Vulnerability Reports

past 12 months201520142013201220112010200920082007200620052004

2016

2016/12/07 JVN#28151745:
Sleipnir for Mac vulnerable to URL spoofing
2016/12/06 JVNVU#92900492:
三菱東京UFJ銀行 for Android vulnerable to SSL/TLS downgrade attack
2016/12/02 JVN#40613060:
Multiple vulnerabilities in WNC01WH
2016/12/01 JVN#08868688:
The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries
2016/11/30 JVN#25059363:
Multiple I-O DATA network camera products multiple vulnerabilities
2016/11/29 JVNVU#96435227:
Multiple SONY network cameras vulnerable to sensitive information disclosure
2016/11/28 JVN#20252219:
kintone mobile for Android fails to verify SSL server certificates
2016/11/25 JVN#05493467:
Simple keitai chat vulnerable to cross-site scripting
2016/11/18 JVNTA#94087669:
Using specially crafted PDF files to steal information
2016/11/15 JVN#75396659:
DERAEMON-CMS vulnerable to cross-site scripting
2016/11/11 JVN#23549283:
CG-WLR300NX fails to restrict access permissions
2016/11/11 JVN#92237169:
CG-WLR300NX vulnerable to cross-site scripting
2016/11/11 JVN#23823838:
CG-WLR300NX vulnerable to cross-site request forgery
2016/11/11 JVN#25060672:
Multiple Corega wireless LAN routers vulnerable to cross-site scripting
2016/11/11 JVN#34103586:
Multiple I-O DATA network camera products vulnerable to information disclosure
2016/11/02 JVN#18228200:
Multiple vulnerabilities in WFS-SR01
2016/11/01 JVN#91002412:
The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
2016/11/01 JVN#27260483:
mobiGate App fails to verify SSL server certificates
2016/10/26 JVN#76780067:
Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
2016/10/20 JVN#14567604:
Multiple vulnerabilities in WordPress plugin WP-OliveCart
2016/10/19 JVN#03251132:
Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
2016/10/18 JVN#63012325:
The installer of e-Tax Software may insecurely load Dynamic Link Libraries
2016/10/13 JVN#70380788:
BASP21 vulnerable to mail header injection
2016/10/07 JVN#39619137:
Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
2016/10/07 JVN#32504719:
Usermin cross-site scripting vulnerabilties
2016/10/07 JVN#80157683:
SetucoCMS multiple vulnerabilities
2016/10/07 JVN#20786316:
Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)
2016/10/03 JVN#11288252:
Cybozu Office vulnerable to Reflected File Download (RFD)
2016/10/03 JVN#10092452:
Cybozu Office vulnerable to denial-of-service (DoS)
2016/10/03 JVN#09736331:
Cybozu Office vulnerable to information disclosure
2016/10/03 JVN#08736331:
Cybozu Office vulnerable to mail header injection
2016/10/03 JVN#07148816:
Multiple access restriction bypass vulnerabilities in Cybozu Office
2016/10/03 JVN#06726266:
Cybozu Office multiple cross-site scripting vulnerabilities
2016/10/03 JVN#46351856:
Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery
2016/09/29 JVN#92765814:
Multiple vulnerabilities in baserCMS
2016/09/29 JVN#72559412:
ManageEngine ServiceDesk Plus uses an insecure method for cookie generation
2016/09/29 JVN#89726415:
ManageEngine ServiceDesk Plus fails to restrict access permissions
2016/09/29 JVN#50347324:
ManageEngine ServiceDesk Plus vulnerable to cross-site scripting
2016/09/23 JVN#46087986:
Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting
2016/09/20 JVN#49343562:
Money Forward Apps for Android vulnerability that allows unintended operations
2016/09/20 JVN#61297210:
Money Forward Apps for Android vulnerable in the WebView class
2016/09/16 JVN#98126322:
Trend Micro Internet Security vulnerability where files may be excluded as scan targets
2016/09/16 JVN#74244518:
Splunk Enterprise and Splunk Light vulnerable to cross-site scripting
2016/09/16 JVN#64800312:
Splunk Enterprise and Splunk Light vulnerable to open redirect
