Vulnerability Reports JP

past 12 months2016201520142013201220112010200920082007200620052004

2017

2017/07/20 JVN#48413726:
Multiple vulnerabilities in multiple Buffalo wireless LAN routers
2017/07/20 JVN#48823557:
Multiple Buffalo wireless LAN access point devices do not properly perform authentication
2017/07/19 JVN#77412145:
SONY Portable Wireless Server WG-C10 fails to restrict access permissions
2017/07/19 JVN#14151222:
Multiple vulnerabilities SONY Portable Wireless Server WG-C10
2017/07/14 JVN#61502349:
Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries
2017/07/13 JVN#42031953:
FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries
2017/07/12 JVN#02852421:
Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries
2017/07/11 JVN#81676004:
Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
2017/07/10 JVN#29939155:
Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries
2017/07/07 JVN#21627267:
Microsoft IME may insecurely load Dynamic Link Libraries
2017/07/07 JVN#21369452:
Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries
2017/07/06 JVN#63249051:
WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal
2017/07/04 JVN#39819446:
WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting
2017/07/04 JVN#20409270:
Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries
2017/07/04 JVN#82120115:
Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries
2017/07/04 JVN#95996423:
MFC-J960DWN vulnerable to cross-site request forgery
2017/07/03 JVN#06337557:
Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries
2017/07/03 JVN#43534286:
Multiple vulnerabilities in Cybozu Garoon
2017/06/30 JVN#45134765:
Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries
2017/06/30 JVN#23389212:
Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries
2017/06/28 JVN#79451345:
Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
2017/06/28 JVN#21174546:
Marp vulnerable to improper access control in JavaScript execution
2017/06/27 JVN#85901441:
Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway
2017/06/26 JVN#01775119:
Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries
2017/06/23 JVN#09293613:
Installer of Charamin OMP may insecurely load Dynamic Link Libraries
2017/06/20 JVN#24348065:
Multiple vulnerabilities in HOME SPOT CUBE2
2017/06/20 JVN#73550134:
WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting
2017/06/20 JVN#65411235:
Multiple I-O DATA network camera products vulnerable to cross-site request forgery
2017/06/15 JVN#56787058:
WordPress plugin "WP Job Manager" fails to restrict access permissions
2017/06/13 JVN#94771799:
Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries
2017/06/13 JVN#79738260:
Multiple vulnerabilities in WordPress plugin "WordPress Download Manager"
2017/06/13 JVN#25078144:
Source code security studying tool iCodeChecker vulnerable to cross-site scripting
2017/06/13 JVN#51355647:
WordPress plugin "WP-Members" vulnerable to cross-site scripting
2017/06/12 JVN#27198823:
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
2017/06/12 JVN#56588965:
Cybozu KUNAI for Android vulnerable to cross-site scripting
2017/06/09 JVN#65154137:
Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries
2017/06/09 JVN#34508179:
Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries
2017/06/09 JVN#67305782:
Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
2017/06/08 JVN#31236539:
[Simeji for Windows(β)] installer may insecurely load Dynamic Link Libraries
2017/06/08 JVN#52691241:
Multiple installers of the software provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
2017/06/07 JVN#99737748:
AppCheck may insecurely invoke an executable file
2017/06/06 JVN#01404851:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
2017/06/06 JVN#20870477:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
2017/06/06 JVN#32120290:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure
2017/06/06 JVN#80238098:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
2017/06/06 JVN#98617234:
WordPress plugin "Multi Feed Reader" vulnerable to SQL injection
2017/06/05 JVN#24087303:
Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries
2017/06/02 JVN#08020381:
Installer of SaAT Personal may insecurely load Dynamic Link Libraries
2017/06/02 JVN#91170929:
Installer of SaAT Netizen may insecurely load Dynamic Link Libraries
