Vulnerability Reports

past 12 months201520142013201220112010200920082007200620052004

2015

2015/12/25 JVN#51250073:
CG-WLNCM4G may behave as an open resolver
2015/12/25 JVN#50775659:
CG-WLBARAGM may behave as an open proxy
2015/12/25 JVN#51349622:
CG-WLBARGS does not properly perform authentication
2015/12/17 JVN#43344629:
Welcart vulnerable to SQL injection
2015/12/17 JVN#64636058:
WinRAR may insecurely load executable files
2015/12/17 JVN#22533124:
Adobe Flash Player issue where iframe contents may be overwritten
2015/12/11 JVN#71730320:
Zend Framework vulnerable to SQL injection
2015/12/09 JVN#89965717:
WL-330NUL vulnerable to cross-site scripting
2015/12/09 JVN#85359294:
WL-330NUL vulnerable to denial-of-service (DoS)
2015/12/09 JVN#34489380:
WL-330NUL vulnerable to remote command execution
2015/12/09 JVN#69462495:
WL-330NUL information management vulnerability
2015/12/07 JVN#70083512:
Web Analytics Service vulnerable to cross-site scripting
2015/12/07 JVN#44541100:
GANMA! App for iOS fails to verify SSL server certificates
2015/12/03 JVN#55545372:
EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection
2015/11/30 JVN#72891124:
p++BBS vulnerable to cross-site scripting
2015/11/30 JVN#35845584:
Frame high-speed chat vulnerable to cross-site scripting
2015/11/27 JVN#18889193:
Apache Cordova vulnerable to improper application of whitelist restrictions
2015/11/27 JVN#12991684:
ManageEngine Firewall Analyzer fails to restrict access permissions
2015/11/27 JVN#21968837:
ManageEngine Firewall Analyzer vulnerable to directory traversal
2015/11/20 JVN#51046809:
ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting
2015/11/20 JVN#20649799:
Void vulnerable to cross-site scripting
2015/11/17 JVN#34780384:
Kirby vulnerable to arbitrary file creation
2015/11/17 JVN#29141986:
Gurunavi App for iOS fails to verify SSL server certificates
2015/11/17 JVN#64625488:
applican vulnerable to script injection
2015/11/17 JVN#71088919:
applican vulnerable to script injection
2015/11/13 JVN#25323093:
pWebManager vulnerable to OS command injection
2015/11/13 JVN#56210048:
Apple OS X authentication issue when recovering from sleep mode
2015/11/06 JVN#90135579:
SonicWall TotalSecure TZ 100 Series vulnerable to denial-of-service (DoS)
2015/11/05 JVN#80144272:
Multiple TYPE-MOON games vulnerable to OS command injection
2015/11/02 JVN#04281281:
ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection
2015/10/30 JVN#53973084:
HTML::Scrubber vulnerable to cross-site scripting
2015/10/30 JVN#48135658:
Multiple routers contain issue in preventing clickjacking attacks
2015/10/29 JVN#68289108:
Enisys Gw fails to restrict access permissions
2015/10/29 JVN#13874649:
Enisys Gw vulnerable to cross-site scripting
2015/10/29 JVN#33179297:
Enisys Gw vulnerable to arbitrary file creation
2015/10/29 JVN#58615092:
Enisys Gw vulnerable to SQL injection
2015/10/28 JVN#25086409:
ANA App fails to verify SSL server certificates
2015/10/26 JVN#97278546:
EC-CUBE vulnerable to cross-site request forgery
2015/10/16 JVN#25576608:
Avast vulnerable to directory traversal
2015/10/16 JVN#37825153:
AirDroid for Android vulnerable in handling of implicit intents
2015/10/15 JVN#92520335:
eXtplorer vulnerable to cross-site request forgery
2015/10/14 JVN#48211537:
Party Track SDK for iOS fails to verify server certificates
2015/10/09 JVN#84982142:
Pref Shimane CMS vulnerable to SQL injection
2015/10/09 JVN#02671769:
phpRechnung vulnerable to SQL injection
2015/10/09 JVN#13456571:
Dojo Toolkit vulnerable to cross-site scripting
2015/10/07 JVN#38369032:
Cybozu Garoon vulnerable to LDAP injection
2015/10/07 JVN#21025396:
Multiple PHP code execution vulnerabilitles in Cybozu Garoon
2015/10/02 JVN#27548431:
gollum vulnerable to file exposure
2015/10/02 JVN#65668004:
Dotclear vulnerable to cross-site scripting
2015/10/01 JVN#49503705:
Python for Windows may insecurely load dynamic libraries
2015/10/01 JVN#07676450:
Canary Labs Trend Web Server vulnerable to buffer overflow
2015/10/01 JVN#27462572:
AjaXplorer vulnerable to directory traversal
2015/09/30 JVN#79633796:
baserCMS vulnerable to SQL injection
2015/09/30 JVN#04855224:
baserCMS fails to restrict access permissions
2015/09/30 JVN#85118545:
MATCHA SNS access restriction bypass vulnerability
2015/09/30 JVN#08535069:
MATCHA SNS vulnerable to code injection
2015/09/30 JVN#66984217:
MATCHA INVOICE vulnerable to code injection
2015/09/30 JVN#18232032:
MATCHA INVOICE vulnerable to SQL injection
2015/09/29 JVN#20355129:
niconico App for iOS fails to verify SSL server certificates
2015/09/29 JVN#21612597:
Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection
2015/09/17 JVN#65602714:
H2O vulnerable to directory traversal
2015/09/16 JVN#19948778:
Photon vulnerable to URL whitelist bypass
2015/09/16 JVN#67586379:
Reversi vulnerable to URL whitelist bypass
2015/09/16 JVN#24517322:
Koritore vulnerable to URL whitelist bypass
2015/09/16 JVN#83862346:
MEGAPHONE MUSIC vulnerable to URL whitelist bypass
2015/09/16 JVN#71815309:
Auction Camera vulnerable to URL whitelist bypass
2015/09/16 JVN#73346595:
applican vulnerable to URL whitelist bypass
2015/09/11 JVN#07427376:
PIXMA MG7500 Series vulnerable to cross-site request forgery
2015/09/11 JVN#41048401:
Japan Connected-free Wi-Fi vulnerable to script injection
2015/09/11 JVN#04644117:
Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass
2015/09/07 JVN#62078684:
ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow
2015/09/04 JVN#00015036:
OpenDocMan vulnerable to cross-site scripting
2015/09/04 JVN#95989300:
Apache Struts vulnerable to cross-site scripting
2015/09/04 JVN#88408929:
Apache Struts vulnerable to cross-site scripting
2015/09/03 JVN#13684924:[Unreachable]
BBS X102 vulnerable to cross-site scripting
2015/09/03 JVN#24692261:[Unreachable]
hitSuji (rktSNS2) vulnetable to cross-site scripting
2015/09/02 JVN#08494613:
NScripter vulnerable to buffer overflow
2015/09/01 JVN#81207766:
Rakuten card App for iOS fails to verify SSL server certificates
2015/09/01 JVN#09283606:
desknet's NEO vulnerable to directory traversal
2015/09/01 JVN#77193915:
Twit BBS vulnerable to cross-site scripting
2015/08/27 JVN#91474878:
File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted
2015/08/20 JVN#17611367:
Apache Tapestry deserializes untrusted data
2015/08/18 JVN#17964918:
Multiple I-O DATA LAN routers vulnerable in UPnP functionality
2015/08/12 JVN#78240242:
Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery
2015/08/12 JVN#69175956:
Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting
2015/08/12 JVN#20459920:
Microsoft Office discloses a file path of a local file
2015/08/07 JVN#29053368:
Yodobashi App for Android fails to verify SSL server certificates
2015/08/07 JVN#70465405:
Yodobashi App for Android vulnerable to arbitrary Java method execution
2015/07/29 JVN#17522792:
yoyaku_v41 vulnerable to OS command injection