2016/09/16 JVN#39926655:
Splunk Enterprise and Splunk Light vulnerable to open redirect
2016/09/16 JVN#71462075:
Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting
2016/09/15 JVN#94779084:
H2O use of externally-controlled format string
2016/09/15 JVN#18926672:
Zend Framework vulnerable to SQL injection
2016/09/14 JVN#55389065:
CS-Cart add-on "Twigmo" vulnerable to PHP object injection
2016/09/06 JVN#48237713:
ADOdb vulnerable to cross-site scripting
2016/08/31 JVN#85213412:
Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection
2016/08/25 JVN#05924524:
LINE for Windows fails to properly verify downloaded files
2016/08/24 JVN#94816361:
YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)
2016/08/23 JVN#42262137:
simple chat vulnerable to cross-site scripting
2016/08/22 JVN#93411577:
Cybozu Garoon fails to restrict access permissions
2016/08/22 JVN#89211736:
Cybozu Garoon vulnerable to authentication bypass
2016/08/22 JVN#83568336:
Cybozu Garoon vulnerable to SQL injection
2016/08/22 JVN#67595539:
Cybozu Garoon multiple cross-site scripting vulnerabilities
2016/08/22 JVN#67266823:
Cybozu Garoon vulnerable to open redirect
2016/08/19 JVN#09836883:
Geeklog IVYWE edition contains a cross-site scripting vulnerability
2016/08/18 JVN#58455472:
OSSEC Web UI vulnerable to cross-site scripting
2016/08/18 JVN#28386124:
ClipBucket vulnerable to cross-site scripting
2016/08/17 JVN#45583702:
Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
2016/08/16 JVN#04125292:
Cybozu Mailwise contains issue in preventing clickjacking attacks
2016/08/16 JVN#03052683:
Cybozu Mailwise vulnerable to information disclosure
2016/08/16 JVN#02576342:
Cybozu Mailwise vulnerable to information disclosure
2016/08/16 JVN#01353821:
Cybozu Mailwise vulnerable to mail header injection
2016/08/08 JVN#35062083:
Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery
2016/08/05 JVN#09470233:
Android stock browser vulnerable to denial-of-service (DoS)
2016/08/04 JVN#06920277:
Coordinate Plus App fails to verify SSL server certificates
2016/07/22 JVN#40696431:
EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection
2016/07/22 JVN#65273415:
Android OS issue where it is affected by the CRIME attack
2016/07/22 JVN#06212291:
Android OS Contacts app fails to restrict access permissions
2016/07/20 JVN#01956993:
Vtiger CRM does not properly restrict access to application data
2016/07/20 JVN#13582657:
WordPress plugin "Nofollow Links" vulnerable to cross-site scripting
2016/07/15 JVN#68364327:
WAONサービスアプリ App for Android fails to verify SSL server certificates
2016/07/08 JVN#51565015:
LINE for Windows may insecurely load Dynamic Link Libraries
2016/07/01 JVNVU#95113461:
ManageEngine Password Manager Pro vulnerable to cross-site request forgery
2016/06/30 JVN#89379547:
Apache Commons FileUpload vulnerable to denial-of-service (DoS)
2016/06/29 JVN#30260727:
Sushiro App fails to verify SSL server certificates
2016/06/27 JVN#39594409:
DMM Movie Player App fails to verify SSL server certificates
2016/06/27 JVN#45034304:
Multiple Hikari Denwa routers vulnerable to cross-site request forgery
2016/06/27 JVN#77403442:
Multiple Hikari Denwa routers vulnerable to OS command injection
2016/06/27 JVN#42930233:
QNAP QTS vulnerable to cross-site scripting
2016/06/24 JVN#61578437:
WordPress plugin "Welcart e-Commerce" vulnerable to session management
2016/06/24 JVN#55826471:
WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
2016/06/24 JVN#95082904:
WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
2016/06/24 JVN#47363774:
WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection
2016/06/22 JVN#75028871:
CG-WLR300GNV Series does not limit authentication attempts
2016/06/22 JVN#24409899:
CG-WLBARAGM vulnerable to denial-of-service (DoS)
2016/06/22 JVN#76653039:
CG-WLBARGL vulnerable to command injection
2016/06/20 JVN#07710476:
Apache Struts 2 vulnerable to remote code execution
2016/06/20 JVN#12352818:
Apache Struts 2 vulnerable to denial-of-service (DoS)
2016/06/20 JVN#45093481:
Multiple vulnerabilities in Apache Struts 2
2016/06/16 JVN#55428526:
Deep Discovery Inspector vulnerable to remote code execution
2016/06/14 JVN#96052093:
ETX-R vulnerable to denial-of-service (DoS)
2016/06/14 JVN#61317238:
ETX-R vulnerable to cross-site request forgery
2016/06/08 JVN#15205734:
DX Library vulnerable to remote code execution
2016/06/07 JVN#74659077:
TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter
2016/06/07 JVN#65044642:
Apache Struts 1 vulnerable to input validation bypass
2016/06/07 JVN#03188560:
Apache Struts 1 vulnerability that allows unintended remote operations against components on memory
2016/06/02 JVN#48847535:
Trend Micro enterprise products multiple vulnerabilities
2016/06/02 JVN#48789425:
Trend Micro Internet Security multiple vulnerabilities
2016/05/30 JVN#53542912:
Cybozu Garoon fails to restrict access permissions
2016/05/30 JVN#49285177:
Cybozu Garoon vulnerable to cross-site scripting
2016/05/30 JVN#37121456:
Cybozu Garoon vulnerable to cross-site scripting
2016/05/30 JVN#33879831:
Cybozu Garoon fails to restrict access permissions
2016/05/30 JVN#32218514:
Cybozu Garoon vulnerable to open redirect
2016/05/30 JVN#26298347:
Cybozu Garoon vulnerable to denial-of-service (DoS)
2016/05/30 JVN#25765762:
Cybozu Garoon vulnerable to information disclosure
2016/05/30 JVN#14749391:
Multiple directory traversal vulnerabilities in Cybozu Garoon
2016/05/30 JVN#18975349:
Multiple access restriction bypass vulnerabilities in Cybozu Garoon
2016/05/30 JVN#13794955:
Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal
2016/05/30 JVN#40898764:
DMM.com Securities FX Apps for Android fail to verify SSL server certificates
2016/05/27 JVN#87859762:
H2O use-after-free vulnerability
2016/05/27 JVN#46888319:
Japan Connected-free Wi-Fi vulnerable to API execution
2016/05/27 JVN#75813272:
Multiple Buffalo wireless LAN routers vulnerable to information disclosure
2016/05/27 JVN#81698369:
Multiple Buffalo wireless LAN routers vulnerable to directory traversal
2016/05/27 JVN#24143619:
WebARENA formmail vulnerable to cross-site scripting
2016/05/26 JVN#00460236:
NetCommons vulnerable to privilege escalation
2016/05/25 JVN#26026353:
WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
2016/05/24 JVN#43529183:
Jetstar App for iOS fails to verify SSL server certificates
2016/05/24 JVN#85112513:
php-contact-form vulnerable to cross-site scripting
2016/05/24 JVN#56167268:
HumHub vulnerable to cross-site scripting
2016/05/20 JVN#42545812:
MP Form Mail CGI Professional Edition vulnerable to directory traversal
2016/05/19 JVNVU#97339542:
SaAT Netizen fails to properly verify downloaded installation and update files
2016/05/19 JVN#43076390:
Web Mailing List vulnerable to cross-site scripting
2016/05/18 JVN#11877654:
百五銀行 (105 BANK) App fails to verify SSL server certificates
2016/05/16 JVNVU#90405898:
ManageEngine Password Manager Pro fails to restrict access permissions
2016/05/16 JVNVU#92116866:[Critical]
Keitai Kit for Movable Type vulnerable to OS command injection
2016/05/16 JVN#11994518:
Cybozu KUNAI App fails to verify SSL server certificates
2016/05/16 JVN#03975805:
a-blog cms vulnerable to session management
2016/05/16 JVN#73166466:
a-blog cms vulnerable to cross-site scripting
2016/05/13 JVN#44657371:
WordPress plugin "Ninja Forms" vulnerable to PHP object injection
2016/05/13 JVN#91638315:
FileMaker server issue where PHP source code may be viewable
2016/05/12 JVN#22978346:
WN-G300R Series vulnerable to cross-site scripting
2016/05/12 JVN#25674893:
WN-GDN/R3 Series does not limit authentication attempts
2016/05/11 JVN#41772178:
Apache Cordova vulnerable to arbitrary plugin execution
2016/05/11 JVN#35341085:
Apache Cordova fails to restrict access permissions
2016/04/26 JVN#73776243:
EC-CUBE vulnerable to cross-site request forgery
2016/04/26 JVN#63384827:
Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting
2016/04/26 JVN#11458774:
EC-CUBE fails to restrict access permissions
2016/04/26 JVN#47473944:
EC-CUBE fails to restrict access permissions
2016/04/25 JVN#91816422:
kintone mobile for Android fails to verify SSL server certificates
2016/04/25 JVN#89026267:
kintone mobile for Android information management vulnerability
2016/04/22 JVN#00324715:
Electron may insecurely load Node modules
2016/04/19 JVN#11815655:
Photopt App fails to verify SSL server certificates
2016/04/13 JVN#00272277:
Tokyo Star bank App fails to verify SSL server certificates
2016/04/08 JVN#78482127:
EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting
2016/04/06 JVN#55801246:
baserCMS plugin "Casebook Plugin" multiple vulnerabilities
2016/04/06 JVN#26627848:
baserCMS plugin "Menubook Plugin" multiple vulnerabilities
2016/04/06 JVN#13288761:
baserCMS plugin "Recruit Plugin" multiple vulnerabilities
2016/04/04 JVN#28480773:
WisePoint contains issue in preventing clickjacking attacks
2016/04/04 JVN#47164236:
AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
2016/04/04 JVN#41875357:
ActiveX control for EVA Animator vulnerable to buffer overflow
2016/03/30 JVN#82020528:
Aterm WG300HP vulnerable to cross-site request forgery
2016/03/30 JVN#07818796:
Aterm WF800HP vulnerable to cross-site request forgery
2016/03/24 JVN#86517621:
WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
2016/03/02 JVN#59349382:
Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
2016/02/22 JVN#93535632:
Log-Chat vulnerable to cross-site scripting
2016/02/19 JVN#46044093:
LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)
2016/02/19 JVN#31524757:
EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
2016/02/19 JVN#78383854:
Internet Explorer cross-domain policy bypass
2016/02/19 JVN#69854312:
baserCMS vulnerable to OS command injection
2016/02/15 JVN#69278491:
Cybozu Office vulnerable to cross-site scripting
2016/02/15 JVN#71428831:
Cybozu Office vulnerable to open redirect
2016/02/15 JVN#64209269:
Cybozu Office vulnerable to cross-site request forgery
2016/02/15 JVN#48720230:
Cybozu Office access restriction bypass vulnerability
2016/02/15 JVN#47296923:
Cybozu Office vulnerable to information disclosure
2016/02/15 JVN#28042424:
Cybozu Office vulnerable to information disclosure
2016/02/15 JVN#20246313:
Cybozu Office vulnerable to denial-of-service (DoS)
2016/02/12 JVN#77012922:
Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting
2016/02/12 JVN#22578691:
Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates
2016/01/29 JVN#26921563:
JOB-CUBE vulnerable to cross-site scripting
2016/01/29 JVN#12165579:
Vine MV vulnerable to cross-site scripting
2016/01/29 JVN#03050861:
EXPRESSCLUSTER X vulnerable to directory traversal
2016/01/27 JVN#54686544:
HOME SPOT CUBE multiple vulnerabilities
2016/01/22 JVN#49225722:
Multiple Buffalo network devices vulnerable to cross-site scripting
2016/01/22 JVN#09268287:
Multiple Buffalo network devices vulnerable to cross-site request forgery
2016/01/18 JVN#47951769:
Shoplat App for iOS issue in the verification of SSL certificates
2016/01/15 JVN#45928828:
H2O vulnerable to HTTP header injection
2016/01/15 JVN#50899877:
acmailer vulnerable to OS command injection
2016/01/05 JVN#49476817:
DX Library vulnerable to buffer overflow