Vulnerability Reports

past 12 months2013201220112010200920082007200620052004

2014

2014/04/18 JVN#13313061:
TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery
2014/04/18 JVN#00058727:
Cybozu Remote Service Manager vulnerable to session fixation
2014/04/18 JVN#10319260:
Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
2014/04/18 JVN#22670349:
AndExplorer vulnerable to directory traversal
2014/04/16 JVN#93004610:
Redmine vulnerable to open redirect
2014/04/14 JVN#55438786:
Content Provider in CamiApp for Android fails to restrict access permissions
2014/04/11 JVN#47386847:
SD Card Manager vulnerable to directory traversal
2014/03/20 JVN#70029459:
ES File Explorer vulnerable to directory traversal
2014/03/20 JVN#14282890:
Silex vulnerable to cross-site scripting
2014/03/18 JVN#89260331:
sp mode mail vulnerability where Java methods may be executed
2014/03/18 JVN#05951929:
sp mode mail issue where emails in the process of creation may be accessed
2014/03/18 JVN#81739241:
sp mode mail issue when accessing attachments in incoming mail
2014/03/17 JVN#16263849:
Demaecan for Android. contains an issue where it fails to verify SSL server certificates
2014/03/17 JVN#38227002:
Unzipper vulnerable to directory traversal
2014/02/26 JVN#71045461:
Cybozu Garoon vulnerable to SQL injection
2014/02/26 JVN#26393529:
Cybozu Garoon vulnerable to directory traversal
2014/02/26 JVN#24035499:
Cybozu Garoon vulnerable to session management
2014/02/26 JVN#48810179:
Denny's App for Android. contains an issue where it fails to verify SSL server certificates
2014/02/26 JVN#02017463:
Norman Security Suite vulnerable to privilege escalation
2014/02/26 JVN#87797318:
XooNIps vulnerable to cross-site scripting
2014/02/21 JVN#24730765:
Blackboard Vista/CE vulnerable to cross-site scripting
2014/02/21 JVN#43254599:
AutoCAD may insecurely load dynamic libraries
2014/02/21 JVN#33382534:
AutoCAD vulnerable to arbitrary VBScript execution
2014/02/10 JVN#14876762:[Critical]
Apache Commons FileUpload vulnerable to denial-of-service (DoS)
2014/02/07 JVN#50943964:
phpMyFAQ vulnerable to cross-site request forgery
2014/02/07 JVN#30050348:
phpMyFAQ vulnerable to cross-site scripting
2014/02/06 JVN#23256725:
Opera browser for Android issue in handling intent scheme URL's
2014/01/31 JVN#30718178:
Joyful Note vulnerable to cross-site scripting
2014/01/28 JVN#28011378:
Sanshiro Series vulnerable to arbitrary code execution
2014/01/28 JVN#91153528:
Multiple SQL injection vulnerabilities in Cybozu Garoon
2014/01/24 JVN#69986880:
OpenPNE vulnerable to PHP Object Injection
2014/01/24 JVN#49384502:
SimZip (Simple Zip Viewer) vulnerable to directory traversal
2014/01/22 JVN#51770585:
EC-CUBE vulnerable to information disclosure
2014/01/22 JVN#17849447:
EC-CUBE vulnerable to information alteration
2014/01/22 JVN#81637882:
Information disclosure vulnerability in Sleipnir Mobile for Android
2014/01/10 JVN#85716574:
NeoFiler vulnerable to directory traversal
2014/01/10 JVN#44392991:
Security File Manager vulnerable to directory traversal
2014/01/10 JVN#51285738:
tetra filer vulnerable to directory traversal
2014/01/10 JVN#88313872:
ZIP with Pass vulnerable to directory traversal

