exists in several EUR Form and EUR products. Impact A remote attacker could execute arbitrary code through the affected web pages. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...

10CVSS8.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 7:43 a.m.•3 views

CapsSuite Small Edition PatchMeister vulnerable to denial of service

Overview CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Servers or...

7.8CVSS6.7AI score0.02816EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 7:42 a.m.•2 views

WebSAM DeploymentManager vulnerable to denial of service

Overview WebSAM DeploymentManager contains a denial of service DoS vulnerability. WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Servers or workstations that installed "Client Servic...

7.8CVSS6.7AI score0.02727EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 7:42 a.m.•4 views

Interstage Application Server vulnerable in request processing

Overview The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly. The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certa...

6.4CVSS6.6AI score0.01564EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 12:0 a.m.•29 views

JVN#82749282 CapsSuite Small Edition PatchMeister vulnerable to denial of service

CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for PTM" installed, a remote attacker may shut down or...

7.8CVSS6.7AI score0.02816EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 12:0 a.m.•42 views

JVN#90872372 WebSAM DeploymentManager vulnerable to denial of service

WebSAM DeploymentManager is a product that manages the distribution of security patches. WebSAM DeploymentManager contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for DPM" installed, a remote attacker may shut down or restart the operating...

7.8CVSS6.7AI score0.02727EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 12:0 a.m.•38 views

JVN#90248889: Interstage Application Server vulnerable in request processing

The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device. Impact Invalid requests may be processed or user information may be leaked...

6.4CVSS6.3AI score0.01564EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/12 6:25 a.m.•2 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/12 12:0 a.m.•22 views

JVN#92854093 Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS6.1AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/21 8:27 a.m.•4 views

Multiple Cybozu products vulnerable to authentication bypass

Overview Multiple Cybozu products contain an authentication bypass vulnerability. Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of ...

5.8CVSS6.8AI score0.01374EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/19 12:0 a.m.•35 views

JVN#87730223 Multiple Cybozu products vulnerable to authentication bypass

Multiple Cybozu products contain an issue in which the login page for mobile devices is not properly restrcited, leading to an authentication bypass vulnerability. As a result, an attacker may impersonate a user of a Cybozu product. Impact A remote attacker may view or modify information stored b...

5.8CVSS6.5AI score0.01374EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/12 8:17 a.m.•4 views

Ichitaro series vulnerable to arbitrary code execution

Overview The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Fo...

9.3CVSS7.9AI score0.04036EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/12 12:0 a.m.•24 views

JVN#98467259 Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...

9.3CVSS7.2AI score0.04036EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/09 7:36 a.m.•3 views

Accela BizSearch Access Control Bypass Vulnerability

Overview The local file seraching function in IntelligentSearch and Accela BizSearch is prone to an access control bypass vulnerability. Impact Users without permission can access restricted files on the local Windows machine via the BizSearch search results. Solution Please refer to the 'Vendor...

5CVSS6.6AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 8:47 a.m.•6 views

Cisco Router and Security Device Manager vulnerable to cross-site scripting

Overview Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability...

4.3CVSS6.1AI score0.00845EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 8:47 a.m.•2 views

MODx vulnerable to cross-site scripting

Overview MODx provided by The MODx CMS Project contains a cross-site scripting vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported th...

4.3CVSS6.1AI score0.01645EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 8:47 a.m.•2 views

MODx vulnerable to SQL injection

Overview MODx provided by The MODx CMS Project contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerabili...

7.5CVSS7.6AI score0.01096EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 8:47 a.m.•2 views

Internet Explorer information disclosure vulnerability

Overview Internet Explorer contains an information disclosure vulnerability. Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerabili...

6.5CVSS6.1AI score0.29229EPSS
Exploits1References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 12:0 a.m.•30 views

JVN#46669729 MODx vulnerable to cross-site scripting

MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

4.3CVSS5.6AI score0.01645EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 12:0 a.m.•34 views

JVN#14313132 Cisco Router and Security Device Manager vulnerable to cross-site scripting

Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Upda...

4.3CVSS5.8AI score0.00845EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 12:0 a.m.•33 views

JVN#19774883 MODx vulnerable to SQL injection

MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information...

7.5CVSS6.9AI score0.01096EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/07 12:0 a.m.•40 views

JVN#49467403 Internet Explorer information disclosure vulnerability

Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Impact When a user opens specially crafted web page, an attacker may be able to obtain sensitive information. Solution Update the software Apply the...

6.5CVSS5.7AI score0.29229EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/02 8:33 a.m.•2 views

HL-SiteManager vulnerable to SQL injection

Overview HL-SiteManager from Heartlogic contains a SQL injection vulnerability. HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wit...

7.5CVSS7.5AI score0.01063EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/02 8:32 a.m.•2 views

Compiere vulnerable to cross-site scripting

Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...

4.3CVSS6.1AI score0.01528EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/02 8:32 a.m.•2 views

Compiere vulnerable to cross-site scripting

Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...

4.3CVSS6AI score0.01528EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/02 8:31 a.m.•2 views

PrettyFormMail vulnerable to cross-site scripting

Overview PrettyFormMail from PrettyBook contains a cross-site scripting vulnerability. PrettyFormMail from PrettyBook is a software that sends emails with contents that are input into a HTML form. PrettyFormMail contains a cross-site scripting vulnerability. Masako Ohono reported this vulnerabili...

4.3CVSS6.1AI score0.01022EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/02 12:0 a.m.•31 views

JVN#60969543 HL-SiteManager vulnerable to SQL injection

HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Do not use HL-SiteManager As patches will not be provided, users are...

7.5CVSS6.9AI score0.01063EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/01 12:0 a.m.•22 views

JVN#38687002 Compiere vulnerable to cross-site scripting

Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN57963254. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS5.8AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/01 12:0 a.m.•28 views

JVN#57963254 Compiere vulnerable to cross-site scripting

Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN38687002. Impact When a user is logged into Compiere, an arbitrary script may b...

4.3CVSS5.8AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/01 12:0 a.m.•26 views

JVN#41842181 PrettyFormMail vulnerable to cross-site scripting

PrettyFormMail from PrettyBook is a software that sends emails with contents that are input into a HTML form. PrettyFormMail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use PrettyFormMail As patches will not ...

4.3CVSS5.9AI score0.01022EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/03/23 8:42 a.m.•4 views

ATOK screen lock bypass vulnerability

Overview ATOK from JustSystems Corporation contains a screen lock bypass vulnerability. ATOK from JustSystems Corporation is a software for Japanese Kana-Kanji conversion. ATOK contains an issue with the restriction of launching external applications, which may lead to a screen lock bypass...

7.2CVSS7.4AI score0.00394EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/03/23 8:42 a.m.•5 views

Ichitaro series buffer overflow vulnerability

Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN29211062, JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich...

9.3CVSS7.9AI score0.03475EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/03/15 3:21 a.m.•1 views

JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability

Overview Computer systems running the JP1/Cm2/Network Node Manager NNM Remote Console for Windows are vulnerable due to insecure file permissions set on the systems. Impact A local attacker could replace the affected files provided by the NNM Remote Console with arbitrary files. Solution Please...

6.6CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/03/12 6:29 a.m.•5 views

OpenPNE authentication bypass vulnerability

Overview OpenPNE contains an authentication bypass vulnerability. OpenPNE is an open source SNS Social Networking Service software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range...

5.8CVSS6.7AI score0.01074EPSS
Exploits0References7
Total number of security vulnerabilities5625