2017/06/01 JVN#06770361:
Installer of Tera Term may insecurely load Dynamic Link Libraries
2017/06/01 JVN#51274854:
Multiple software for Sharp IC Card Reader/Writer Devices may insecurely load Dynamic Link Libraries
2017/06/01 JVN#70951878:
WordPress plugin "WP Live Chat Support" vulnerable to cross-site scripting
2017/05/26 JVN#92422409:
The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
2017/05/25 JVN#41185163:
Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries
2017/05/25 JVN#75514460:
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries
2017/05/25 JVN#42164352:
GroupSession fails to restrict access permissions
2017/05/24 JVN#91438377:
SSL Visibility Appliance may generate illegal RST packets
2017/05/19 JVN#12493656:
The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries
2017/05/19 JVN#11326581:
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
2017/05/19 JVN#85512750:
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
2017/05/16 JVN#81820501:
FlashAir do not set credential information in PhotoShare
2017/05/16 JVN#46372675:
FlashAir fails to restrict access permissions in PhotoShare
2017/05/16 JVN#96165722:
WordPress plugin "WP Booking System" vulnerable to cross-site scripting
2017/05/16 JVN#24834813:
Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting
2017/05/16 JVN#70411623:
WordPress plugin "MaxButtons" vulnerable to cross-site scripting
2017/05/12 JVN#16248227:
PrimeDrive Desktop Application Installer may insecurely load executable files
2017/05/11 JVN#51978169:
The installer of SOY CMS vulnerable to cross-site scripting
2017/05/11 JVN#51819749:
SOY CMS vulnerable to directory traversal
2017/05/09 JVN#39605485:
The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
2017/05/09 JVN#87760109:
Nessus vulnerable to cross-site scripting
2017/04/25 JVN#71572107:
Installer of Vivaldi for Windows may insecurely load executable files
2017/04/21 JVN#48790793:
WNC01WH vulnerable to OS command injection
2017/04/20 JVN#54268888:
Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries
2017/04/20 JVN#93931029:
Hoozin Viewer vulnerable to buffer overflow
2017/04/20 JVN#54762089:
WordPress plugin "Booking Calendar" vulnerable to cross-site scripting
2017/04/20 JVN#18739672:
WordPress plugin "Booking Calendar" vulnerable to directory traversal
2017/04/19 JVN#86171513:
SEIL Series routers vulnerable to denial-of-service (DoS)
2017/04/18 JVN#08740778:
NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
2017/04/14 JVN#05340816:
Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
2017/04/14 JVN#01537659:
WN-AC1167GR vulnerable to cross-site scripting
2017/04/13 JVN#77253951:
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
2017/04/13 JVN#62392065:
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
2017/04/11 JVN#17535578:
Multiple vulnerabilities in Cybozu Office
2017/04/11 JVN#82019695:
ASSETBASE vulnerable to cross-site scripting
2017/04/10 JVN#87770873:
CS-Cart Japanese Edition vulnerable to cross-site request forgery
2017/04/10 JVN#14396697:
CS-Cart Japanese Edition fails to restrict access permissions
2017/04/10 JVN#25598952:
​CS-Cart Japanese Edition fails to restrict access permissions
2017/04/10 JVN#81024552:
Multiple vulnerabilities in WN-G300R3
2017/04/10 JVN#17633442:
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
2017/04/07 JVN#64451600:
Tablacus Explorer vulnerable to script injection
2017/03/30 JVN#55121369:
CentreCOM AR260S V2 vulnerable to privilege escalation
2017/03/23 JVN#55294532:
WordPress plugin "YOP Poll" vulnerable to cross-site scripting
2017/03/22 JVN#93699304:
Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
2017/03/16 JVN#11448789:
Security guide for website operators vulnerable to OS command injection
2017/03/13 JVN#88745657:
Cybozu KUNAI for Android information management vulnerability
2017/03/07 JVN#13003724:
OneThird CMS vulnerable to cross-site scripting
2017/03/07 JVN#49408248:
OneThird CMS vulnerable to cross-site scripting
2017/03/02 JVN#46830433:
Multiple I-O DATA network camera products multiple vulnerabilities
2017/03/01 JVN#88713190:
PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries
2017/03/01 JVN#82619692:
Access CX App fails to verify SSL server certificates
2017/02/28 JVN#73083905:
Multiple vulnerabilities in WBCE CMS
2017/02/28 JVN#63474730:
CubeCart vulnerable to directory traversal
2017/02/20 JVN#73182875:
Multiple vulnerabilities in Cybozu Garoon
2017/02/17 JVN#86200862:
Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries
2017/02/15 JVN#55489964:
Multiple vulnerabilities in Apache Brooklyn
2017/02/10 JVN#53880182:
TVer App for Android fails to verify SSL server certificates
2017/02/10 JVN#40667528:
Norton Download Manager may insecurely load Dynamic Link Libraries
2017/02/09 JVN#39008927:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery
2017/02/09 JVN#88176589:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass
2017/02/09 JVN#87662835:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding
2017/02/09 JVN#71666779:
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
2017/02/09 JVN#34207650:
Multiple cross-site scripting vulnerabilities in Webmin
2017/02/03 JVN#21114208:
Business LaLa Call App for Android fails to verify SSL server certificates
2017/02/03 JVN#01014759:
LaLa Call App for Android fails to verify SSL server certificates
2017/01/27 JVN#81618356:
CubeCart vulnerable to directory traversal
2017/01/24 JVN#09460804:
Knowledge vulnerable to cross-site request forgery
2017/01/24 JVN#12796388:
Nessus vulnerable to cross-site scripting
2017/01/24 JVN#50197114:
smalruby-editor vulnerable to OS command injection
2017/01/20 JVN#92395431:
Java (OGNL) code execution in Apache Struts 2 when devMode is enabled
2017/01/16 JVN#28331227:
MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal
2017/01/16 JVN#83917769:
AttacheCase vulnerable to directory traversal
2017/01/11 JVN#19241292:
Cybozu Remote Service Manager fails to verify client certificates
2017/01/06 JVN#71538099:
Olive Diary DX vulnerable to cross-site scripting
2017/01/06 JVN#12124922:
WEB SCHEDULE vulnerable to cross-site scripting
2017/01/06 JVN#60879379:
Olive Blog vulnerable to cross-site scripting

2016

2016/12/26 JVN#96681653:
WinSparkle issue where registry value is not validated
2016/12/26 JVN#90813656:
Wireshark for Windows issue where an arbitrary file may be deleted
2016/12/22 JVN#44566208:
H2O use-after-free vulnerability
2016/12/22 JVN#38755305:
BlueZ userland utilities vulnerable to buffer overflow
2016/12/22 JVN#84995847:[Critical]
SKYSEA Client View vulnerable to arbitrary code execution
2016/12/19 JVN#17980240:
Cybozu Garoon vulnerable to SQL injection
2016/12/19 JVN#16200242:
Cybozu Garoon vulnerable to directory traversal
2016/12/19 JVN#15222211:
Cybozu Garoon vulnerable to cross-site request forgery
2016/12/19 JVN#14631222:
Cybozu Garoon fails to restrict access permissions
2016/12/19 JVN#13218253:
Cybozu Garoon vulnerable to information disclosure
2016/12/19 JVN#12281353:
Cybozu Garoon vulnerable to cross-site scripting
2016/12/16 JVN#42070907:
Mutiple SONY Videoconference Systems do not properly perform authentication
2016/12/13 JVN#78980598:
Apache ActiveMQ vulnerable to cross-site scripting
2016/12/12 JVN#16781735:
Multiple access restriction bypass vulnerabilities in Cybozu Dezie
2016/12/07 JVN#28151745:
Sleipnir for Mac vulnerable to URL spoofing
2016/12/02 JVN#40613060:
Multiple vulnerabilities in WNC01WH
2016/12/01 JVN#08868688:
The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries
2016/11/30 JVN#25059363:
Multiple I-O DATA network camera products multiple vulnerabilities
2016/11/28 JVN#20252219:
kintone mobile for Android fails to verify SSL server certificates
2016/11/25 JVN#05493467:
Simple keitai chat vulnerable to cross-site scripting
2016/11/15 JVN#75396659:
DERAEMON-CMS vulnerable to cross-site scripting
2016/11/11 JVN#23549283:
CG-WLR300NX fails to restrict access permissions
2016/11/11 JVN#92237169:
CG-WLR300NX vulnerable to cross-site scripting
2016/11/11 JVN#23823838:
CG-WLR300NX vulnerable to cross-site request forgery
2016/11/11 JVN#25060672:
Multiple Corega wireless LAN routers vulnerable to cross-site scripting
2016/11/11 JVN#34103586:
Multiple I-O DATA network camera products vulnerable to information disclosure
2016/11/02 JVN#18228200:
Multiple vulnerabilities in WFS-SR01
2016/11/01 JVN#91002412:
The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
2016/11/01 JVN#27260483:
mobiGate App fails to verify SSL server certificates
2016/10/26 JVN#76780067:
Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
2016/10/20 JVN#14567604:
Multiple vulnerabilities in WordPress plugin WP-OliveCart