2013

2013/12/26 JVN#69700259:
HP Autonomy Ultraseek vulnerable to cross-site scripting
2013/12/25 JVN#81706478:
Cybozu Garoon Keitai vulnerable to authentication bypass
2013/12/25 JVN#60997973:
Cybozu Garoon vulnerable to SQL injection
2013/12/24 JVN#63194482:
IrfanView vulnerable to buffer overflow
2013/12/24 JVN#13154935:
VMware ESX and ESXi may allow access to arbitrary files
2013/12/17 JVN#53768697:
Android OS vulnerable to arbitrary Java method execution
2013/12/13 JVN#28436508:
Juniper ScreenOS vulnerable to denial-of-service (DoS)
2013/12/10 JVN#21336955:
Cybozu Dezie vulnerable to cross-site scripting
2013/12/03 JVN#87729477:
Cybozu Garoon vulnerable to session fixation
2013/12/03 JVN#84221103:
Cybozu Garoon vulnerable to mail header injection
2013/12/03 JVN#94245330:
Cybozu Garoon vulnerable to denial-of-service (DoS)
2013/12/03 JVN#82375148:
Cybozu Garoon vulnerable to SQL injection
2013/12/03 JVN#23981867:
Multiple cross-site scripting vulnerabilities in Cybozu Garoon
2013/11/29 JVN#41703192:
TOWN (modified version) vulnerable to directory traversal
2013/11/22 JVN#97810280:
KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates
2013/11/22 JVN#28812735:
D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
2013/11/22 JVN#65312543:
D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
2013/11/20 JVN#06377589:
EC-CUBE vulnerable to cross-site scripting
2013/11/20 JVN#55630933:
EC-CUBE information disclosure vulnerability
2013/11/20 JVN#06870202:
EC-CUBE information disclosure vulnerability
2013/11/20 JVN#11221613:
EC-CUBE vulnerable to cross-site request forgery
2013/11/20 JVN#38790987:
EC-CUBE vulnerable to cross-site scripting
2013/11/20 JVN#61077110:
EC-CUBE vulnerable to information disclosure
2013/11/15 JVN#71256611:
ASP.NET vulnerable to open redirect
2013/11/12 JVN#44999463:
Ichitaro series vulnerable to arbitrary code execution
2013/11/07 JVN#28467717:
Page Scroller vulnerable to cross-site scripting
2013/11/07 JVN#12513975:
TOWN (modified version) vulnerable to cross-site scripting
2013/11/05 JVN#75720314:
Tiki Wiki CMS Groupware vulnerable to SQL injection
2013/11/05 JVN#81813850:
Tiki Wiki CMS Groupware vulnerable to cross-site scripting
2013/10/30 JVN#85336306:
Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)
2013/10/30 JVN#70739377:
Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)
2013/10/29 JVN#74608669:
RockDisk vulnerable to cross-site scripting
2013/10/18 JVN#52509236:
HDL-A and HDL2-A Series vulnerable in session management
2013/10/04 JVN#33788325:
Accela BizSearch vulnerable to cross-site scripting
2013/09/20 JVN#43152129:
SEIL Series routers vulnerable to buffer overflow
2013/09/20 JVN#40079308:
SEIL Series routers vulnerable in RADIUS authentication
2013/09/20 JVN#70245052:
D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
2013/09/20 JVN#03082733:
D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
2013/09/19 JVN#27443259:[Critical]
Internet Explorer vulnerable to arbitrary code execution
2013/09/19 JVN#62507275:
Multiple broadband routers may behave as open resolvers
2013/09/13 JVN#77455005:
ChamaCargo vulnerable to cross-site scripting
2013/09/12 JVN#01094166:
Opera vulnerable to cross-site scripting
2013/09/10 JVN#53014207:
Cybozu Office vulnerable to cross-site scripting
2013/09/06 JVN#19847770:
VMware ESX and ESXi vulnerable to buffer overflow
2013/09/06 JVN#72911629:
VMware ESX and ESXi vulnerable to directory traversal
2013/09/06 JVN#33504150:
Apache Struts vulnerable to remote command execution
2013/08/30 JVN#15973066:
EC-CUBE vulnerable to directory traversal when used in Windows
2013/08/21 JVN#24713981:
