Vulnerability Reports JP
2024
- 2024/10/30 JVN#11779839:
- Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials
- 2024/10/28 JVN#78335885:
- Chatwork Desktop Application (Windows) uses a potentially dangerous function
- 2024/10/25 JVN#00876083:
- Multiple vulnerabilities in baserCMS
- 2024/10/18 JVN#41397971:
- Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software
- 2024/10/18 JVN#57285747:
- N-LINE vulnerable to HTML injection
- 2024/10/18 JVN#31982676:
- MUSASI version 3 performing authentication on client-side
- 2024/10/15 JVN#58721679:
- SHIRASAGI vulnerable to path traversal
- 2024/10/11 JVN#74538317:
- Multiple vulnerabilities in Exment
- 2024/10/10 JVN#54676967:
- baserCMS plugin "BurgerEditor" vulnerable to directory listing
- 2024/10/01 JVN#72148744:
- Apache Tomcat improper handling of TLS handshake process data
- 2024/09/30 JVN#39280069:
- RevoWorks Cloud vulnerable to unintended process execution
- 2024/09/30 JVN#42445661:
- Multiple vulnerabilities in Smart-tab
- 2024/09/27 JVN#21176842:
- MF Teacher Performance Management System vulnerable to cross-site scripting
- 2024/09/24 JVN#57749899:
- The installer of e-Tax software(common program) vulnerable to privilege escalation
- 2024/09/24 JVN#78356367:
- Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
- 2024/09/24 JVN#81966868:
- Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices
- 2024/09/18 JVN#19766555:
- Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
- 2024/09/18 JVN#42386607:
- Assimp vulnerable to heap-based buffer overflow
- 2024/09/09 JVN#05579230:
- Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
- 2024/09/09 JVN#67456481:
- Pgpool-II vulnerable to information disclosure
- 2024/09/09 JVN#65724976:
- WordPress Plugin "Forminator" vulnerable to cross-site scripting
- 2024/09/09 JVN#81570776:
- "@cosme" App fails to restrict custom URL schemes properly
- 2024/09/06 JVN#32529796:
- Multiple products from KINGSOFT JAPAN vulnerable to path traversal
- 2024/09/06 JVN#49873988:
- Secure Boot bypass Vulnerability in PRIMERGY
- 2024/09/04 JVN#67963942:
- WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
- 2024/08/30 JVN#29238389:
- IPCOM vulnerable to information disclosure
- 2024/08/30 JVN#25264194:
- Multiple vulnerabilities in WordPress plugin "Carousel Slider"
- 2024/08/29 JVN#08342147:
- WindLDR and WindO/I-NV4 store sensitive information in cleartext
- 2024/08/27 JVN#24885537:
- Multiple vulnerabilities in ELECOM wireless LAN routers and access points
- 2024/08/23 JVN#12824024:
- BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
- 2024/08/22 JVN#83440451:
- Multiple Safie products vulnerable to improper server certificate verification
- 2024/08/20 JVN#56648919:
- "Rakuten Ichiba App" fails to restrict custom URL schemes properly
- 2024/08/06 JVN#78728294:
- Firmware update for RICOH JavaTM Platform resets the TLS configuration
- 2024/08/06 JVN#29845579:
- Cybozu Office vulnerable to bypass browsing restrictions in Custom App
- 2024/08/05 JVN#70666401:
- Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
- 2024/08/05 JVN#50850706:
- Pimax Play and PiTool accept WebSocket connections from unintended endpoints
- 2024/07/30 JVN#26734798:
- FFRI AMC vulnerable to OS command injection
- 2024/07/30 JVN#26225832:
- EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting
- 2024/07/30 JVN#48324254:
- EC-CUBE 4 Series improper input validation when installing plugins
- 2024/07/30 JVN#06672778:
- Multiple vulnerabilities in ELECOM wireless LAN routers
- 2024/07/29 JVN#84326763:
- Multiple vulnerabilities in SKYSEA Client View
- 2024/07/29 JVN#16420523:
- SDoP vulnerable to stack-based buffer overflow
- 2024/07/26 JVN#02030803:
- ORC vulnerable to stack-based buffer overflow
- 2024/07/18 JVN#87710540:
- Assimp vulnerable to heap-based buffer overflow
- 2024/07/16 JVN#74825766:
- Cybozu Garoon vulnerable to cross-site scripting
- 2024/07/16 JVN#25583987:
- FUJITSU Network Edgiot GW1500 vulnerable to path traversal
- 2024/07/10 JVN#14294633:
- Out-of-bounds write vulnerability in Ricoh MFPs and printers
- 2024/07/09 JVN#81442045:
- Multiple vulnerabilities in multiple Webmin products
- 2024/07/08 JVN#28515217:
- Cleartext transmission issue in TONE store App to TONE store
- 2024/07/03 JVN#94347255:
- JP1/Extensible SNMP Agent fails to restrict access permissions
- 2024/06/28 JVN#01073312:
- "Piccoma" App uses a hard-coded API key for an external service
- 2024/06/26 JVN#34977158:
- WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery
- 2024/06/19 JVN#37818611:
- "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly
- 2024/06/19 JVN#60331535:
- WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page
- 2024/06/18 JVN#00442488:
- Multiple vulnerabilities in Ricoh Streamline NX PC Client
- 2024/06/18 JVN#65171386:
- Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
- 2024/06/12 JVN#25594256:
- Denial-of-service (DoS) vulnerability in IPCOM WAF function
- 2024/06/07 JVN#79213252:
- WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection
- 2024/06/07 JVN#55045256:
- Multiple vulnerabilities in "FreeFrom - the nostr client" App
- 2024/06/03 JVN#43215077:
- Multiple vulnerabilities in UNIVERSAL PASSPORT RX
- 2024/05/30 JVN#80506242:
- awkblog vulnerable to OS command injection
- 2024/05/29 JVN#22182715:
- Redmine DMSF Plugin vulnerable to path traversal
- 2024/05/29 JVN#15637138:
- EC-Orange vulnerable to authorization bypass
- 2024/05/28 JVN#17680667:
- Multiple vulnerabilities in Unifier and Unifier Cast
- 2024/05/28 JVN#71404925:
- Multiple vulnerabilities in UTAU
- 2024/05/24 JVN#56781258:
- Splunk Config Explorer vulnerable to cross-site scripting
- 2024/05/24 JVN#35838128:
- WordPress Plugin "WP Booking" vulnerable to cross-site scripting
- 2024/05/21 JVN#29471697:
- Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification
- 2024/05/17 JVN#85380030:
- WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal
- 2024/05/13 JVN#28869536:
- Multiple vulnerabilities in Cybozu Garoon
- 2024/05/10 JVN#83405304:
- "OfferBox" App uses a hard-coded secret key
- 2024/05/10 JVN#61054671:
- Phormer vulnerable to cross-site scripting
- 2024/05/09 JVN#97751842:
- Multiple vulnerabilities in MosP kintai kanri
- 2024/05/08 JVN#87694318:
- WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting
- 2024/04/24 JVN#62737544:
- Multiple vulnerabilities in RoamWiFi R10
- 2024/04/23 JVN#40079147:[Unreachable]
- TvRock vulnerable to denial-of-service (DoS)
- 2024/04/23 JVN#24683352:[Unreachable]
- TvRock vulnerable to cross-site request forgery
- 2024/04/18 JVN#50132400:
- Multiple vulnerabilities in WordPress Plugin "Forminator"
- 2024/04/16 JVN#23835228:
- Proscend Communications M330-W and M330-W5 vulnerable to OS command injection
- 2024/04/15 JVN#58236836:
- Multiple vulnerabilities in BUFFALO wireless LAN routers
- 2024/04/10 JVN#70977403:
- Multiple vulnerabilities in a-blog cms
- 2024/04/08 JVN#50361500:
- Multiple vulnerabilities in WordPress Plugin "Ninja Forms"
- 2024/04/05 JVN#82074338:
- Multiple vulnerabilities in NEC Aterm series
- 2024/03/29 JVN#23528780:
- "Yahoo! JAPAN" App vulnerable to cross-site scripting
- 2024/03/27 JVN#40367518:
- SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
- 2024/03/27 JVN#51098626:
- Multiple vulnerabilities in WordPress Plugin "Survey Maker"
- 2024/03/25 JVN#46874970:[Unreachable]
- 0ch BBS Script (0ch) vulnerable to cross-site scripting
- 2024/03/25 JVN#17176449:[Unreachable]
- ffBull vulnerable to OS command injection
- 2024/03/25 JVN#40523785:[Unreachable]
- Mini Thread vulnerable to cross-site scripting
- 2024/03/25 JVN#22376992:[Unreachable]
- WebProxy vulnerable to OS command injection
- 2024/03/25 JVN#69107517:[Unreachable]
- TvRock vulnerable to cross-site scripting
- 2024/03/25 JVN#13113728:[Unreachable]
- "EasyRange" may insecurely load executable files
- 2024/03/25 JVN#86206017:
- WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery
- 2024/03/18 JVN#94521208:
- Multiple vulnerabilities in FitNesse
- 2024/03/15 JVN#70640802:
- "ABEMA" App for Android fails to restrict access permissions
- 2024/03/08 JVN#48443978:
- a-blog cms vulnerable to directory traversal
- 2024/03/07 JVN#54451757:
- Multiple vulnerabilities in SKYSEA Client View
- 2024/03/06 JVN#34328023:
- FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
- 2024/03/06 JVN#82749078:
- Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management
- 2024/03/06 JVN#52919306:
- Toyoko Inn official App vulnerable to improper server certificate verification
- 2024/02/29 JVN#35928117:
- Protection mechanism failure in RevoWorks
- 2024/02/29 JVN#77203800:
- OET-213H-BTS1 missing authorization check in the initial configuration
- 2024/02/29 JVN#78084105:
- OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting
- 2024/02/27 JVN#73283159:
- Multiple vulnerabilities in baserCMS
- 2024/02/20 JVN#44166658:
- Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
- 2024/02/15 JVN#48966481:
- a-blog cms vulnerable to URL spoofing
- 2024/02/07 JVN#44033918:
- Zeroshell vulnerable to OS command injection
- 2024/02/06 JVN#18743512:
- Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)
- 2024/02/01 JVN#63567545:
- Group Office vulnerable to cross-site scripting
- 2024/02/01 JVN#41129639:
- Payment EX vulnerable to information disclosure
- 2024/01/24 JVN#70818619:
- "Mercari" App for Android fails to restrict custom URL schemes properly
- 2024/01/24 JVN#93541851:
- Oracle WebLogic Server vulnerable to HTTP header injection
- 2024/01/23 JVN#96154238:
- Android App "Spoon" uses a hard-coded API key for an external service
- 2024/01/23 JVN#77736613:
- Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
- 2024/01/23 JVN#01434915:
- Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
- 2024/01/23 JVN#40049211:
- Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
- 2024/01/22 JVN#73587943:
- Access analysis CGI An-Analyzer vulnerable to open redirect
- 2024/01/22 JVN#34565930:
- Multiple vulnerabilities in a-blog cms
- 2024/01/19 JVN#67215338:
- FusionPBX vulnerable to cross-site scripting
- 2024/01/18 JVN#83655695:
- Multiple Dahua Technology products vulnerable to authentication bypass
- 2024/01/16 JVN#63383723:
- Drupal vulnerable to improper handling of structural elements
- 2024/01/15 JVN#51135247:
- Pleasanter vulnerable to cross-site scripting
- 2024/01/15 JVN#96240417:
- Thermal camera TMC series vulnerable to insufficient technical documentation
- 2024/01/12 JVN#37326856:
- Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"
2023
- 2023/12/26 JVN#32646742:
- Multiple vulnerabilities in PowerCMS
- 2023/12/26 JVN#23771490:
- Multiple vulnerabilities in BUFFALO VR-S1000
- 2023/12/13 JVN#18715935:
- Multiple vulnerabilities in GROWI
- 2023/12/11 JVN#34145838:
- Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
- 2023/12/04 JVN#46895889:
- RakRak Document Plus vulnerable to path traversal
- 2023/12/01 JVN#45891816:
- Ruckus Access Point vulnerable to cross-site scripting
- 2023/11/20 JVN#15005948:
- Multiple vulnerabilities in LuxCal Web Calendar
- 2023/11/17 JVN#22220399:
- Multiple vulnerabilities in CubeCart
- 2023/11/17 JVN#13618065:
- Redmine vulnerable to cross-site scripting
- 2023/11/14 JVN#67822421:
- OSS Calendar vulnerable to SQL injection
- 2023/11/13 JVN#96209256:
- Multiple vulnerabilities in Pleasanter
- 2023/11/13 JVN#17806703:
- Multiple vulnerabilities in Cisco Firepower Management Center Software
- 2023/11/10 JVN#99177549:
- HOTELDRUID vulnerable to cross-site scripting
- 2023/11/10 JVN#86156389:
- Remarshal unlimitedly expanding YAML alias nodes
- 2023/11/07 JVN#29195731:
- EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
- 2023/11/02 JVN#14762986:
- Improper restriction of XML external entity references (XXE) in e-Tax software
- 2023/10/31 JVN#94132951:
- Cybozu Remote Service vulnerable to uncontrolled resource consumption
- 2023/10/30 JVN#48057522:
- Inkdrop vulnerable to code injection
- 2023/10/27 JVN#45547161:
- Multiple vulnerabilities in baserCMS
- 2023/10/25 JVN#39139884:
- Movable Type vulnerable to cross-site scripting
- 2023/10/23 JVN#02058996:
- HP ThinUpdate vulnerable to improper server certificate verification
- 2023/10/19 JVN#28846531:
- Multiple vulnerabilities in JustSystems products
- 2023/10/18 JVN#95981460:[Critical]
- Improper restriction of XML external entity references (XXE) in Proself
- 2023/10/16 JVN#80476432:
- web2py vulnerable to OS command injection
- 2023/10/16 JVN#58574030:
- Scanning evasion issue in Cisco Secure Email Gateway
- 2023/10/06 JVN#15808274:
- e-Gov Client Application fails to restrict custom URL schemes properly
- 2023/10/04 JVN#08237727:
- Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility
- 2023/10/02 JVN#39596244:
- Improper restriction of XML external entity references (XXE) in FD Application
- 2023/09/27 JVN#17434995:
- Shihonkanri Plus vulnerable to relative path traversal
- 2023/09/22 JVN#97197972:
- Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
- 2023/09/11 JVN#41113329:
- Pyramid vulnerable to directory traversal
- 2023/09/06 JVN#42691027:
- "direct" Desktop App for macOS fails to restrict access permissions
- 2023/09/05 JVN#78113802:
- Multiple vulnerabilities in F-RevoCRM
- 2023/09/05 JVN#92720882:
- Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
- 2023/09/04 JVN#82758000:
- Multiple vulnerabilities in SHIRASAGI
- 2023/08/31 JVN#60140221:
- Multiple vulnerabilities in i-PRO VI Web Client
- 2023/08/24 JVN#86484824:
- SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