2015/07/29 JVN#52248864:
yoyaku_v41 vulnerable to authentication bypass
2015/07/29 JVN#46674982:
yoyaku_v41 vulnerable to arbitrary file creation
2015/07/28 JVN#86680970:
Gazou BBS plus vulnerability in file upload processing
2015/07/24 JVN#97971874:
Welcart vulnerable to cross-site scripting
2015/07/24 JVN#92828286:
Welcart vulnerable to SQL injection
2015/07/24 JVN#10559378:
Research Artisan Lite does not properly perform authentication
2015/07/24 JVN#58020495:
Research Artisan Lite vulnerable to cross-site scripting
2015/07/17 JVN#73568461:
PHP for Windows vulnerable to OS command injection
2015/07/15 JVN#19011483:
Thetis vulnerable to SQL injection
2015/07/15 JVN#64051989:
acmailer vulnerable to directory traversal
2015/07/10 JVN#22546110:
LINE@ vulnerable to script injection
2015/07/10 JVN#61935381:
Simple Oekaki BBS vulnerability where arbitary files may be deleted
2015/07/10 JVN#67540183:
Simple Oekaki BBS vulnerable to cross-site scripting
2015/07/09 JVN#55076671:
Cacti vulnerable to cross-site request forgery
2015/07/09 JVN#09758120:
Cacti vulnerable to cross-site scripting
2015/07/09 JVN#78187936:
Cacti vulnerable to cross-site scripting
2015/06/30 JVN#22677713:
OpenEMR vulnerable to authentication bypass
2015/06/30 JVN#77386811:
Explorer+ File Manager vulnerable to directory traversal
2015/06/25 JVN#25336719:
namshi/jose fails to verify token signatures
2015/06/25 JVN#96312698:
osCommerce Japanese version vulnerable to directory traversal
2015/06/23 JVN#19578958:
Symfony vulnerable to code injection
2015/06/18 JVN#83881261:
Ruby on Rails library Paperclip vulnerable to cross-site scripting
2015/06/12 JVN#18146081:
LoadLibrary function in Microsoft Windows fails to validate input properly
2015/06/12 JVN#19732015:
MilkyStep fails to restrict access permissions
2015/06/12 JVN#24336273:
BloBee vulnerable to arbitrary file creation
2015/06/09 JVN#74280258:
MilkyStep fails to restrict access permissions
2015/06/09 JVN#20879350:
MilkyStep vulnerable to cross-site scripting
2015/06/09 JVN#52478686:
MilkyStep vulnerable to SQL injection
2015/06/09 JVN#05559185:
MilkyStep vulnerable to OS command injection
2015/06/09 JVN#12241436:
MilkyStep vulnerable to cross-site request forgery
2015/06/09 JVN#16409640:
MilkyStep fails to restrict access permissions
2015/06/05 JVN#50447904:
Multiple Buffalo wireless LAN routers vulnerable to OS command injection
2015/06/05 JVN#79284156:
NetFlow Analyzer vulnerable to cross-site request forgery
2015/06/05 JVN#25598413:
NetFlow Analyzer fails to restrict access permissions
2015/06/05 JVN#98447310:
NetFlow Analyzer vulnerable to cross-site scripting
2015/06/03 JVN#06120222:
F21 JWT fails to verify token signatures
2015/06/03 JVN#95246510:
"Open Explorer Beta" App for Android vulnerable to directory traversal
2015/05/28 JVN#51176150:
ZenPhoto20 vulnerable to cross-site scripting
2015/05/28 JVN#68452022:
Zenphoto vulnerable to cross-site scripting
2015/05/27 JVN#61328139:
Apache Sling API and Servlets Post components vulnerable to cross-site scripting
2015/05/22 JVN#93976566:
SXF Common Library vulnerable to buffer overflow
2015/05/20 JVN#64459670:
mt-phpincgi vulnerable to PHP object injection
2015/05/19 JVN#78689801:
BGA32.DLL and QBga32.DLL contain multiple vulnerabilities
2015/05/15 JVN#75851252:
"Honda Moto LINC" App for Android fails to verify SSL server certificates
2015/05/14 JVN#18957556:
Cacti vulnerable to SQL injection