PHP OpenID Library vulnerable to XML external entity injection
2013/08/19 JVN#75084836:
Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
2013/08/19 JVN#68156832:
Yafuoku! contains an issue where it fails to verify SSL server certificates
2013/08/13 JVN#21103639:
Cybozu Mailwise vulnerable to information disclosure
2013/08/07 JVN#44035194:
docomo overseas usage application vulnerability in the connection process
2013/07/29 JVN#00065218:
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation
2013/07/26 JVN#25280162:
WordPress vulnerable to cross-site scripting
2013/07/22 JVN#26103805:
Oracle Enterprise Manager vulnerable to cross-site scripting
2013/07/19 JVN#38787103:
JBoss RichFaces vulnerable to remote code execution
2013/07/17 JVN#68663052:
Oracle Outside In vulnerable to denial-of-service (DoS)
2013/07/17 JVN#07497769:
Oracle Outside In vulnerable to buffer overflow
2013/07/16 JVN#19491840:
Cybozu Office session management vulnerability
2013/07/11 JVN#68773685:
AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)
2013/06/27 JVN#04161229:
EC-CUBE vulnerable to directory traversal
2013/06/27 JVN#98665228:
EC-CUBE vulnerable to cross-site scripting
2013/06/27 JVN#07192063:
EC-CUBE vulnerable to cross-site scripting
2013/06/27 JVN#34900750:
EC-CUBE vulnerable to code injection
2013/06/27 JVN#43886811:
EC-CUBE vulnerable to directory traversal
2013/06/27 JVN#85804149:
CLIP-MAIL vulnerable to cross-site scripting
2013/06/27 JVN#26394323:
POST-MAIL vulnerable to cross-site scripting
2013/06/18 JVN#19740283:
Cybozu Live for Android vulnerable in the WebView class
2013/06/18 JVN#63428218:
Cybozu Live for Android vulnerable to arbitrary Java method execution
2013/06/18 JVN#98712361:
Ichitaro series vulnerable to arbitrary code execution
2013/06/13 JVN#53622030:
Orchard vulnerable to cross-site scripting
2013/06/11 JVN#99813183:
Galapagos Browser vulnerable in the WebView class
2013/06/11 JVN#79301570:
Angel Browser vulnerable in the WebView class
2013/06/07 JVN#39218538:
Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates
2013/06/07 JVN#63901692:
Internet Explorer vulnerable to information disclosure
2013/06/03 JVN#48108258:
HP ProCurve 1700 series switches vulnerable to cross-site request forgery
2013/05/31 JVN#24560784:
Adobe Reader X vulnerable to sandbox bypass
2013/05/31 JVN#07354844:
Safari information disclosure vulnerability
2013/05/31 JVN#53579095:
FileMaker Pro vulnerable to cross-site scripting
2013/05/31 JVN#85812843:
FileMaker Pro fails to verify SSL server certificates
2013/05/29 JVN#90289505:
Content Provider in MovatwiTouch fails to restrict access permissions
2013/05/29 JVN#22756333:
Sleipnir Mobile for Android vulnerable to address bar spoofing
2013/05/27 JVN#31817913:
Yahoo! Browser vulnerable to address bar spoofing
2013/05/23 JVN#39699406:
EC-CUBE vulnerable to information disclosure as a result of improper input checking
2013/05/23 JVN#45306814:
EC-CUBE fails to restrict access permissions
2013/05/23 JVN#00985872:
EC-CUBE vulnerable to session fixation
2013/05/23 JVN#52552792:
EC-CUBE vulnerable to cross-site scripting
2013/05/20 JVN#10461119:
Cross-site scripting vulnerability in the web2py social bookmarking widget
2013/05/15 JVN#85371480:
Wi-Fi Spot Configuration Software vulnerability in the connection process
2013/05/13 JVN#18501376:
OpenPNE vulnerable to cross-site scripting
2013/05/08 JVN#61972596:
Online Service Gate vulnerable in Office 365 password management
2013/04/26 JVN#55074201:
Yahoo! Browser vulnerable to address bar spoofing
2013/04/26 JVN#01313594:
jigbrowser+ for Android vulnerable to address bar spoofing