- 2023/08/24 JVN#03447226:
- "Skylark" App fails to restrict custom URL schemes properly
- 2023/08/23 JVN#55217369:
- Rakuten WiFi Pocket vulnerable to improper authentication
- 2023/08/21 JVN#98946408:
- WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
- 2023/08/21 JVN#04876736:
- Multiple vulnerabilities in LuxCal Web Calendar
- 2023/08/18 JVN#19661362:[Critical]
- Multiple vulnerabilities in Proself
- 2023/08/17 JVN#46993816:
- EC-CUBE 2 series vulnerable to cross-site scripting
- 2023/08/09 JVN#84820712:
- "Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly
- 2023/08/07 JVN#42527152:
- "FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
- 2023/08/07 JVN#83334799:
- Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API
- 2023/08/04 JVN#38847224:
- Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext
- 2023/08/02 JVN#61337171:
- SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
- 2023/07/26 JVN#95727578:
- Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
- 2023/07/24 JVN#37857022:
- Improper restriction of XML external entity references (XXE) in Applicant Programme
- 2023/07/21 JVN#35897618:[Critical]
- GBrowse vulnerable to unrestricted upload of files with dangerous types
- 2023/07/20 JVN#90560760:
- Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"
- 2023/07/18 JVN#44726469:
- Improper restriction of XML external entity references (XXE) in XBRL data create application
- 2023/07/11 JVN#05223215:
- Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
- 2023/07/03 JVN#64316789:
- Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
- 2023/06/30 JVN#32739265:
- "NewsPicks" App uses a hard-coded API key for an external service
- 2023/06/27 JVN#97127032:
- WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
- 2023/06/27 JVN#78634340:
- Multiple vulnerabilities in WAVLINK WL-WN531AX2
- 2023/06/27 JVN#38343415:
- Multiple vulnerabilities in Aterm series
- 2023/06/22 JVN#97818024:
- Multiple vulnerabilities in Pleasanter
- 2023/06/20 JVN#70502982:
- SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
- 2023/06/16 JVN#19748237:
- Multiple vulnerabilities in Panasonic AiSEG2
- 2023/06/13 JVN#96828492:
- Chatwork Desktop Application (Mac) vulnerable to code injection
- 2023/06/12 JVN#36060509:
- "WPS Office" vulnerable to OS command injection
- 2023/06/09 JVN#34232595:
- ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute
- 2023/06/09 JVN#28412757:
- Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT
- 2023/06/01 JVN#33836375:
- "Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification
- 2023/05/31 JVN#62111727:
- Pleasanter vulnerable to cross-site scripting
- 2023/05/31 JVN#38222042:
- DataSpider Servista uses a hard-coded cryptographic key
- 2023/05/30 JVN#95981715:
- Starlette vulnerable to directory traversal
- 2023/05/26 JVN#19243534:
- ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal
- 2023/05/25 JVN#90278893:
- Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access
- 2023/05/22 JVN#45127776:
- Tornado vulnerable to open redirect
- 2023/05/19 JVN#14778242:
- Multiple vulnerabilities in T&D and ESPEC MIC data logger products
- 2023/05/18 JVN#48687031:
- Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay
- 2023/05/15 JVN#41694426:
- Multiple vulnerabilities in Cybozu Garoon
- 2023/05/15 JVN#01093915:
- Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"
- 2023/05/12 JVN#11705010:
- Beekeeper Studio vulnerable to code injection
- 2023/05/10 JVN#31701509:
- Multiple vulnerabilities in MicroEngine Mailform
- 2023/05/09 JVN#59341308:
- WordPress Plugin "Newsletter" vulnerable to cross-site scripting
- 2023/05/09 JVN#95792402:
- WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting
- 2023/05/09 JVN#80476232:
- SR-7100VN vulnerable to privilege escalation
- 2023/05/08 JVN#13306058:
- JINS MEME CORE uses a hard-coded cryptographic key
- 2023/05/08 JVN#01937209:
- LINE WORKS Drive Explorer vulnerable to code injection
- 2023/04/24 JVN#00971105:
- WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting
- 2023/04/19 JVN#73178249:
- Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
- 2023/04/19 JVN#99657911:
- WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery
- 2023/04/19 JVN#50862842:
- EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass
- 2023/04/17 JVN#14492006:
- API server of TONE Family vulnerable to authentication bypass using an alternate path
- 2023/04/17 JVN#87559956:
- Joruri Gw vulnerable to cross-site scripting
- 2023/04/14 JVN#36340790:
- JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor
- 2023/04/14 JVN#76257155:
- Trend Micro Security may insecurely load Dynamic Link Libraries
- 2023/04/04 JVN#79149117:
- Multiple vulnerabilities in JustSystems products
- 2023/04/04 JVN#75742861:
- Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool
- 2023/03/31 JVN#38170084:
- HAProxy vulnerable to HTTP request/response smuggling
- 2023/03/31 JVN#40604023:[Critical]
- Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
- 2023/03/27 JVN#61105618:
- baserCMS vulnerable to arbitrary file uploads
- 2023/03/24 JVN#35246979:
- ELECOM WAB-MAT registers its windows service executable with an unquoted file path
- 2023/03/17 JVN#62420378:
- TP-Link T2600G-28SQ uses vulnerable SSH host keys
- 2023/03/13 JVN#64453490:
- Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service
- 2023/03/08 JVN#82424996:
- Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
- 2023/03/06 JVN#19872280:
- Multiple vulnerabilities in PostgreSQL extension module pg_ivm
- 2023/03/01 JVN#57224029:
- Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
- 2023/02/28 JVN#04785663:
- Multiple cross-site scripting vulnerabilities in EC-CUBE
- 2023/02/28 JVN#78253670:
- web2py development tool vulnerable to open redirect
- 2023/02/22 JVN#18765463:
- Multiple cross-site scripting vulnerabilities in SHIRASAGI
- 2023/02/14 JVN#00712821:
- Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools
- 2023/02/14 JVN#60263237:
- The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries
- 2023/02/13 JVN#98612206:
- Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G
- 2023/02/10 JVN#60320736:
- NEC PC Settings Tool vulnerable to missing authentication for critical function
- 2023/02/06 JVN#11257333:
- Ichiran App vulnerable to improper server certificate verification
- 2023/01/31 JVN#22830348:
- Vulnerability in Driver Distributor where passwords are stored in a recoverable format
- 2023/01/31 JVN#84642320:
- SUSHIRO App for Android outputs sensitive information to the log file
- 2023/01/24 JVN#01398015:
- pgAdmin 4 vulnerable to directory traversal
- 2023/01/24 JVN#05288621:
- EasyMail vulnerable to cross-site scripting
- 2023/01/23 JVN#72418815:
- Pgpool-II vulnerable to information disclosure
- 2023/01/17 JVN#31073333:
- WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal
- 2023/01/12 JVN#57296685:
- Multiple vulnerabilities in PIXELA PIX-RT100
- 2023/01/11 JVN#99957889:
- Multiple vulnerabilities in MAHO-PBX NetDevancer series
- 2023/01/11 JVN#03832974:
- pgAdmin 4 vulnerable to open redirect
- 2023/01/11 JVN#78481846:
- TP-Link SG105PE vulnerable to authentication bypass
- 2023/01/06 JVN#55675303:
- Digital Arts m-FILTER vulnerable to improper authentication
- 2023/01/05 JVN#16765254:
- Multiple code injection vulnerabilities in ruby-git
2022
- 2022/12/21 JVN#29902403:
- Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries
- 2022/12/21 JVN#43561812:
- +Message App improper handling of Unicode control characters
- 2022/12/19 JVN#06093462:
- Zenphoto vulnerable to cross-site scripting
- 2022/12/19 JVN#13075438:
- Corel Roxio Creator LJB starts a program with an unquoted file path
- 2022/12/15 JVN#96321933:
- Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM
- 2022/12/13 JVN#60211811:
- Redmine vulnerable to cross-site scripting
- 2022/11/25 JVN#87895771:
- Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption
- 2022/11/25 JVN#53682526:
- Multiple cross-site scripting vulnerabilities in baserCMS
- 2022/11/24 JVN#29657972:
- TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input
- 2022/11/21 JVN#26044739:
- Typora fails to properly neutralize JavaScript code
- 2022/11/18 JVN#13927745:
- WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables
- 2022/11/16 JVN#24659622:
- RICOH Aficio SP 4210N vulnerable to cross-site scripting
- 2022/11/16 JVN#37014768:
- Multiple vulnerabilities in Movable Type
- 2022/11/14 JVN#54728399:
- TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation
- 2022/11/10 JVN#75437943:
- Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure
- 2022/11/08 JVN#59663854:
- WordPress Plugin "Salon booking system" vulnerable to cross-site scripting
- 2022/11/08 JVN#09409909:
- Multiple vulnerabilities in WordPress
- 2022/11/01 JVN#46345126:
- Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers
- 2022/10/28 JVN#74285622:
- Multiple vulnerabilities in FUJI SOFT network devices
- 2022/10/25 JVN#86350682:
- Multiple vulnerabilities in SHIRASAGI
- 2022/10/20 JVN#56968681:
- Multiple vulnerabilities in nadesiko3
- 2022/10/19 JVN#10921428:
- Lemon8 App fails to restrict access permissions
- 2022/10/14 JVN#74534998:
- Android App "IIJ SmartKey" vulnerable to information disclosure
- 2022/10/11 JVN#74592196:[Critical]
- bingo!CMS vulnerable to authentication bypass
- 2022/10/11 JVN#40620121:
- The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries
- 2022/10/07 JVN#00845253:
- Growi vulnerable to improper access control
- 2022/10/06 JVN#15411362:
- IPFire WebUI vulnerable to cross-site scripting
- 2022/09/30 JVN#78862034:
- BookStack vulnerable to cross-site scripting
- 2022/09/15 JVN#21213852:
- Multiple vulnerabilities in EC-CUBE
- 2022/09/15 JVN#30900552:
- EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files
- 2022/09/14 JVN#36454862:[Critical]
- Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service
- 2022/09/09 JVN#48120704:
- Movable Type plugin A-Form vulnerable to cross-site scripting
- 2022/09/05 JVN#34205166:
- SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
- 2022/09/02 JVN#76024879:
- PowerCMS XMLRPC API vulnerable to command injection
- 2022/08/29 JVN#44721267:
- Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries
- 2022/08/29 JVN#45473612:
- Multiple vulnerabilities in CentreCOM AR260S V2
- 2022/08/24 JVN#57728859:
- Movable Type XMLRPC API vulnerable to command injection
- 2022/08/24 JVN#46239102:
- Multiple vulnerabilities in Exment
- 2022/08/23 JVN#43979089:
- PukiWiki vulnerable to cross-site scripting
- 2022/08/04 JVN#42883072:
- Kaitai Struct: compiler vulnerable to denial-of-service (DoS)
- 2022/07/29 JVN#17625382:
- Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001
- 2022/07/28 JVN#57073973:
- "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path
- 2022/07/27 JVN#81563390:
- "Hulu / フールー" App for iOS vulnerable to improper server certificate verification
- 2022/07/27 JVN#40907489:
- "Hulu / フールー" App for Android uses a hard-coded API key for an external service
- 2022/07/25 JVN#77850327:
- WordPress Plugin "Newsletter" vulnerable to cross-site scripting
- 2022/07/25 JVN#30454777:
- Multiple vulnerabilities in untangle
- 2022/07/22 JVN#75063798:
- Booked vulnerable to open redirect
- 2022/07/20 JVN#20573662:
- Multiple vulnerabilities in Cybozu Office
- 2022/07/12 JVN#12610194:
- Django Extract and Trunc functions vulnerable to SQL injection
- 2022/07/08 JVN#23766146:
- Passage Drive vulnerable to insufficient data verification
- 2022/07/04 JVN#14077132:
- Multiple vulnerabilities in Cybozu Garoon
- 2022/07/04 JVN#32625020:
- LiteCart vulnerable to cross-site scripting
- 2022/06/29 JVN#41017328:
- HOME SPOT CUBE2 vulnerable to OS command injection
- 2022/06/24 JVN#51464799:
- L2Blocker Sensor setup screen vulnerable to authentication bypass
- 2022/06/23 JVN#02158640:
- web2py vulnerable to open redirect
- 2022/06/17 JVN#93667442:
- Gitlab vulnerable to server-side request forgery
- 2022/06/15 JVN#20930118:
- FreeBSD vulnerable to denial-of-service (DoS)
- 2022/06/14 JVN#94363766:
- Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting
- 2022/06/09 JVN#32962443:
- SHIRASAGI vulnerable to cross-site scripting
- 2022/06/01 JVN#28659051:
- T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal
- 2022/06/01 JVN#04155116:
- WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting
- 2022/05/27 JVN#27256219:
- RevoWorks incomplete filtering of MS Office v4 macros
- 2022/05/27 JVN#13878856:
- Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification
- 2022/05/24 JVN#15241647:
- WordPress plugin "WP Statistics" vulnerable to cross-site scripting
- 2022/05/20 JVN#15317878:
- Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
- 2022/05/19 JVN#46892984:
- Multiple vulnerabilities in Rakuten Casa
- 2022/05/16 JVN#73897863:
- Multiple vulnerabilities in Cybozu Garoon
- 2022/05/13 JVN#44550983:
- Strapi vulnerable to cross-site scripting
- 2022/05/13 JVN#46241173:
- EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery
- 2022/05/11 JVN#60037444:
- Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
- 2022/05/10 JVN#60801132:
- GENEREX RCCMD vulnerable to directory traversal
- 2022/05/09 JVN#96561229:[Critical]
- Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
- 2022/05/09 JVN#50337155:
- KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
- 2022/05/09 JVN#58266015:
- Multiple vulnerabilities in multiple MEIKYO ELECTRIC products
- 2022/04/22 JVN#54857505:
- Hammock AssetView missing authentication for critical functions
- 2022/04/15 JVN#31606885:
- WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery
- 2022/03/30 JVN#59576930:
- Zero-channel BBS Plus vulnerable to cross-site scripting
- 2022/03/30 JVN#42543427:
- WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
- 2022/03/30 JVN#10140834:
- AttacheCase may insecurely load Dynamic Link Libraries
- 2022/03/16 JVN#21234459:
- Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"
- 2022/03/15 JVN#87751554:
- Multiple vulnerabilities in pfSense
- 2022/03/10 JVN#72801744:
- UNIVERGE WA Series vulnerable to OS command injection
- 2022/03/04 JVN#33214411:
- i-FILTER vulnerable to improper check for certificate revocation
- 2022/03/03 JVN#85572374:
- pfSense-pkg-WireGuard vulnerable to directory traversal
- 2022/03/03 JVN#89524240:
- MarkText vulnerable to cross-site scripting
- 2022/03/03 JVN#87683137:
- Norton Security for Mac improperly processes ICMP packets
- 2022/02/22 JVN#67108459:
- EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery
- 2022/02/22 JVN#53871926:
- EC-CUBE improperly handles HTTP Host header values
- 2022/02/18 JVN#14706307:
- Multiple vulnerabilities in a-blog cms
- 2022/02/17 JVN#00095004:
- Multiple vulnerabilities in phpUploader
- 2022/02/09 JVN#12969207:
- HPE Agentless Management registers unquoted service paths
- 2022/02/08 JVN#17482543:
- Multiple vulnerabilities in multiple ELECOM LAN routers
- 2022/02/07 JVN#95898697:
- Multiple ESET products for macOS vulnerable to improper server certificate verification
- 2022/02/04 JVN#67396225:
- CSV+ vulnerable to cross-site scripting
- 2022/01/25 JVN#70100915:
- Multiple vulnerabilities in TransmitMail
- 2022/01/20 JVN#16690037:
- Multiple cross-site scripting vulnerabilities in php_mailform
- 2022/01/19 JVN#64806328:
- Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting
- 2022/01/13 JVN#19826500:
- PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption
- 2022/01/13 JVN#81479705:
- Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials
- 2022/01/12 JVN#49047921:
- Jimoty App for Android uses a hard-coded API key for an external service
- 2022/01/12 JVN#72788165:
- Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"
2021
- 2021/12/22 JVN#66422035:
- Android Apps developed using Yappli fails to restrict custom URL schemes properly
- 2021/12/20 JVN#79798166:
- Multiple vulnerabilities in GroupSession
- 2021/12/17 JVN#13464252:
- UNIVERGE DT Series vulnerable to missing encryption of sensitive data
- 2021/12/02 JVN#09136401:
- Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"
- 2021/11/30 JVN#88993473:
- Multiple vulnerabilities in multiple ELECOM LAN routers
- 2021/11/30 JVN#19482703:
- Wi-Fi STATION SH-52A vulnerable to cross-site scripting
- 2021/11/26 JVN#81376414:
- Multiple vulnerabilities in baserCMS
- 2021/11/25 JVN#93562098:
- WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery
- 2021/11/24 JVN#17645965:
- PowerCMS XMLRPC API vulnerable to OS command injection
- 2021/11/16 JVN#85492429:
- WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery
- 2021/11/16 JVN#22515597:
- rwtxt vulnerable to cross-site scripting
- 2021/11/12 JVN#58407606:
- Unlimited Sitemap Generator vulnerable to cross-site request forgery
- 2021/11/11 JVN#75444925:
- Multiple vulnerabilities in EC-CUBE 2 series
- 2021/11/10 JVN#68066589:
- WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting
- 2021/10/29 JVN#69304877:
- Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
- 2021/10/29 JVN#49465877:
- Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent
- 2021/10/29 JVN#60553023:
- ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)
- 2021/10/28 JVN#33453839:
- Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
- 2021/10/20 JVN#41119755:[Critical]
- Movable Type XMLRPC API vulnerable to OS command injection
- 2021/10/18 JVN#85073657:
- 128 Technology Session Smart Router vulnerable to authentication bypass
- 2021/10/08 JVN#51106450:
- Apache HTTP Server vulnerable to directory traversal
- 2021/10/08 JVN#89126639:
- Nike App fails to restrict custom URL schemes properly
- 2021/09/30 JVN#52694228:
- Multiple vulnerabilities in Cybozu Remote Service
- 2021/09/28 JVN#29428319:
- WordPress Plugin "OG Tags" vulnerable to cross-site request forgery
- 2021/09/28 JVN#63023305:
- InBody App vulnerable to information disclosure
- 2021/09/28 JVN#10168753:
- SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification
- 2021/09/17 JVN#42866574:
- Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
- 2021/09/16 JVN#23406150:
- EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
- 2021/09/13 JVN#46313661:
- EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting
- 2021/09/10 JVN#81658818:
- Multiple vulnerabilities in RevoWorks Browser
- 2021/08/27 JVN#14134801:
- baserCMS vulnerable to cross-site scripting
- 2021/08/25 JVN#97545738:
- Multiple cross-site scripting vulnerabilities in Movable Type
- 2021/08/24 JVN#80288258:
- The installers of multiple Sony products may insecurely load Dynamic Link Libraries
- 2021/08/17 JVN#41646618:
- Huawei EchoLife HG8045Q vulnerable to OS command injection
- 2021/08/12 JVN#50804280:
- Plone vulnerable to open redirect
- 2021/08/10 JVN#65388002:
- WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
- 2021/08/02 JVN#54794245:
- Multiple vulnerabilities in Cybozu Garoon
- 2021/07/21 JVN#53278122:
- Minecraft Java Edition vulnerable to directory traversal
- 2021/07/19 JVN#86026700:
- Multiple vulnerabilities in GroupSession
- 2021/07/14 JVN#34364599:
- Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery
- 2021/07/13 JVN#26891339:
- Multiple vulnerabilities in Retty App
- 2021/07/09 JVN#68971465:
- voidtools "Everything" vulnerable to HTTP header injection
- 2021/07/08 JVN#89054582:
- WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery
- 2021/07/08 JVN#48413554:
- WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery
- 2021/07/07 JVN#25850723:
- GU App for Android fails to restrict access permissions
- 2021/07/06 JVN#42880365:
- WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery
- 2021/07/06 JVN#91372527:
- WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery
- 2021/07/05 JVN#21636825:
- A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass
- 2021/07/01 JVN#57942445:
- EC-CUBE fails to restrict access permissions
- 2021/06/30 JVN#15185184:
- IkaIka RSS Reader vulnerable to cross-site scripting
- 2021/06/30 JVN#65660590:
- boastMachine vulnerable to cross-site scripting
- 2021/06/23 JVN#95292458:
- Multiple cross-site scripting vulnerabilities in EC-CUBE
- 2021/06/23 JVN#63066062:
- WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
- 2021/06/22 JVN#93799513:
- WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting
- 2021/06/22 JVN#29949691:
- Inkdrop vulnerable to OS command injection
- 2021/06/18 JVN#21298724:
- Hitachi Virtual File Platform vulnerable to OS command injection
- 2021/06/17 JVN#03776901:
- Hitachi Application Server Help vulnerable cross-site scripting
- 2021/06/15 JVN#57524494:
- Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE
- 2021/06/15 JVN#79254445:[Critical]
- Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting
- 2021/06/14 JVN#95457785:
- Multiple vulnerabilities in GROWI
- 2021/06/14 JVN#38034268:
- あすけん App for Android fails to restrict custom URL schemes properly
- 2021/06/11 JVN#70566757:
- WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
- 2021/06/03 JVN#64064138:
- ATOM - Smart life App vulnerable to improper server certificate verification
- 2021/06/02 JVN#91691168:
- goo blog App fails to restrict custom URL schemes properly
- 2021/05/26 JVN#98239374:
- Zettlr vulnerable to cross-site scripting
- 2021/05/21 JVN#53910556:
- Multiple cross-site scripting vulnerabilities in multiple PHP Factory products
- 2021/05/21 JVN#78254777:
- Installer of Overwolf may insecurely load Dynamic Link Libraries
- 2021/05/21 JVN#74686032:
- QND vulnerable to privilege escalation
- 2021/05/21 JVN#65733194:
- The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries
- 2021/05/14 JVN#49704918:
- mod_auth_openidc vulnerable to denial-of-service (DoS)
- 2021/05/14 JVN#71263107:
- Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points
- 2021/05/13 JVN#34232719:
- Multiple vulnerabilities in KonaWiki2
- 2021/05/13 JVN#13076220:
- RFNTPS vulnerable to OS command injection
- 2021/05/10 JVN#97554111:[Critical]
- EC-CUBE vulnerable to cross-site scripting
- 2021/04/27 JVN#35240327:
- WordPress plugin "WP Fastest Cache" vulnerable to directory traversal
- 2021/04/27 JVN#97434260:
- Hot Pepper Gourmet App fails to restrict access permissions
- 2021/04/22 JVN#55833077:[Unreachable]
- yappa-ng vulnerable to cross-site scripting
- 2021/04/14 JVN#54025691:
- Gurunavi Apps fail to restrict access permissions
- 2021/04/09 JVN#29739718:
- Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
- 2021/04/09 JVN#67456944:
- Multiple vulnerabilities in multiple Aterm products
- 2021/04/01 JVN#73236007:
- Archive collectively operation utility vulnerable to directory traversal
- 2021/03/26 JVN#64869876:
- Multiple vulnerabilities in baserCMS
- 2021/03/25 JVN#68244135:[Unreachable]
- rNote vulnerable to cross-site scripting
- 2021/03/25 JVN#94705238:[Unreachable]
- Yomi-Search vulnerable to cross-site scripting
- 2021/03/25 JVN#83042295:[Unreachable]
- Yomi-Search vulnerable to cross-site scripting
- 2021/03/25 JVN#37179202:[Unreachable]
- Yomi-Search vulnerable to cross-site scripting
- 2021/03/25 JVN#93207949:[Unreachable]
- Click Ranker vulnerable to cross-site scripting
- 2021/03/25 JVN#11438679:[Unreachable]
- Kagemai vulnerable to cross-site request forgery
- 2021/03/25 JVN#42220311:[Unreachable]
- Kagemai vulnerable to cross-site scripting
- 2021/03/25 JVN#12559271:[Unreachable]
- Kagemai vulnerable to cross-site scripting
- 2021/03/25 JVN#97370614:[Unreachable]
- MagazinegerZ vulnerable to cross-site scripting
- 2021/03/22 JVN#12737530:
- UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
- 2021/03/19 JVN#37607293:
- Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
- 2021/03/17 JVN#08191557:
- WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection
- 2021/03/15 JVN#45797538:
- Multiple vulnerabilities in Cybozu Office
- 2021/03/12 JVN#47497535:
- M-System DL8 contains multiple vulnerabilities
- 2021/03/11 JVN#18056666:
- Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
- 2021/03/10 JVN#86438134:
- Multiple cross-site scripting vulnerabilities in GROWI
- 2021/03/05 JVN#68418039:
- The installers of E START products may insecurely load Dynamic Link Libraries
- 2021/02/24 JVN#66542874:
- Multiple cross-site scripting vulnerabilities in Movable Type
- 2021/02/19 JVN#37417423:
- Multiple vulnerabilities in SolarView Compact
- 2021/02/16 JVN#58774946:[Critical]
- FileZen vulnerable to OS command injection
- 2021/02/15 JVN#87164507:
- Calsos CSDJ fails to restrict access permissions
- 2021/02/10 JVN#80785288:
- Wekan vulnerable to cross-site scripting
- 2021/02/05 JVN#50470170:
- WordPress Plugin "Name Directory" vulnerable to cross-site request forgery
- 2021/02/04 JVN#42252698:
- Panasonic Video Insight VMS vulnerable to arbitrary code execution
- 2021/01/27 JVN#41853173:
- OS command injection vulnerability in multiple Infoscience Corporation log management tools
- 2021/01/26 JVN#96783542:
- Multiple vulnerabilities in multiple LOGITEC products
- 2021/01/26 JVN#98115035:
- Android App "ELECOM File Manager" vulnerable to directory traversal
- 2021/01/26 JVN#47580234:
- Multiple vulnerabilities in multiple ELECOM products
- 2021/01/22 JVN#38248512:
- Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2
- 2021/01/19 JVN#57544707:
- GROWI vulnerable to cross-site scripting
- 2021/01/14 JVN#35906450:
- Multiple vulnerabilities in acmailer
- 2021/01/12 JVN#69635538:
- The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries
- 2021/01/04 JVN#38752718:
- Multiple NEC Products vulnerable to authentication bypass
- 2021/01/04 JVN#38784555:
- Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series
2020
- 2020/12/18 JVN#10100024:
- Management software for NEC Storage disk array system vulnerable to improper server certificate verification
- 2020/12/18 JVN#94244575:
- Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
- 2020/12/15 JVN#94169589:
- Multiple vulnerabilities in GROWI
- 2020/12/11 JVN#55917325:
- Multiple vulnerabilities in Aterm SA3500G
- 2020/12/11 JVN#43969166:
- Apache Struts 2 vulnerable to remote code execution (S2-061)
- 2020/12/10 JVN#12884935:
- FileZen vulnerable to directory traversal
- 2020/12/07 JVN#59779918:
- Apache Cordova Plugin camera vulnerable to information exposure
- 2020/12/03 JVN#24457594:
- Multiple vulnerabilities in EC-CUBE
- 2020/12/03 JVN#42199826:
- desknet's NEO vulnerable to cross-site scripting
- 2020/11/25 JVN#56450373:
- Multiple vulnerabilities in GROWI
- 2020/11/24 JVN#27806339:
- NETGEAR GS108Ev3 vulnerable to cross-site request forgery
- 2020/11/20 JVN#26835001:
- The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
- 2020/11/19 JVN#90729322:
- Hibernate ORM vulnerable to SQL injection
- 2020/11/18 JVN#94245475:
- Movable Type Premium vulnerable to cross-site scripting
- 2020/11/12 JVN#44764844:
- MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption
- 2020/11/05 JVN#00414047:
- Studyplus App uses a hard-coded API key for an external service
- 2020/11/04 JVN#57942454:
- Cybozu Garoon vulnerable to improper input validation
- 2020/10/21 JVN#31425618:
- Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"
- 2020/10/14 JVN#92404841:
- WordPress Plugin "Live Chat – Live support" vulnerable to cross-site request forgery
- 2020/10/05 JVN#82892096:
- OS command injection vulnerability in multiple ELECOM LAN routers
- 2020/09/30 JVN#07426151:
- InfoCage SiteShell installs their files with improper access permissions
- 2020/09/23 JVN#60093979:
- Multiple vulnerabilities in Active Update function implemented in multiple Trend Micro products
- 2020/09/17 JVN#31864411:
- Multiple access restriction bypass vulnerabilities in UNIQLO App
- 2020/09/11 JVN#09166495:
- Multiple vulnerabilities in Buffalo AirStation WHR-G54S
- 2020/09/07 JVN#32396594:
- Yodobashi App for Android fails to restrict access permissions
- 2020/08/31 JVN#06446084:
- CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)
- 2020/08/31 JVN#42665874:
- "Shadankun Server Security Type" vulnerable to denial-of-service (DoS)
- 2020/08/28 JVN#29903998:
- Multiple NETGEAR switching hubs vulnerable to cross-site request forgery
- 2020/08/27 JVN#40725650:
- Multiple vulnerabilities in XOOPS module "XooNIps"
- 2020/08/26 JVN#77402327:
- NITORI App fails to restrict access permissions
- 2020/08/25 JVN#50890770:
- Apache Struts 2 vulnerable to denial-of-service (DoS)
- 2020/08/21 JVN#88315581:
- Multiple cross-site scripting vulnerabilities in Exment
- 2020/08/11 JVN#46258789:
- Multiple vulnerabilities in CyberMail
- 2020/08/03 JVN#25422698:[Critical]
- SKYSEA Client View vulnerable to privilege escalation
- 2020/07/31 JVN#73169744:
- Multiple vulnerabilities in multiple PHP Factory products
- 2020/07/31 JVN#84959128:
- FANUC i Series CNC vulnerable to denial-of-service (DoS)
- 2020/07/29 JVN#40400577:
- TOYOTA MOTOR's Global TechStream vulnerable to buffer overflow
- 2020/07/28 JVN#48194211:
- Multiple vulnerabilities in KonaWiki2 and KonaWiki3
- 2020/07/28 JVN#62161191:
- JavaFX WebEngine does not properly restrict Java method execution
- 2020/07/22 JVN#05502028:
- WordPress Plugin "Social Sharing Plugin" vulnerable to cross-site request forgery
- 2020/07/09 JVN#55657988:
- SHIRASAGI vulnerable to open redirect
- 2020/07/08 JVN#93167107:
- Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object
- 2020/06/29 JVN#55497111:
- Multiple vulnerabilities in Cybozu Garoon
- 2020/06/24 JVN#40039627:
- Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution
- 2020/06/18 JVN#77458946:
- EC-CUBE vulnerable to directory traversal
- 2020/06/11 JVN#32252648:
- Multiple vulnerabilities in Zenphoto
- 2020/06/09 JVN#67447798:
- Multiple SONY Wireless Headphones allow improper Bluetooth pairing
- 2020/06/05 JVN#40208370:
- XACK DNS vulnerable to denial-of-service (DoS)
- 2020/05/29 JVN#78745667:
- Multiples security updates for multiple Cybozu products
- 2020/05/25 JVN#59552136:
- Cybozu Desktop for Windows vulenerable to arbitrary code execution
- 2020/05/19 JVN#20248858:
- WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection
- 2020/05/19 JVN#96646182:
- Panasonic Video Insight VMS vulnerable to arbitrary code execution
- 2020/05/13 JVN#41035278:
- BookStack vulnerable to cross-site scripting
- 2020/05/13 JVN#28806943:
- Multiple vulnerabilities in Movable Type
- 2020/05/11 JVN#61849442:
- PALLET CONTROL vulnerable to arbitrary code execution
- 2020/04/28 JVN#47668991:
- Sales Force Assistant vulnerable to cross-site scripting
- 2020/04/27 JVN#35649781:
- Multiple vulnerabilities in Cybozu Garoon
- 2020/04/23 JVN#93064451:
- Multiple SHARP Android devices vulnerable to information disclosure
- 2020/04/20 JVN#13467854:
- Toshiba Electronic Devices & Storage software registers unquoted service paths
- 2020/04/08 JVN#89224521:
- Multiple vulnerabilities in EasyBlocks IPv6
- 2020/04/07 JVN#56890693:
- Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads
- 2020/03/31 JVN#38732359:
- Multiple Yamaha network devices vulnerable to denial-of-service (DoS)
- 2020/03/24 JVN#88277644:[Unreachable]
- Keijiban Tsumiki vulenrable to OS command injection
- 2020/03/24 JVN#27951364:[Unreachable]
- WL-Enq (WEB Enquete) vulnerable to OS command injection
- 2020/03/24 JVN#88033799:[Unreachable]
- WL-Enq (WEB Enquete) vulnerable to cross-site scripting
- 2020/03/24 JVN#58176087:[Unreachable]
- Cute News vulnerable to PHP code execution
- 2020/03/24 JVN#29095127:[Unreachable]
- CuteNews vulnerable to cross-site scripting
- 2020/03/24 JVN#63834780:[Unreachable]
- Shihonkanri Plus GOOUT vulnerable to OS command injection
- 2020/03/24 JVN#32415420:[Unreachable]
- Multiple vulnerabiliteis in Shihonkanri Plus GOOUT
- 2020/03/24 JVN#77634892:[Unreachable]
- mailform vulnerable to PHP code execution
- 2020/03/24 JVN#85942151:[Unreachable]
- mailform vulnerable to cross-site scripting
- 2020/03/03 JVN#19666251:
- Multiple vulnerabilities in OpenBlocks IoT VX2
- 2020/03/02 JVN#73472345:
- GRANDIT vulnerable to session management
- 2020/02/25 JVN#15697526:
- Privilege escalation vulnerability in multiple RICOH printer drivers
- 2020/02/25 JVN#52962201:
- Multiple vulnerabilities in RICOH printers
- 2020/02/19 JVN#25766797:
- Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS
- 2020/02/19 JVN#49410695:
- Multiple vulnerabilities in Aterm WG2600HS
- 2020/02/18 JVN#89259622:
- WordPress Plugin "Easy Property Listings" vulnerable to cross-site request forgery
- 2020/02/14 JVN#35496038:
- ilbo App vulnerable to authentication bypass
- 2020/02/14 JVN#02921757:
- Multiple Trend Micro products vulnerable to denial-of-service (DoS)
- 2020/02/10 JVN#34535327:
- HtmlUnit vulenerable to arbitrary code execution
- 2020/02/06 JVN#94435544:
- Movable Type vulnerable to cross-site scripting
- 2020/02/05 JVN#52486659:
- Ghostscript access restriction bypass vulnerability
- 2020/01/31 JVN#00014057:
- AWMS Mobile App vulnerable to improper server certificate verification
- 2020/01/28 JVN#28845872:
- Android App "MyPallete" vulnerable to improper server certificate verification
- 2020/01/21 JVN#66435380:
- Multiple Fuji Xerox mobile applications fails to verify SSL server certificates
- 2020/01/17 JVN#37183636:
- Trend Micro Password Manager vulnerable to information disclosure
- 2020/01/17 JVN#49593434:
- Trend Micro Password Manager vulnerable to information disclosure
- 2020/01/10 JVN#07375820:
- Junos OS vulnerable to directory traversal
- 2020/01/10 JVN#21753370:
- Junos OS vulnerable to cross-site scripting
- 2020/01/08 JVN#97325754:
- F-RevoCRM vulnerable to cross-site scripting
2019
- 2019/12/20 JVN#10377257:
- Multiple vulnerabilities in a-blog cms
- 2019/12/19 JVN#01236065:
- Android App "NTV News24" fails to verify SSL server certificates
- 2019/12/17 JVN#79854355:
- Multiple vulnerabilities in Cybozu Office
- 2019/12/12 JVN#26847507:
- Multiple vulnerabilities in "Custom Body Class"
- 2019/12/12 JVN#57070811:
- Athenz vulnerable to open redirect
- 2019/12/10 JVN#63047298:
- Kinza vulnerable to cross-site scripting
- 2019/12/02 JVN#49068796:
- Multiple MOTEX products vulnerable to privilege escalation
- 2019/11/26 JVN#19386781:
- STAMP Workbench installer may insecurely load Dynamic Link Libraries
- 2019/11/26 JVN#26838191:
- WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery
- 2019/11/13 JVN#65280626:
- Movable Type vulnerable to open redirect
- 2019/11/07 JVN#41566067:
- Rakuma App vulnerable to authentication information disclosure
- 2019/10/28 JVN#45633549:
- Library Information Management System LIMEDIO vulnerable to open redirect
- 2019/10/23 JVN#34634458:
- PowerCMS vulnerable to open redirect
- 2019/10/15 JVN#74530672:
- NetCommons3 vulnerable to cross-site scripting
- 2019/10/11 JVN#14776551:
- Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"
- 2019/10/07 JVN#59436681:
- Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"
- 2019/10/07 JVN#95875796:
- Multiple OS command injection vulnerabilities in DBA-1510P
- 2019/09/19 JVN#97845465:
- Multiple integer overflow vulnerabilities in LINE(Android)
- 2019/09/13 JVN#11708203:
- Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)
- 2019/09/12 JVN#39383894:
- apng-drawable vulnerable to integer overflow
- 2019/09/10 JVN#74699196:
- SHIRASAGI vulnerable to open redirect
- 2019/09/02 JVN#93833849:
- Panasonic Video Insight VMS vulnerable to SQL injection
- 2019/08/26 JVN#71877187:
- Cybozu Garoon vulnerable to SQL injection
- 2019/08/23 JVN#17127920:
- Smart TV Box fails to restrict access permissions
- 2019/08/15 JVN#07679150:
- ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability
- 2019/08/07 JVN#29343839:
- EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" vulnerable to cross-site scripting
- 2019/07/31 JVN#94889214:
- Central Dogma vulnerable to cross-site scripting
- 2019/07/18 JVN#92510087:
- WordPress Plugin "Category Specific RSS feed Subscription" vulnerable to cross-site request forgery
- 2019/07/16 JVN#48981892:
- WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" vulnerable to cross-site request forgery
- 2019/07/16 JVN#62618482:
- Multiple vulnerabilities in Cybozu Garoon
- 2019/07/10 JVN#75617741:
- Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)
- 2019/07/05 JVN#37230341:
- Multiple vulnerabilities in Access analysis CGI An-Analyzer
- 2019/07/01 JVN#28218613:
- The management console of iDoors Reader vulnerable to authentication bypass
- 2019/06/27 JVN#43172719:
- Multiple vulnerabilities in Hikari Denwa router/Home GateWay
- 2019/06/24 JVN#29933378:
- WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery
- 2019/06/24 JVN#49575131:
- WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery
- 2019/06/21 JVN#13555032:
- Multiple vulnerabilities in VAIO Update
- 2019/06/19 JVN#88804335:
- WordPress Plugin "Personalized WooCommerce Cart Page” vulnerable to cross-site request forgery
- 2019/06/17 JVN#31406910:
- WordPress Plugin "Related YouTube Videos" vulnerable to cross-site request forgery
- 2019/06/13 JVN#89046645:
- A map plugin for Minecraft server "Dynmap" fails to restrict access permissions
- 2019/06/12 JVN#80925867:
- WordPress Plugin "Contest Gallery” vulnerable to cross-site request forgery
- 2019/06/10 JVN#96988995:
- Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"
- 2019/06/10 JVN#95685939:
- Multiple vulnerabilities in WordPress Plugin "Attendance Manager"
- 2019/06/07 JVN#84876282:
- Multiple vulnerabilities in GROWI
- 2019/06/07 JVN#29188908:
- Joruri CMS 2017 vulnerable to cross-site scripting
- 2019/06/07 JVN#58052567:
- Multiple vulnerabilities in Joruri Mail
- 2019/05/31 JVN#88962935:
- Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"
- 2019/05/24 JVN#57806517:
- Android App "Tootdon for Mastodon" fails to verify SSL server certificates
- 2019/05/23 JVN#33652328:
- WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery
- 2019/05/22 JVN#71498764:
- Apache Camel vulnerable to XML external entity injection (XXE)
- 2019/05/10 JVN#69903953:
- Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries
- 2019/05/10 JVN#91361851:
- Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries
- 2019/05/10 JVN#87655507:
- CREATE SD official App for Android fails to restrict access permissions
- 2019/04/25 JVN#58849431:
- Multiple vulnerabilities in Cybozu Garoon
- 2019/04/03 JVN#25261088:
- GNU Wget vulnerable to buffer overflow
- 2019/04/01 JVN#01119243:
- API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions
- 2019/03/27 JVN#63981842:
- PowerAct Pro Master Agent for Windows fails to restrict acess permissions
- 2019/03/19 JVN#60497148:
- "an" App for iOS vulnerable to directory traversal
- 2019/03/15 JVN#06527859:
- KinagaCMS vulnerable to cross-site scripting
- 2019/03/12 JVN#11622218:
- iChain Insurance Wallet App for iOS vulnerable to directory traversal
- 2019/03/05 JVN#40288903:
- Dradis Community Edition and Dradis Professional Edition vulnerable to cross-site scripting
- 2019/02/28 JVN#79543573:
- The installer of Microsoft Teams may insecurely load Dynamic Link Libraries
- 2019/02/28 JVN#97656108:
- WordPress plugin "Smart Forms" vulnerable to cross-site request forgery
- 2019/02/28 JVN#69181574:
- Windows 7 may insecurely load Dynamic Link Libraries
- 2019/02/27 JVN#56542712:
- Multiple vulnerabilities in Nablarch
- 2019/02/26 JVN#83501605:
- WordPress plugin "FormCraft" vulnerable to cross-site request forgery
- 2019/02/20 JVN#05875753:
- azure-umqtt-c vulnerable to denial-of-service (DoS)
- 2019/02/18 JVN#50810870:
- Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries
- 2019/02/12 JVN#40439414:
- A vulnerability in V20 PRO L-01J that may cause a crash
- 2019/02/06 JVN#43193964:
- OpenAM (Open Source Edition) vulnerable to open redirect
- 2019/02/05 JVN#63860183:
- POWER EGG vulnerability where EL expression may be executed
- 2019/01/31 JVN#83826673:
- The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting may insecurely load Dynamic Link Libraries
- 2019/01/31 JVN#52168232:
- UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries
- 2019/01/24 JVN#98505783:
- HOUSE GATE App for iOS vulnerable to directory traversal
- 2019/01/10 JVN#58010349:
- WordPress plugin "spam-byebye" vulnerable to cross-site scripting
2018
- 2018/12/26 JVN#96493183:
- GROWI vulnerable to cross-site scripting
- 2018/12/25 JVN#33677949:
- Installer of Mapping Tool may insecurely load Dynamic Link Libraries
- 2018/12/25 JVN#27052429:
- WordPress plugin "Google XML Sitemaps" vulnerable to cross-site scripting
- 2018/12/21 JVN#13199224:
- PgpoolAdmin fails to restrict access permissions
- 2018/12/21 JVN#69812763:
- cordova-plugin-ionic-webview vulnerable to path traversal