2015/05/12 JVN#20133698:
MailDealer vulnerable to cross-site scripting
2015/05/01 JVN#96439865:
EasyCTF vulnerable to session management
2015/05/01 JVN#07538357:
EasyCTF vulnerable to cross-site scripting
2015/05/01 JVN#67520407:
EasyCTF vulnerable to arbitrary file creation
2015/04/23 JVN#41653647:
TransmitMail vulnerable to directory traversal
2015/04/23 JVN#26860747:
TransmitMail vulnerable to cross-site scripting
2015/04/14 JVN#56297719:
JBoss RichFaces vulnerable to remote Java code execution
2015/04/10 JVN#91383083:
Seasar S2Struts vulnerable to input validation bypass
2015/04/09 JVN#12329472:
Lhaplus vulnerable to remote code execution
2015/04/09 JVN#02527990:
Lhaplus vulnerable to directory traversal
2015/04/07 JVN#71903938:
bBlog vulnerable to cross-site request forgery
2015/04/03 JVN#68819526:
"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates
2015/04/02 JVN#58784309:
Maruo Editor vulnerable to buffer overflow
2015/03/31 JVN#75615300:
All in One SEO Pack information management vulnerability
2015/03/27 JVN#81094176:
Android OS may behave as an open resolver
2015/03/26 JVN#97281747:
WordPress theme flashy vulnerable to cross-site scripting
2015/03/26 JVN#74547976:
Fumy Teacher's Schedule Board vulnerable to cross-site scripting
2015/03/24 JVN#86448949:
The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass
2015/03/20 JVN#41281927:
LINE vulnerable to script injection
2015/03/20 JVN#39175666:
MP Form Mail CGI eCommerce edition vulnerable to code injection
2015/03/17 JVN#97099798:
eXtplorer vulnerable to cross-site scripting
2015/03/06 JVN#87204433:
All In One WP Security & Firewall vulnerable to cross-site request forgery
2015/03/06 JVN#30832515:
All In One WP Security & Firewall vulnerable to SQL injection
2015/03/04 JVN#91016415:
Maroyaka Relay Novel vulnerable to cross-site scripting
2015/03/04 JVN#09871547:
Maroyaka Image Album vulnerable to cross-site scripting
2015/03/04 JVN#63687798:
Maroyaka Simple Board vulnerable to cross-site scripting
2015/03/03 JVN#55063777:
Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass
2015/03/03 JVN#93727681:
BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass
2015/02/27 JVN#63949115:
SEIL Series routers vulnerable to denial-of-service (DoS)
2015/02/27 JVN#77718330:
Vulnerability in the jBCrypt key stretching process
2015/02/27 JVN#88862608:
Joyful Note vulnerability in handling files
2015/02/27 JVN#62298871:
KENT-WEB Clip Board vulnerability where arbitary files may be deleted
2015/02/27 JVN#34790526:
checkpw vulnerable to denial-of-service (DoS)
2015/02/25 JVN#30135729:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
2015/02/25 JVN#44544694:
Zen Cart Japanese version vulnerable to cross-site scripting
2015/02/24 JVN#42768331:
Speed Software Root Explorer and Explorer vulnerable to directory traversal
2015/02/20 JVN#93318392:
AL-Mail32 vulnerable to buffer overflow
2015/02/20 JVN#55365709:
AL-Mail32 vulnerable to denial-of-service (DoS)
2015/02/20 JVN#77294617:
AL-Mail32 vulnerable to directory traversal
2015/02/20 JVN#64455813:
Squid input validation vulnerability
2015/02/17 JVN#73261710:
C-BOARD Moyuku vulnerable to arbitrary file creation
2015/02/17 JVN#18387086:
Saurus CMS Community Edition vulnerable to cross-site scripting
2015/02/13 JVN#48659722:
Smartphone Passbook for Android information management vulnerability
2015/02/13 JVN#14522790:
Smartphone Passbook fails to verify SSL server certificates