2016/10/19 JVN#03251132:
Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
2016/10/18 JVN#63012325:
The installer of e-Tax Software may insecurely load Dynamic Link Libraries
2016/10/13 JVN#70380788:
BASP21 vulnerable to mail header injection
2016/10/07 JVN#39619137:
Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
2016/10/07 JVN#32504719:
Usermin cross-site scripting vulnerabilties
2016/10/07 JVN#80157683:
SetucoCMS multiple vulnerabilities
2016/10/07 JVN#20786316:
Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)
2016/10/03 JVN#11288252:
Cybozu Office vulnerable to Reflected File Download (RFD)
2016/10/03 JVN#10092452:
Cybozu Office vulnerable to denial-of-service (DoS)
2016/10/03 JVN#09736331:
Cybozu Office vulnerable to information disclosure
2016/10/03 JVN#08736331:
Cybozu Office vulnerable to mail header injection
2016/10/03 JVN#07148816:
Multiple access restriction bypass vulnerabilities in Cybozu Office
2016/10/03 JVN#06726266:
Cybozu Office multiple cross-site scripting vulnerabilities
2016/10/03 JVN#46351856:
Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery
2016/09/29 JVN#92765814:
Multiple vulnerabilities in baserCMS
2016/09/29 JVN#72559412:
ManageEngine ServiceDesk Plus uses an insecure method for cookie generation
2016/09/29 JVN#89726415:
ManageEngine ServiceDesk Plus fails to restrict access permissions
2016/09/29 JVN#50347324:
ManageEngine ServiceDesk Plus vulnerable to cross-site scripting
2016/09/23 JVN#46087986:
Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting
2016/09/20 JVN#49343562:
Money Forward Apps for Android vulnerability that allows unintended operations
2016/09/20 JVN#61297210:
Money Forward Apps for Android vulnerable in the WebView class
2016/09/16 JVN#98126322:
Trend Micro Internet Security vulnerability where files may be excluded as scan targets
2016/09/16 JVN#74244518:
Splunk Enterprise and Splunk Light vulnerable to cross-site scripting
2016/09/16 JVN#64800312:
Splunk Enterprise and Splunk Light vulnerable to open redirect
2016/09/16 JVN#39926655:
Splunk Enterprise and Splunk Light vulnerable to open redirect
2016/09/16 JVN#71462075:
Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting
2016/09/15 JVN#94779084:
H2O use of externally-controlled format string
2016/09/15 JVN#18926672:
Zend Framework vulnerable to SQL injection
2016/09/14 JVN#55389065:
CS-Cart add-on "Twigmo" vulnerable to PHP object injection
2016/09/06 JVN#48237713:
ADOdb vulnerable to cross-site scripting
2016/08/31 JVN#85213412:
Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection
2016/08/25 JVN#05924524:
LINE for Windows fails to properly verify downloaded files
2016/08/24 JVN#94816361:
YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)
2016/08/23 JVN#42262137:
simple chat vulnerable to cross-site scripting
2016/08/22 JVN#93411577:
Cybozu Garoon fails to restrict access permissions
2016/08/22 JVN#89211736:
Cybozu Garoon vulnerable to authentication bypass
2016/08/22 JVN#83568336:
Cybozu Garoon vulnerable to SQL injection
2016/08/22 JVN#67595539:
Cybozu Garoon multiple cross-site scripting vulnerabilities
2016/08/22 JVN#67266823:
Cybozu Garoon vulnerable to open redirect
2016/08/19 JVN#09836883:
Geeklog IVYWE edition contains a cross-site scripting vulnerability
2016/08/18 JVN#58455472:
OSSEC Web UI vulnerable to cross-site scripting
2016/08/18 JVN#28386124:
ClipBucket vulnerable to cross-site scripting
2016/08/17 JVN#45583702:
Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
2016/08/16 JVN#04125292:
Cybozu Mailwise contains issue in preventing clickjacking attacks
2016/08/16 JVN#03052683:
Cybozu Mailwise vulnerable to information disclosure
2016/08/16 JVN#02576342:
Cybozu Mailwise vulnerable to information disclosure
2016/08/16 JVN#01353821:
Cybozu Mailwise vulnerable to mail header injection
2016/08/08 JVN#35062083:
Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery
2016/08/05 JVN#09470233:
Android stock browser vulnerable to denial-of-service (DoS)
2016/08/04 JVN#06920277:
Coordinate Plus App fails to verify SSL server certificates
2016/07/22 JVN#40696431:
EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection
2016/07/22 JVN#65273415:
Android OS issue where it is affected by the CRIME attack
2016/07/22 JVN#06212291:
Android OS Contacts app fails to restrict access permissions