- 2018/12/19 JVN#99810718:
- Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway
- 2018/12/14 JVN#87535892:
- Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR
- 2018/12/10 JVN#25385698:
- Cybozu Garoon access restriction bypass vulnerability
- 2018/12/10 JVN#23161885:
- Multiple vulnerabilities in Cybozu Remote Service
- 2018/12/07 JVN#32155106:
- Multiple vulnerabilities in i-FILTER
- 2018/12/06 JVN#89767228:
- Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners
- 2018/11/29 JVN#36895151:
- Panasonic applications register unquoted service paths
- 2018/11/28 JVN#25359688:
- EC-CUBE vulnerable to open redirect
- 2018/11/28 JVN#78422300:
- The installer of MARKET SPEED may insecurely load Dynamic Link Libraries
- 2018/11/27 JVN#55263945:
- Multiple vulnerabilities in RICOH Interactive Whiteboard
- 2018/11/20 JVN#65082538:
- Multiple vulnerabilities in Panasonic BN-SDWBP3
- 2018/11/14 JVN#16697622:
- Cybozu Dezie vulnerable to directory traversal
- 2018/11/14 JVN#15232217:
- Multiple directory traversal vulnerabilities in Cybozu Office
- 2018/11/14 JVN#83739174:
- Cybozu Mailwise vulnerable to directory traversal
- 2018/11/09 JVN#85760090:
- Multiple vulnerabilities in WordPress plugin "LearnPress"
- 2018/11/09 JVN#15709478:
- The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries
- 2018/11/02 JVN#75738023:
- WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting
- 2018/11/02 JVN#96551318:
- Mail app for iOS vulnerable to denial-of-service (DoS)
- 2018/10/29 JVN#37943805:
- Confluence Server vulnerable to script injection
- 2018/10/26 JVN#59394343:
- Multiple vulnerabilities in OpenDolphin
- 2018/10/24 JVN#21528670:
- SecureCore Standard Edition vulnerable to authentication bypass
- 2018/10/24 JVN#60702986:
- BlueStacks App Player fails to restrict access permissions
- 2018/10/19 JVN#58005743:
- Web Isolation vulnerable to cross-site scripting
- 2018/10/19 JVN#36343375:
- Multiple vulnerabilities in YukiWiki
- 2018/10/15 JVN#95355683:[Critical]
- Multiple vulnerabilities in FileZen
- 2018/10/12 JVN#49995005:
- OpenAM (Open Source Edition) vulnerable to session management
- 2018/10/11 JVN#14323043:
- Metabase vulnerable to cross-site scripting
- 2018/10/09 JVN#73794686:
- User-friendly SVN vulnerable to cross-site scripting
- 2018/10/09 JVN#36623716:
- Music Center for PC improperly verifies software update files
- 2018/10/04 JVN#00344155:
- Multiple vulnerabilities in Denbun
- 2018/10/03 JVN#77885134:
- The installer of Baidu Browser may insecurely load Dynamic Link Libraries
- 2018/09/27 JVN#37288228:
- +Message App fails to verify SSL server certificates
- 2018/09/13 JVN#68528150:
- Multiple FXC network devices vulnerable to cross-site scripting
- 2018/09/10 JVN#12583112:
- Cybozu Garoon vulnerable to directory traversal
- 2018/09/07 JVN#59624986:
- Multiple vulnerabilities in INplc
- 2018/08/31 JVN#02037158:
- AttacheCase vulnerable to arbitrary script execution
- 2018/08/31 JVN#63556416:
- QNAP Photo Station vulnerable to cross-site scripting
- 2018/08/30 JVN#89550319:
- Movable Type vulnerable to cross-site scripting
- 2018/08/29 JVN#69967692:
- Multiple script injection vulnerabilities in multiple Yamaha network devices
- 2018/08/21 JVN#75700242:
- The installer of Digital Paper App may insecurely load Dynamic Link Libraries
- 2018/08/17 JVN#14451678:
- NoMachine App for Android vulnerable to environment variables alteration
- 2018/08/09 JVN#06372244:
- Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE
- 2018/08/07 JVN#83701666:
- Multiple vulnerabilities in multiple I-O DATA network camera products
- 2018/08/06 JVN#62121133:
- Multiple directory traversal vulnerabilities in AttacheCase
- 2018/08/03 JVN#18716340:
- Multiple cross-site scripting vulnerabilities in GROWI
- 2018/07/26 JVN#16933564:
- LINE MUSIC for Android fails to verify SSL server certificates
- 2018/07/24 JVN#41452671:
- The installers of multiple Canon IT Solutions Inc. software programs may insecurely load Dynamic Link Libraries
- 2018/07/23 JVN#39171169:
- Installer of ChatWork Desktop App for Windows may insecurely load Dynamic Link Libraries
- 2018/07/20 JVN#06813756:
- DLL planting vulnerability in multiple Yayoi 17 Series products
- 2018/07/20 JVN#71329812:
- WL-330NUL vulnerable to cross-site request forgery
- 2018/07/18 JVN#37376131:
- Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)
- 2018/07/18 JVN#62423700:
- Movable Type plugin MTAppjQuery vulnerable to PHP code execution
- 2018/07/17 JVN#70246549:
- WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting
- 2018/07/13 JVN#55813866:
- Explzh vulnerable to directory traversal
- 2018/07/12 JVN#84825660:
- Multiple vulnerabilities in Aterm HC100RC
- 2018/07/12 JVN#26629618:
- Multiple vulnerabilities in Aterm W300P
- 2018/07/12 JVN#00401783:
- Multiple OS command injection vulnerabilities in Aterm WG1200HP
- 2018/07/06 JVN#52574492:
- The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries
- 2018/07/06 JVN#77409513:
- DHC Online Shop App for Android fails to verify SSL server certificates
- 2018/07/03 JVN#84967039:
- Installer of Glary Utilities may insecurely load Dynamic Link Libraries
- 2018/07/02 JVN#13415512:
- Cybozu Garoon vulnerable to SQL injection
- 2018/07/02 JVN#63895206:
- Multiple vulnerabilities in Calsos CSDX and CSDJ series products
- 2018/06/28 JVN#00846677:
- Mailman vulnerable to cross-site scripting
- 2018/06/27 JVN#58362455:
- MemoCGI vulnerable to directory traversal
- 2018/06/15 JVN#71535108:
- ANA App for iOS fails to verify SSL server certificates
- 2018/06/15 JVN#98975951:
- Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting
- 2018/06/13 JVN#33124193:
- Local File Inclusion vulnerability in Zenphoto
- 2018/06/12 JVN#92265618:
- LINE for Windows may insecurely load Dynamic Link Libraries
- 2018/06/04 JVN#93226941:
- H2O vulnerable to buffer overflow
- 2018/05/31 JVN#27978559:
- Multiple vulnerabilities in Pixelpost
- 2018/05/29 JVN#20040004:
- The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file
- 2018/05/28 JVN#60978548:
- WordPress plugin "Site Reviews" vulnerable to cross-site scripting
- 2018/05/28 JVN#16471686:
- WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting
- 2018/05/24 JVN#13940333:
- The installer of PlayMemories Home for Windows may insecurely load Dynamic Link Libraries
- 2018/05/24 JVN#79301396:
- Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries
- 2018/05/22 JVN#67881316:
- Multiple vulnerabilities in baserCMS
- 2018/05/22 JVN#52319657:
- Multiple cross-site scripting vulnerabilities in Cybozu Mailwise
- 2018/05/22 JVN#51737843:
- Multiple vulnerabilities in Cybozu Office
- 2018/05/21 JVN#96954395:
- Nessus vulnerable to cross-site scripting
- 2018/05/17 JVN#81196185:
- The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries
- 2018/05/17 JVN#72748502:
- Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries
- 2018/05/17 JVN#91151862:
- Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries
- 2018/05/11 JVN#83671755:
- KINEPASS App fails to verify SSL server certificates
- 2018/05/11 JVN#27137002:
- IIJ SmartKey App for Android vulnerable to authentication bypass
- 2018/05/10 JVN#28804532:
- Multiple vulnerabilities in WordPress plugin "Ultimate Member"
- 2018/05/09 JVN#34562916:
- RT-AC1200HP vulnerable to cross-site scripting
- 2018/05/09 JVN#73742314:
- RT-AC68U vulnerable to cross-site scripting
- 2018/05/09 JVN#33901663:
- RT-AC87U vulnerable to cross-site scripting
- 2018/04/27 JVN#08386386:
- WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting
- 2018/04/27 JVN#61081552:
- WordPress plugin "PixelYourSite" vulnerable to cross-site scripting
- 2018/04/27 JVN#01040170:
- WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting
- 2018/04/27 JVN#85531148:
- WordPress plugin "Events Manager" vulnerable to cross-site scripting
- 2018/04/27 JVN#68345747:
- The installers of multiple CELSYS,Inc. software may insecurely load Dynamic Link Libraries
- 2018/04/26 JVN#95589314:
- Joruri Gw vulnerable to arbitrary file upload
- 2018/04/17 JVN#52695336:
- EC-CUBE vulnerable to session fixation
- 2018/04/13 JVN#85056623:
- Installer of SoundEngine Free may insecurely load Dynamic Link Libraries
- 2018/04/12 JVN#92220486:
- The installer of PhishWall Client Internet Explorer edition may insecurely load Dynamic Link Libraries
- 2018/04/12 JVN#71255137:
- Tenable Appliance vulnerable to cross-site scripting
- 2018/04/10 JVN#77753476:
- Hatena Bookmark App for iOS contains an address bar spoofing vulnerability
- 2018/04/09 JVN#65268217:
- Multiple vulnerabilities in Cybozu Garoon
- 2018/03/30 JVN#01161596:
- Safari vulnerable to script injection
- 2018/03/29 JVN#72589538:
- LXR vulnerable to OS command injection
- 2018/03/29 JVN#93397125:
- Multiple vulnerabilities in WZR-1750DHP2
- 2018/03/27 JVN#43382653:
- iRemoconWiFi App for Android fails to verify SSL server certificates
- 2018/03/15 JVN#39896275:
- The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries
- 2018/03/13 JVN#87226910:[Unreachable]
- WebProxy vulnerable to directory traversal
- 2018/03/13 JVN#22536871:[Unreachable]
- QQQ SYSTEMS vulnerable to arbitrary command injection
- 2018/03/13 JVN#92259864:[Unreachable]
- TinyFTP Daemon vulnerable to buffer overflow
- 2018/03/13 JVN#56764650:[Unreachable]
- ViX may insecurely load Dynamic Link Libraries
- 2018/03/13 JVN#48774168:[Unreachable]
- PHP 2chBBS vulnerable to cross-site scripting
- 2018/03/13 JVN#46471407:[Unreachable]
- QQQ SYSTEMS vulnerable to cross-site scripting
- 2018/03/13 JVN#96655441:[Unreachable]
- QQQ SYSTEMS vulnerable to cross-site scripting
- 2018/03/13 JVN#64990648:[Unreachable]
- QQQ SYSTEMS vulnerable to cross-site scripting
- 2018/03/13 JVN#30864198:[Unreachable]
- ArsenoL vulnerable to cross-site scripting
- 2018/03/09 JVN#15201064:
- Multiple vulnerabilities in CG-WGR1200
- 2018/03/08 JVN#60032768:
- WordPress plugin "WP All Import" vulnerable to cross-site scripting
- 2018/03/08 JVN#33527174:
- WordPress plugin "WP All Import" vulnerable to cross-site scripting
- 2018/03/05 JVN#01837169:
- Installer of WinShot may insecurely load Dynamic Link Libraries
- 2018/03/05 JVN#71816327:
- Installer of JTrim may insecurely load Dynamic Link Libraries
- 2018/03/02 JVN#56132776:
- Multiple vulnerabilities in Jubatus
- 2018/02/26 JVN#97144273:
- Multiple vulnerabilities in WXR-1900DHP2
- 2018/02/20 JVN#75453852:
- LINE for iOS fails to verify SSL server certificates
- 2018/02/20 JVN#83834277:
- Multiple vulnerabilities in FS010W
- 2018/02/15 JVN#28865183:
- Insecure DLL Loading issue in multiple Trend Micro products
- 2018/02/13 JVN#87403477:
- Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries
- 2018/02/13 JVN#04564808:
- Installer of ”FLET'S Azukeru Backup Tool” may insecurely load Dynamic Link Libraries
- 2018/02/08 JVN#15462187:
- MP Form Mail CGI eCommerce Edition vulnerable to OS command injection
- 2018/02/06 JVN#70615027:
- The installer of Anshin net security for Windows may insecurely load Dynamic Link Libraries
- 2018/02/06 JVN#36048131:
- Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
- 2018/02/02 JVN#99312352:
- WordPress plugin "MTS Simple Booking C" vulnerable to cross-site scripting
- 2018/02/02 JVN#15643848:
- Spring Security and Spring Framework vulnerable to authentication bypass
- 2018/02/01 JVN#91393903:
- Multiple vulnerabilities in epg search result viewer(kkcald)
- 2018/01/30 JVN#30636823:
- WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting
- 2018/01/22 JVN#26255241:
- The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries
- 2018/01/19 JVN#10103841:
- Nootka App for Android vulnerable to OS command injection
- 2018/01/19 JVN#26200083:
- GroupSession vulnerable to open redirect
- 2018/01/11 JVN#57842148:
- Lhaplus vulnerable to improper verification when expanding ZIP64 archives
2017
- 2017/12/25 JVN#45494523:
- MQTT.js issue in handling PUBLISH packets
- 2017/12/22 JVN#60695371:
- The installer of Music Center for PC may insecurely load Dynamic Link Libraries
- 2017/12/22 JVN#95423049:
- The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries
- 2017/12/19 JVN#93333702:
- OneThird CMS vulnerable to directory traversal
- 2017/12/18 JVN#84182676:
- Multiple vulnerabilities in H2O
- 2017/12/11 JVN#27342829:
- Qt for Android environment variables alteration
- 2017/12/11 JVN#67389262:
- Qt for Android vulnerable to OS command injection
- 2017/12/06 JVN#30352845:
- The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
- 2017/12/01 JVN#65994435:
- Multiple vulnerabilities in multiple Buffalo broadband routers
- 2017/11/30 JVN#78501037:
- Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection
- 2017/11/30 JVN#98295787:
- Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1
- 2017/11/29 JVN#71291160:
- StreamRelay.net.exe and sDNSProxy.exe vulnerable to denial-of-service (DoS)
- 2017/11/22 JVN#73141967:
- PWR-Q200 vulnerable to DNS cache poisoning attacks
- 2017/11/21 JVN#08517069:
- The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
- 2017/11/16 JVN#76382932:
- Robotic appliance COCOROBO vulnerable to session management
- 2017/11/14 JVN#05398317:
- WordPress plugin "TablePress" vulnerable to improper restriction of XML external entity (XXE) references
- 2017/11/14 JVN#18420340:
- Multiple vulnerabilities in BOOK WALKER for Windows/Mac
- 2017/11/13 JVN#29602086:
- CS-Cart Japanese Edition vulnerable to cross-site scripting
- 2017/11/09 JVN#71284826:
- Installer of HYPER SBI may insecurely load Dynamic Link Libraries
- 2017/11/06 JVN#23367475:
- Wi-Fi STATION L-02F vulnerable to buffer overflow
- 2017/11/06 JVN#87886530:
- I-O DATA LAN DISK Connect vulnerable to denial-of-service (DoS)
- 2017/11/02 JVN#97243511:
- Installer of ”Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries
- 2017/11/01 JVN#79546124:
- OpenAM (Open Source Edition) vulnerable to authentication bypass
- 2017/10/17 JVN#54795166:
- Home unit KX-HJB1000 contains multiple vulnerabilities
- 2017/10/11 JVN#94056834:
- Installer of HIBUN Confidential File Viewer may insecurely load Dynamic Link Libraries and invoke executable files
- 2017/10/11 JVN#55516206:
- HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
- 2017/10/11 JVN#58909026:
- HIBUN Confidential File Decryption program may insecurely load Dynamic Link Libraries
- 2017/10/11 JVN#14658424:
- Cybozu Office fails to restrict access permissions
- 2017/09/14 JVN#75929834:
- Install program and Installer of i-フィルター 6.0 may insecurely load Dynamic Link Libraries and invoke executable files
- 2017/09/12 JVN#03044183:
- Wi-Fi STATION L-02F fails to restrict access permissions
- 2017/09/12 JVN#68922465:
- Backdoor access issue in Wi-Fi STATION L-02F
- 2017/09/11 JVN#76692689:
- SEIL Series routers vulnerable to denial-of-service (DoS)
- 2017/09/11 JVN#57205588:
- Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files
- 2017/09/08 JVN#00719891:
- Multiple vulnerabilities in CG-WLR300NM
- 2017/08/31 JVN#09769017:
- Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries
- 2017/08/30 JVN#26115441:
- Installer of ”Remote Support Tool (Enkaku Support Tool)” may insecurely load Dynamic Link Libraries
- 2017/08/25 JVN#22272314:
- Installer of "Flets Setsuzoku Tool" may insecurely load Dynamic Link Libraries
- 2017/08/25 JVN#36303528:
- Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries
- 2017/08/25 JVN#14926025:
- Installer of ”Flets Install Tool” may insecurely load Dynamic Link Libraries
- 2017/08/25 JVN#14658714:
- Installer of "Flets Azukeru for Windows Auto Backup Tool" may insecurely load Dynamic Link Libraries
- 2017/08/25 JVN#11601216:
- Installer of "Security Kinou Mihariban" may insecurely load Dynamic Link Libraries
- 2017/08/25 JVN#87540575:
- Installer of Optimal Guard may insecurely load Dynamic Link Libraries
- 2017/08/25 JVN#78151490:
- Multiple vulnerabilities in baserCMS
- 2017/08/24 JVN#58559719:
- WordPress plugin "BackupGuard" vulnerable to cross-site scripting
- 2017/08/24 JVN#39628662:
- Multiple vulnerabilities in SEO Panel
- 2017/08/24 JVN#23340457:
- Multiple vulnerabilities in WebCalendar
- 2017/08/23 JVN#30866130:
- The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
- 2017/08/23 JVN#87410770:
- Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD
- 2017/08/22 JVN#67954465:
- Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files
- 2017/08/21 JVN#63564682:
- Multiple vulnerabilities in Cybozu Garoon
- 2017/08/18 JVN#18641169:
- Installer and self-extracting archive containing the installer of TDB CA TypeA use software may insecurely load Dynamic Link Libraries
- 2017/08/17 JVN#23546631:
- Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries
- 2017/08/17 JVN#71104430:
- Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries
- 2017/08/17 JVN#73559859:
- Installer of Shin Kikan Toukei Houkoku Data Nyuryokuyou Program may insecurely load Dynamic Link Libraries
- 2017/08/17 JVN#53292345:
- Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries
- 2017/08/08 JVN#81659403:
- Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries
- 2017/08/08 JVN#74871939:
- WSR-300HP vulnerable to arbitrary code execution
- 2017/08/08 JVN#05340005:
- WCR-1166DS vulnerable to OS command injection
- 2017/08/03 JVN#86724730:
- Installer of IP Messenger may insecurely load Dynamic Link Libraries
- 2017/08/03 JVN#17788774:
- Installer of Baidu IME may insecurely load Dynamic Link Libraries
- 2017/07/27 JVN#74554973:
- Installer of LhaForge may insecurely load Dynamic Link Libraries
- 2017/07/27 JVN#33797604:
- NFC Port Software remover may insecurely load Dynamic Link Libraries
- 2017/07/27 JVN#16136413:
- Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries
- 2017/07/27 JVN#51410509:
- I-O DATA WN-G300R31 uses hard-coded credentials
- 2017/07/27 JVN#01312667:
- Multiple vulnerabilities in I-O DATA WN-AX1167GR
- 2017/07/24 JVN#17523256:
- Installer of Tween may insecurely load Dynamic Link Libraries
- 2017/07/24 JVN#24238648:
- RBB SPEED TEST App fails to verify SSL server certificates
- 2017/07/24 JVN#31459091:
- WordPress plugin "Simple Custom CSS and JS" vulnerable to cross-site scripting
- 2017/07/24 JVN#92921024:
- WordPress plugin "Popup Maker" vulnerable to cross-site scripting
- 2017/07/24 JVN#74247807:
- Multiple cross-site scripting vulnerabilities in ScreenOS
- 2017/07/20 JVN#48413726:
- Multiple vulnerabilities in multiple Buffalo wireless LAN routers
- 2017/07/20 JVN#48823557:
- Multiple Buffalo wireless LAN access point devices do not properly perform authentication
- 2017/07/19 JVN#77412145:
- SONY Portable Wireless Server WG-C10 fails to restrict access permissions
- 2017/07/19 JVN#14151222:
- Multiple vulnerabilities SONY Portable Wireless Server WG-C10
- 2017/07/14 JVN#61502349:
- Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries
- 2017/07/13 JVN#42031953:
- FileCapsule Deluxe Portable and Encrypted Files in Self-Decryption Format created by FileCapsule Deluxe Portable may insecurely load Dynamic Link Libraries
- 2017/07/12 JVN#02852421:
- Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries
- 2017/07/11 JVN#81676004:
- Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
- 2017/07/10 JVN#29939155:
- Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries
- 2017/07/07 JVN#21627267:
- Microsoft IME may insecurely load Dynamic Link Libraries
- 2017/07/07 JVN#21369452:
- Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries
- 2017/07/06 JVN#63249051:
- WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal
- 2017/07/04 JVN#39819446:
- WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting
- 2017/07/04 JVN#20409270:
- Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries
- 2017/07/04 JVN#82120115:
- Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries
- 2017/07/04 JVN#95996423:
- MFC-J960DWN vulnerable to cross-site request forgery
- 2017/07/03 JVN#06337557:
- Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries
- 2017/07/03 JVN#43534286:
- Multiple vulnerabilities in Cybozu Garoon
- 2017/06/30 JVN#45134765:
- Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries
- 2017/06/30 JVN#23389212:
- Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries
- 2017/06/28 JVN#79451345:
- Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
- 2017/06/28 JVN#21174546:
- Marp vulnerable to improper access control in JavaScript execution
- 2017/06/27 JVN#85901441:
- Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway
- 2017/06/26 JVN#01775119:
- Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries
- 2017/06/23 JVN#09293613:
- Installer of Charamin OMP may insecurely load Dynamic Link Libraries
- 2017/06/20 JVN#24348065:
- Multiple vulnerabilities in HOME SPOT CUBE2
- 2017/06/20 JVN#73550134:
- WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting
- 2017/06/20 JVN#65411235:
- Multiple I-O DATA network camera products vulnerable to cross-site request forgery
- 2017/06/15 JVN#56787058:
- WordPress plugin "WP Job Manager" fails to restrict access permissions
- 2017/06/13 JVN#94771799:
- Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries
- 2017/06/13 JVN#79738260:
- Multiple vulnerabilities in WordPress plugin "WordPress Download Manager"
- 2017/06/13 JVN#25078144:
- Source code security studying tool iCodeChecker vulnerable to cross-site scripting
- 2017/06/13 JVN#51355647:
- WordPress plugin "WP-Members" vulnerable to cross-site scripting
- 2017/06/12 JVN#27198823:
- Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
- 2017/06/12 JVN#56588965:
- Cybozu KUNAI for Android vulnerable to cross-site scripting
- 2017/06/09 JVN#65154137:
- Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries
- 2017/06/09 JVN#34508179:
- Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries
- 2017/06/09 JVN#67305782:
- Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
- 2017/06/08 JVN#31236539:
- [Simeji for Windows(β)] installer may insecurely load Dynamic Link Libraries
- 2017/06/08 JVN#52691241:
- Multiple installers of the software provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
- 2017/06/07 JVN#99737748:
- AppCheck may insecurely invoke an executable file
- 2017/06/06 JVN#01404851:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
- 2017/06/06 JVN#20870477:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
- 2017/06/06 JVN#32120290:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure
- 2017/06/06 JVN#80238098:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
- 2017/06/06 JVN#98617234:
- WordPress plugin "Multi Feed Reader" vulnerable to SQL injection
- 2017/06/05 JVN#24087303:
- Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries
- 2017/06/02 JVN#08020381:
- Installer of SaAT Personal may insecurely load Dynamic Link Libraries
- 2017/06/02 JVN#91170929:
- Installer of SaAT Netizen may insecurely load Dynamic Link Libraries
- 2017/06/01 JVN#06770361:
- Installer of Tera Term may insecurely load Dynamic Link Libraries
- 2017/06/01 JVN#51274854:
- Multiple software for Sharp IC Card Reader/Writer Devices may insecurely load Dynamic Link Libraries
- 2017/06/01 JVN#70951878:
- WordPress plugin "WP Live Chat Support" vulnerable to cross-site scripting
- 2017/05/26 JVN#92422409:
- The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
- 2017/05/25 JVN#41185163:
- Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries
- 2017/05/25 JVN#75514460:
- Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries
- 2017/05/25 JVN#42164352:
- GroupSession fails to restrict access permissions
- 2017/05/24 JVN#91438377:
- SSL Visibility Appliance may generate illegal RST packets
- 2017/05/19 JVN#12493656:
- The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries
- 2017/05/19 JVN#11326581:
- Empirical Project Monitor - eXtended vulnerable to cross-site scripting
- 2017/05/19 JVN#85512750:
- Empirical Project Monitor - eXtended vulnerable to cross-site scripting
- 2017/05/16 JVN#81820501:
- FlashAir do not set credential information in PhotoShare
- 2017/05/16 JVN#46372675:
- FlashAir fails to restrict access permissions in PhotoShare
- 2017/05/16 JVN#96165722:
- WordPress plugin "WP Booking System" vulnerable to cross-site scripting
- 2017/05/16 JVN#24834813:
- Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting
- 2017/05/16 JVN#70411623:
- WordPress plugin "MaxButtons" vulnerable to cross-site scripting
- 2017/05/12 JVN#16248227:
- PrimeDrive Desktop Application Installer may insecurely load executable files
- 2017/05/11 JVN#51978169:
- The installer of SOY CMS vulnerable to cross-site scripting
- 2017/05/11 JVN#51819749:
- SOY CMS vulnerable to directory traversal
- 2017/05/09 JVN#39605485:
- The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
- 2017/05/09 JVN#87760109:
- Nessus vulnerable to cross-site scripting
- 2017/04/25 JVN#71572107:
- Installer of Vivaldi for Windows may insecurely load executable files
- 2017/04/21 JVN#48790793:
- WNC01WH vulnerable to OS command injection
- 2017/04/20 JVN#54268888:
- Multiple JustSystems products including Hanako may insecurely load Dynamic Link Libraries
- 2017/04/20 JVN#93931029:
- Hoozin Viewer vulnerable to buffer overflow
- 2017/04/20 JVN#54762089:
- WordPress plugin "Booking Calendar" vulnerable to cross-site scripting
- 2017/04/20 JVN#18739672:
- WordPress plugin "Booking Calendar" vulnerable to directory traversal
- 2017/04/19 JVN#86171513:
- SEIL Series routers vulnerable to denial-of-service (DoS)
- 2017/04/18 JVN#08740778:
- NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
- 2017/04/14 JVN#05340816:
- Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
- 2017/04/14 JVN#01537659:
- WN-AC1167GR vulnerable to cross-site scripting
- 2017/04/13 JVN#77253951:
- WordPress plugin "WP Statistics" vulnerable to cross-site scripting
- 2017/04/13 JVN#62392065:
- WordPress plugin "WP Statistics" vulnerable to cross-site scripting
- 2017/04/11 JVN#17535578:
- Multiple vulnerabilities in Cybozu Office
- 2017/04/11 JVN#82019695:
- ASSETBASE vulnerable to cross-site scripting
- 2017/04/10 JVN#87770873:
- CS-Cart Japanese Edition vulnerable to cross-site request forgery
- 2017/04/10 JVN#14396697:
- CS-Cart Japanese Edition fails to restrict access permissions
- 2017/04/10 JVN#25598952:
- CS-Cart Japanese Edition fails to restrict access permissions
- 2017/04/10 JVN#81024552:
- Multiple vulnerabilities in WN-G300R3
- 2017/04/10 JVN#17633442:
- WordPress plugin "WP Statistics" vulnerable to cross-site scripting
- 2017/04/07 JVN#64451600:
- Tablacus Explorer vulnerable to script injection
- 2017/03/30 JVN#55121369:
- CentreCOM AR260S V2 vulnerable to privilege escalation
- 2017/03/23 JVN#55294532:
- WordPress plugin "YOP Poll" vulnerable to cross-site scripting
- 2017/03/22 JVN#93699304:
- Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
- 2017/03/16 JVN#11448789:
- Security guide for website operators vulnerable to OS command injection
- 2017/03/13 JVN#88745657:
- Cybozu KUNAI for Android information management vulnerability
- 2017/03/07 JVN#13003724:
- OneThird CMS vulnerable to cross-site scripting
- 2017/03/07 JVN#49408248:
- OneThird CMS vulnerable to cross-site scripting
- 2017/03/02 JVN#46830433:
- Multiple I-O DATA network camera products multiple vulnerabilities
- 2017/03/01 JVN#88713190:
- PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries
- 2017/03/01 JVN#82619692:
- Access CX App fails to verify SSL server certificates
- 2017/02/28 JVN#73083905:
- Multiple vulnerabilities in WBCE CMS
- 2017/02/28 JVN#63474730:
- CubeCart vulnerable to directory traversal
- 2017/02/20 JVN#73182875:
- Multiple vulnerabilities in Cybozu Garoon
- 2017/02/17 JVN#86200862:
- Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries
- 2017/02/15 JVN#55489964:
- Multiple vulnerabilities in Apache Brooklyn
- 2017/02/10 JVN#53880182:
- TVer App for Android fails to verify SSL server certificates
- 2017/02/10 JVN#40667528:
- Norton Download Manager may insecurely load Dynamic Link Libraries
- 2017/02/09 JVN#39008927:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery
- 2017/02/09 JVN#88176589:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass
- 2017/02/09 JVN#87662835:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding
- 2017/02/09 JVN#71666779:
- Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
- 2017/02/09 JVN#34207650:
- Multiple cross-site scripting vulnerabilities in Webmin
- 2017/02/03 JVN#21114208:
- Business LaLa Call App for Android fails to verify SSL server certificates
- 2017/02/03 JVN#01014759:
- LaLa Call App for Android fails to verify SSL server certificates
- 2017/01/27 JVN#81618356:
- CubeCart vulnerable to directory traversal
- 2017/01/24 JVN#09460804:
- Knowledge vulnerable to cross-site request forgery
- 2017/01/24 JVN#12796388:
- Nessus vulnerable to cross-site scripting
- 2017/01/24 JVN#50197114:
- smalruby-editor vulnerable to OS command injection
- 2017/01/20 JVN#92395431:
- Java (OGNL) code execution in Apache Struts 2 when devMode is enabled
- 2017/01/16 JVN#28331227:
- MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal
- 2017/01/16 JVN#83917769:
- AttacheCase vulnerable to directory traversal
- 2017/01/11 JVN#19241292:
- Cybozu Remote Service Manager fails to verify client certificates
- 2017/01/06 JVN#71538099:
- Olive Diary DX vulnerable to cross-site scripting
- 2017/01/06 JVN#12124922:
- WEB SCHEDULE vulnerable to cross-site scripting
- 2017/01/06 JVN#60879379:
- Olive Blog vulnerable to cross-site scripting
2016
- 2016/12/26 JVN#96681653:
- WinSparkle issue where registry value is not validated
- 2016/12/26 JVN#90813656:
- Wireshark for Windows issue where an arbitrary file may be deleted
- 2016/12/22 JVN#44566208:
- H2O use-after-free vulnerability
- 2016/12/22 JVN#38755305:
- BlueZ userland utilities vulnerable to buffer overflow
- 2016/12/22 JVN#84995847:[Critical]
- SKYSEA Client View vulnerable to arbitrary code execution
- 2016/12/19 JVN#17980240:
- Cybozu Garoon vulnerable to SQL injection
- 2016/12/19 JVN#16200242:
- Cybozu Garoon vulnerable to directory traversal
- 2016/12/19 JVN#15222211:
- Cybozu Garoon vulnerable to cross-site request forgery
- 2016/12/19 JVN#14631222:
- Cybozu Garoon fails to restrict access permissions
- 2016/12/19 JVN#13218253:
- Cybozu Garoon vulnerable to information disclosure
- 2016/12/19 JVN#12281353:
- Cybozu Garoon vulnerable to cross-site scripting
- 2016/12/16 JVN#42070907:
- Mutiple SONY Videoconference Systems do not properly perform authentication
- 2016/12/13 JVN#78980598:
- Apache ActiveMQ vulnerable to cross-site scripting
- 2016/12/12 JVN#16781735:
- Multiple access restriction bypass vulnerabilities in Cybozu Dezie
- 2016/12/07 JVN#28151745:
- Sleipnir for Mac vulnerable to URL spoofing
- 2016/12/02 JVN#40613060:
- Multiple vulnerabilities in WNC01WH
- 2016/12/01 JVN#08868688:
- The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries
- 2016/11/30 JVN#25059363:
- Multiple I-O DATA network camera products multiple vulnerabilities
- 2016/11/28 JVN#20252219:
- kintone mobile for Android fails to verify SSL server certificates
- 2016/11/25 JVN#05493467:
- Simple keitai chat vulnerable to cross-site scripting
- 2016/11/15 JVN#75396659:
- DERAEMON-CMS vulnerable to cross-site scripting
- 2016/11/11 JVN#23549283:
- CG-WLR300NX fails to restrict access permissions
- 2016/11/11 JVN#92237169:
- CG-WLR300NX vulnerable to cross-site scripting
- 2016/11/11 JVN#23823838:
- CG-WLR300NX vulnerable to cross-site request forgery
- 2016/11/11 JVN#25060672:
- Multiple Corega wireless LAN routers vulnerable to cross-site scripting
- 2016/11/11 JVN#34103586:
- Multiple I-O DATA network camera products vulnerable to information disclosure
- 2016/11/02 JVN#18228200:
- Multiple vulnerabilities in WFS-SR01
- 2016/11/01 JVN#91002412:
- The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries
- 2016/11/01 JVN#27260483:
- mobiGate App fails to verify SSL server certificates
- 2016/10/26 JVN#76780067:
- Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
- 2016/10/20 JVN#14567604:
- Multiple vulnerabilities in WordPress plugin WP-OliveCart
- 2016/10/19 JVN#03251132:
- Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
- 2016/10/18 JVN#63012325:
- The installer of e-Tax Software may insecurely load Dynamic Link Libraries
- 2016/10/13 JVN#70380788:
- BASP21 vulnerable to mail header injection
- 2016/10/07 JVN#39619137:
- Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
- 2016/10/07 JVN#32504719:
- Usermin cross-site scripting vulnerabilties
- 2016/10/07 JVN#80157683:
- SetucoCMS multiple vulnerabilities
- 2016/10/07 JVN#20786316:
- Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)
- 2016/10/03 JVN#11288252:
- Cybozu Office vulnerable to Reflected File Download (RFD)
- 2016/10/03 JVN#10092452:
- Cybozu Office vulnerable to denial-of-service (DoS)
- 2016/10/03 JVN#09736331:
- Cybozu Office vulnerable to information disclosure
- 2016/10/03 JVN#08736331:
- Cybozu Office vulnerable to mail header injection
- 2016/10/03 JVN#07148816:
- Multiple access restriction bypass vulnerabilities in Cybozu Office
- 2016/10/03 JVN#06726266:
- Cybozu Office multiple cross-site scripting vulnerabilities
- 2016/10/03 JVN#46351856:
- Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery
- 2016/09/29 JVN#92765814:
- Multiple vulnerabilities in baserCMS
- 2016/09/29 JVN#72559412:
- ManageEngine ServiceDesk Plus uses an insecure method for cookie generation
- 2016/09/29 JVN#89726415:
- ManageEngine ServiceDesk Plus fails to restrict access permissions
- 2016/09/29 JVN#50347324:
- ManageEngine ServiceDesk Plus vulnerable to cross-site scripting
- 2016/09/23 JVN#46087986:
- Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting
- 2016/09/20 JVN#49343562:
- Money Forward Apps for Android vulnerability that allows unintended operations
- 2016/09/20 JVN#61297210:
- Money Forward Apps for Android vulnerable in the WebView class
- 2016/09/16 JVN#98126322:
- Trend Micro Internet Security vulnerability where files may be excluded as scan targets
- 2016/09/16 JVN#74244518:
- Splunk Enterprise and Splunk Light vulnerable to cross-site scripting
- 2016/09/16 JVN#64800312:
- Splunk Enterprise and Splunk Light vulnerable to open redirect
- 2016/09/16 JVN#39926655:
- Splunk Enterprise and Splunk Light vulnerable to open redirect
- 2016/09/16 JVN#71462075:
- Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting
- 2016/09/15 JVN#94779084:
- H2O use of externally-controlled format string
- 2016/09/15 JVN#18926672:
- Zend Framework vulnerable to SQL injection
- 2016/09/14 JVN#55389065:
- CS-Cart add-on "Twigmo" vulnerable to PHP object injection
- 2016/09/06 JVN#48237713:
- ADOdb vulnerable to cross-site scripting
- 2016/08/31 JVN#85213412:
- Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection
- 2016/08/25 JVN#05924524:
- LINE for Windows fails to properly verify downloaded files
- 2016/08/24 JVN#94816361:
- YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)
- 2016/08/23 JVN#42262137:
- simple chat vulnerable to cross-site scripting
- 2016/08/22 JVN#93411577:
- Cybozu Garoon fails to restrict access permissions
- 2016/08/22 JVN#89211736:
- Cybozu Garoon vulnerable to authentication bypass
- 2016/08/22 JVN#83568336:
- Cybozu Garoon vulnerable to SQL injection
- 2016/08/22 JVN#67595539:
- Cybozu Garoon multiple cross-site scripting vulnerabilities
- 2016/08/22 JVN#67266823:
- Cybozu Garoon vulnerable to open redirect
- 2016/08/19 JVN#09836883:
- Geeklog IVYWE edition contains a cross-site scripting vulnerability
- 2016/08/18 JVN#58455472:
- OSSEC Web UI vulnerable to cross-site scripting
- 2016/08/18 JVN#28386124:
- ClipBucket vulnerable to cross-site scripting
- 2016/08/17 JVN#45583702:
- Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
- 2016/08/16 JVN#04125292:
- Cybozu Mailwise contains issue in preventing clickjacking attacks
- 2016/08/16 JVN#03052683:
- Cybozu Mailwise vulnerable to information disclosure
- 2016/08/16 JVN#02576342:
- Cybozu Mailwise vulnerable to information disclosure
- 2016/08/16 JVN#01353821:
- Cybozu Mailwise vulnerable to mail header injection
- 2016/08/08 JVN#35062083:
- Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery
- 2016/08/05 JVN#09470233:
- Android stock browser vulnerable to denial-of-service (DoS)
- 2016/08/04 JVN#06920277:
- Coordinate Plus App fails to verify SSL server certificates
- 2016/07/22 JVN#40696431:
- EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection
- 2016/07/22 JVN#65273415:
- Android OS issue where it is affected by the CRIME attack
- 2016/07/22 JVN#06212291:
- Android OS Contacts app fails to restrict access permissions
- 2016/07/20 JVN#01956993:
- Vtiger CRM does not properly restrict access to application data
- 2016/07/20 JVN#13582657:
- WordPress plugin "Nofollow Links" vulnerable to cross-site scripting
- 2016/07/15 JVN#68364327:
- WAONサービスアプリ App for Android fails to verify SSL server certificates
- 2016/07/08 JVN#51565015:
- LINE for Windows may insecurely load Dynamic Link Libraries
- 2016/06/30 JVN#89379547:
- Apache Commons FileUpload vulnerable to denial-of-service (DoS)
- 2016/06/29 JVN#30260727:
- Sushiro App fails to verify SSL server certificates
- 2016/06/27 JVN#39594409:
- DMM Movie Player App fails to verify SSL server certificates
- 2016/06/27 JVN#45034304:
- Multiple Hikari Denwa routers vulnerable to cross-site request forgery
- 2016/06/27 JVN#77403442:
- Multiple Hikari Denwa routers vulnerable to OS command injection
- 2016/06/27 JVN#42930233:
- QNAP QTS vulnerable to cross-site scripting
- 2016/06/24 JVN#61578437:
- WordPress plugin "Welcart e-Commerce" vulnerable to session management
- 2016/06/24 JVN#55826471:
- WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
- 2016/06/24 JVN#95082904:
- WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
- 2016/06/24 JVN#47363774:
- WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection
- 2016/06/22 JVN#75028871:
- CG-WLR300GNV Series does not limit authentication attempts
- 2016/06/22 JVN#24409899:
- CG-WLBARAGM vulnerable to denial-of-service (DoS)
- 2016/06/22 JVN#76653039:
- CG-WLBARGL vulnerable to command injection
- 2016/06/20 JVN#07710476:
- Apache Struts 2 vulnerable to remote code execution
- 2016/06/20 JVN#12352818:
- Apache Struts 2 vulnerable to denial-of-service (DoS)
- 2016/06/20 JVN#45093481:
- Multiple vulnerabilities in Apache Struts 2
- 2016/06/16 JVN#55428526:
- Deep Discovery Inspector vulnerable to remote code execution
- 2016/06/14 JVN#96052093:
- ETX-R vulnerable to denial-of-service (DoS)
- 2016/06/14 JVN#61317238:
- ETX-R vulnerable to cross-site request forgery
- 2016/06/08 JVN#15205734:
- DX Library vulnerable to remote code execution
- 2016/06/07 JVN#74659077:
- TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter
- 2016/06/07 JVN#65044642:
- Apache Struts 1 vulnerable to input validation bypass
- 2016/06/07 JVN#03188560:
- Apache Struts 1 vulnerability that allows unintended remote operations against components on memory
- 2016/06/02 JVN#48847535:
- Trend Micro enterprise products multiple vulnerabilities
- 2016/06/02 JVN#48789425:
- Trend Micro Internet Security multiple vulnerabilities
- 2016/05/30 JVN#53542912:
- Cybozu Garoon fails to restrict access permissions
- 2016/05/30 JVN#49285177:
- Cybozu Garoon vulnerable to cross-site scripting
- 2016/05/30 JVN#37121456:
- Cybozu Garoon vulnerable to cross-site scripting
- 2016/05/30 JVN#33879831:
- Cybozu Garoon fails to restrict access permissions
- 2016/05/30 JVN#32218514:
- Cybozu Garoon vulnerable to open redirect
- 2016/05/30 JVN#26298347:
- Cybozu Garoon vulnerable to denial-of-service (DoS)
- 2016/05/30 JVN#25765762:
- Cybozu Garoon vulnerable to information disclosure
- 2016/05/30 JVN#14749391:
- Multiple directory traversal vulnerabilities in Cybozu Garoon
- 2016/05/30 JVN#18975349:
- Multiple access restriction bypass vulnerabilities in Cybozu Garoon
- 2016/05/30 JVN#13794955:
- Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal
- 2016/05/30 JVN#40898764:
- DMM.com Securities FX Apps for Android fail to verify SSL server certificates
- 2016/05/27 JVN#87859762:
- H2O use-after-free vulnerability
- 2016/05/27 JVN#46888319:
- Japan Connected-free Wi-Fi vulnerable to API execution
- 2016/05/27 JVN#75813272:
- Multiple Buffalo wireless LAN routers vulnerable to information disclosure
- 2016/05/27 JVN#81698369:
- Multiple Buffalo wireless LAN routers vulnerable to directory traversal
- 2016/05/27 JVN#24143619:
- WebARENA formmail vulnerable to cross-site scripting
- 2016/05/26 JVN#00460236:
- NetCommons vulnerable to privilege escalation
- 2016/05/25 JVN#26026353:
- WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
- 2016/05/24 JVN#43529183:
- Jetstar App for iOS fails to verify SSL server certificates
- 2016/05/24 JVN#85112513:
- php-contact-form vulnerable to cross-site scripting
- 2016/05/24 JVN#56167268:
- HumHub vulnerable to cross-site scripting
- 2016/05/20 JVN#42545812:
- MP Form Mail CGI Professional Edition vulnerable to directory traversal
- 2016/05/19 JVN#43076390:
- Web Mailing List vulnerable to cross-site scripting
- 2016/05/18 JVN#11877654:
- 百五銀行 (105 BANK) App fails to verify SSL server certificates
- 2016/05/16 JVN#11994518:
- Cybozu KUNAI App fails to verify SSL server certificates
- 2016/05/16 JVN#03975805:
- a-blog cms vulnerable to session management
- 2016/05/16 JVN#73166466:
- a-blog cms vulnerable to cross-site scripting
- 2016/05/13 JVN#44657371:
- WordPress plugin "Ninja Forms" vulnerable to PHP object injection
- 2016/05/13 JVN#91638315:
- FileMaker server issue where PHP source code may be viewable
- 2016/05/12 JVN#22978346:
- WN-G300R Series vulnerable to cross-site scripting
- 2016/05/12 JVN#25674893:
- WN-GDN/R3 Series does not limit authentication attempts
- 2016/05/11 JVN#41772178:
- Apache Cordova vulnerable to arbitrary plugin execution
- 2016/05/11 JVN#35341085:
- Apache Cordova fails to restrict access permissions
- 2016/04/26 JVN#73776243:
- EC-CUBE vulnerable to cross-site request forgery
- 2016/04/26 JVN#63384827:
- Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting
- 2016/04/26 JVN#11458774:
- EC-CUBE fails to restrict access permissions
- 2016/04/26 JVN#47473944:
- EC-CUBE fails to restrict access permissions
- 2016/04/25 JVN#91816422:
- kintone mobile for Android fails to verify SSL server certificates
- 2016/04/25 JVN#89026267:
- kintone mobile for Android information management vulnerability
- 2016/04/22 JVN#00324715:
- Electron may insecurely load Node modules
- 2016/04/19 JVN#11815655:
- Photopt App fails to verify SSL server certificates
- 2016/04/13 JVN#00272277:
- Tokyo Star bank App fails to verify SSL server certificates
- 2016/04/08 JVN#78482127:
- EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting
- 2016/04/06 JVN#55801246:
- baserCMS plugin "Casebook Plugin" multiple vulnerabilities
- 2016/04/06 JVN#26627848:
- baserCMS plugin "Menubook Plugin" multiple vulnerabilities
- 2016/04/06 JVN#13288761:
- baserCMS plugin "Recruit Plugin" multiple vulnerabilities
- 2016/04/04 JVN#28480773:
- WisePoint contains issue in preventing clickjacking attacks
- 2016/04/04 JVN#47164236:
- AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
- 2016/04/04 JVN#41875357:
- ActiveX control for EVA Animator vulnerable to buffer overflow
- 2016/03/30 JVN#82020528:
- Aterm WG300HP vulnerable to cross-site request forgery
- 2016/03/30 JVN#07818796:
- Aterm WF800HP vulnerable to cross-site request forgery
- 2016/03/24 JVN#86517621:
- WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
- 2016/03/02 JVN#59349382:
- Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
- 2016/02/22 JVN#93535632:
- Log-Chat vulnerable to cross-site scripting
- 2016/02/19 JVN#46044093:
- LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)
- 2016/02/19 JVN#31524757:
- EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
- 2016/02/19 JVN#78383854:
- Internet Explorer cross-domain policy bypass
- 2016/02/19 JVN#69854312:
- baserCMS vulnerable to OS command injection
- 2016/02/15 JVN#69278491:
- Cybozu Office vulnerable to cross-site scripting
- 2016/02/15 JVN#71428831:
- Cybozu Office vulnerable to open redirect
- 2016/02/15 JVN#64209269:
- Cybozu Office vulnerable to cross-site request forgery
- 2016/02/15 JVN#48720230:
- Cybozu Office access restriction bypass vulnerability
- 2016/02/15 JVN#47296923:
- Cybozu Office vulnerable to information disclosure
- 2016/02/15 JVN#28042424:
- Cybozu Office vulnerable to information disclosure
- 2016/02/15 JVN#20246313:
- Cybozu Office vulnerable to denial-of-service (DoS)
- 2016/02/12 JVN#77012922:
- Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting
- 2016/02/12 JVN#22578691:
- Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates
- 2016/01/29 JVN#26921563:
- JOB-CUBE vulnerable to cross-site scripting
- 2016/01/29 JVN#12165579:
- Vine MV vulnerable to cross-site scripting
- 2016/01/29 JVN#03050861:
- EXPRESSCLUSTER X vulnerable to directory traversal
- 2016/01/27 JVN#54686544:
- HOME SPOT CUBE multiple vulnerabilities
- 2016/01/22 JVN#49225722:
- Multiple Buffalo network devices vulnerable to cross-site scripting
- 2016/01/22 JVN#09268287:
- Multiple Buffalo network devices vulnerable to cross-site request forgery
- 2016/01/18 JVN#47951769:
- Shoplat App for iOS issue in the verification of SSL certificates
- 2016/01/15 JVN#45928828:
- H2O vulnerable to HTTP header injection
- 2016/01/15 JVN#50899877:
- acmailer vulnerable to OS command injection
- 2016/01/05 JVN#49476817:
- DX Library vulnerable to buffer overflow
2015
- 2015/12/25 JVN#51250073:
- CG-WLNCM4G may behave as an open resolver
- 2015/12/25 JVN#50775659:
- CG-WLBARAGM may behave as an open proxy
- 2015/12/25 JVN#51349622:
- CG-WLBARGS does not properly perform authentication
- 2015/12/17 JVN#43344629:
- Welcart vulnerable to SQL injection
- 2015/12/17 JVN#64636058:
- WinRAR may insecurely load executable files
- 2015/12/17 JVN#22533124:
- Adobe Flash Player issue where iframe contents may be overwritten
- 2015/12/11 JVN#71730320:
- Zend Framework vulnerable to SQL injection
- 2015/12/09 JVN#89965717:
- WL-330NUL vulnerable to cross-site scripting
- 2015/12/09 JVN#85359294:
- WL-330NUL vulnerable to denial-of-service (DoS)
- 2015/12/09 JVN#34489380:
- WL-330NUL vulnerable to remote command execution
- 2015/12/09 JVN#69462495:
- WL-330NUL information management vulnerability
- 2015/12/07 JVN#70083512:
- Web Analytics Service vulnerable to cross-site scripting
- 2015/12/07 JVN#44541100:
- GANMA! App for iOS fails to verify SSL server certificates
- 2015/12/03 JVN#55545372:
- EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection
- 2015/11/30 JVN#72891124:
- p++BBS vulnerable to cross-site scripting
- 2015/11/30 JVN#35845584:
- Frame high-speed chat vulnerable to cross-site scripting
- 2015/11/27 JVN#18889193:
- Apache Cordova vulnerable to improper application of whitelist restrictions
- 2015/11/27 JVN#12991684:
- ManageEngine Firewall Analyzer fails to restrict access permissions
- 2015/11/27 JVN#21968837:
- ManageEngine Firewall Analyzer vulnerable to directory traversal
- 2015/11/20 JVN#51046809:
- ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting
- 2015/11/20 JVN#20649799:
- Void vulnerable to cross-site scripting
- 2015/11/17 JVN#34780384:
- Kirby vulnerable to arbitrary file creation
- 2015/11/17 JVN#29141986:
- Gurunavi App for iOS fails to verify SSL server certificates
- 2015/11/17 JVN#64625488:
- applican vulnerable to script injection
- 2015/11/17 JVN#71088919:
- applican vulnerable to script injection
- 2015/11/13 JVN#25323093:
- pWebManager vulnerable to OS command injection
- 2015/11/13 JVN#56210048:
- Apple OS X authentication issue when recovering from sleep mode
- 2015/11/06 JVN#90135579:
- SonicWall TotalSecure TZ 100 Series vulnerable to denial-of-service (DoS)
- 2015/11/05 JVN#80144272:
- Multiple TYPE-MOON games vulnerable to OS command injection
- 2015/11/02 JVN#04281281:
- ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection
- 2015/10/30 JVN#53973084:
- HTML::Scrubber vulnerable to cross-site scripting
- 2015/10/30 JVN#48135658:
- Multiple routers contain issue in preventing clickjacking attacks
- 2015/10/29 JVN#68289108:
- Enisys Gw fails to restrict access permissions
- 2015/10/29 JVN#13874649:
- Enisys Gw vulnerable to cross-site scripting
- 2015/10/29 JVN#33179297:
- Enisys Gw vulnerable to arbitrary file creation
- 2015/10/29 JVN#58615092:
- Enisys Gw vulnerable to SQL injection
- 2015/10/28 JVN#25086409:
- ANA App fails to verify SSL server certificates
- 2015/10/26 JVN#97278546:
- EC-CUBE vulnerable to cross-site request forgery
- 2015/10/16 JVN#25576608:
- Avast vulnerable to directory traversal
- 2015/10/16 JVN#37825153:
- AirDroid for Android vulnerable in handling of implicit intents
- 2015/10/15 JVN#92520335:
- eXtplorer vulnerable to cross-site request forgery
- 2015/10/14 JVN#48211537:
- Party Track SDK for iOS fails to verify server certificates
- 2015/10/09 JVN#84982142:
- Pref Shimane CMS vulnerable to SQL injection
- 2015/10/09 JVN#02671769:
- phpRechnung vulnerable to SQL injection
- 2015/10/09 JVN#13456571:
- Dojo Toolkit vulnerable to cross-site scripting
- 2015/10/07 JVN#38369032:
- Cybozu Garoon vulnerable to LDAP injection
- 2015/10/07 JVN#21025396:
- Multiple PHP code execution vulnerabilitles in Cybozu Garoon
- 2015/10/02 JVN#27548431:
- gollum vulnerable to file exposure
- 2015/10/02 JVN#65668004:
- Dotclear vulnerable to cross-site scripting
- 2015/10/01 JVN#49503705:
- Python for Windows may insecurely load dynamic libraries
- 2015/10/01 JVN#07676450:
- Canary Labs Trend Web Server vulnerable to buffer overflow
- 2015/10/01 JVN#27462572:
- AjaXplorer vulnerable to directory traversal
- 2015/09/30 JVN#79633796:
- baserCMS vulnerable to SQL injection
- 2015/09/30 JVN#04855224:
- baserCMS fails to restrict access permissions
- 2015/09/30 JVN#85118545:
- MATCHA SNS access restriction bypass vulnerability
- 2015/09/30 JVN#08535069:
- MATCHA SNS vulnerable to code injection
- 2015/09/30 JVN#66984217:
- MATCHA INVOICE vulnerable to code injection
- 2015/09/30 JVN#18232032:
- MATCHA INVOICE vulnerable to SQL injection
- 2015/09/29 JVN#20355129:
- niconico App for iOS fails to verify SSL server certificates
- 2015/09/29 JVN#21612597:
- Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection
- 2015/09/17 JVN#65602714:
- H2O vulnerable to directory traversal
- 2015/09/16 JVN#19948778:
- Photon vulnerable to URL whitelist bypass
- 2015/09/16 JVN#67586379:
- Reversi vulnerable to URL whitelist bypass
- 2015/09/16 JVN#24517322:
- Koritore vulnerable to URL whitelist bypass
- 2015/09/16 JVN#83862346:
- MEGAPHONE MUSIC vulnerable to URL whitelist bypass
- 2015/09/16 JVN#71815309:
- Auction Camera vulnerable to URL whitelist bypass
- 2015/09/16 JVN#73346595:
- applican vulnerable to URL whitelist bypass
- 2015/09/11 JVN#07427376:
- PIXMA MG7500 Series vulnerable to cross-site request forgery
- 2015/09/11 JVN#41048401:
- Japan Connected-free Wi-Fi vulnerable to script injection
- 2015/09/11 JVN#04644117:
- Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass
- 2015/09/07 JVN#62078684:
- ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow
- 2015/09/04 JVN#00015036:
- OpenDocMan vulnerable to cross-site scripting
- 2015/09/04 JVN#95989300:
- Apache Struts vulnerable to cross-site scripting
- 2015/09/04 JVN#88408929:
- Apache Struts vulnerable to cross-site scripting
- 2015/09/03 JVN#13684924:[Unreachable]
- BBS X102 vulnerable to cross-site scripting
- 2015/09/03 JVN#24692261:[Unreachable]
- hitSuji (rktSNS2) vulnetable to cross-site scripting
- 2015/09/02 JVN#08494613:
- NScripter vulnerable to buffer overflow
- 2015/09/01 JVN#81207766:
- Rakuten card App for iOS fails to verify SSL server certificates
- 2015/09/01 JVN#09283606:
- desknet's NEO vulnerable to directory traversal
- 2015/09/01 JVN#77193915:
- Twit BBS vulnerable to cross-site scripting
- 2015/08/27 JVN#91474878:
- File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted
- 2015/08/20 JVN#17611367:
- Apache Tapestry deserializes untrusted data
- 2015/08/18 JVN#17964918:
- Multiple I-O DATA LAN routers vulnerable in UPnP functionality
- 2015/08/12 JVN#78240242:
- Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery
- 2015/08/12 JVN#69175956:
- Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting
- 2015/08/12 JVN#20459920:
- Microsoft Office discloses a file path of a local file
- 2015/08/07 JVN#29053368:
- Yodobashi App for Android fails to verify SSL server certificates
- 2015/08/07 JVN#70465405:
- Yodobashi App for Android vulnerable to arbitrary Java method execution
- 2015/07/29 JVN#17522792:
- yoyaku_v41 vulnerable to OS command injection
- 2015/07/29 JVN#52248864:
- yoyaku_v41 vulnerable to authentication bypass
- 2015/07/29 JVN#46674982:
- yoyaku_v41 vulnerable to arbitrary file creation
- 2015/07/28 JVN#86680970:
- Gazou BBS plus vulnerability in file upload processing
- 2015/07/24 JVN#97971874:
- Welcart vulnerable to cross-site scripting
- 2015/07/24 JVN#92828286:
- Welcart vulnerable to SQL injection
- 2015/07/24 JVN#10559378:
- Research Artisan Lite does not properly perform authentication
- 2015/07/24 JVN#58020495:
- Research Artisan Lite vulnerable to cross-site scripting
- 2015/07/17 JVN#73568461:
- PHP for Windows vulnerable to OS command injection
- 2015/07/15 JVN#19011483:
- Thetis vulnerable to SQL injection
- 2015/07/15 JVN#64051989:
- acmailer vulnerable to directory traversal
- 2015/07/10 JVN#22546110:
- LINE@ vulnerable to script injection
- 2015/07/10 JVN#61935381:
- Simple Oekaki BBS vulnerability where arbitary files may be deleted
- 2015/07/10 JVN#67540183:
- Simple Oekaki BBS vulnerable to cross-site scripting
- 2015/07/09 JVN#55076671:
- Cacti vulnerable to cross-site request forgery
- 2015/07/09 JVN#09758120:
- Cacti vulnerable to cross-site scripting
- 2015/07/09 JVN#78187936:
- Cacti vulnerable to cross-site scripting
- 2015/06/30 JVN#22677713:
- OpenEMR vulnerable to authentication bypass
- 2015/06/30 JVN#77386811:
- Explorer+ File Manager vulnerable to directory traversal
- 2015/06/25 JVN#25336719:
- namshi/jose fails to verify token signatures
- 2015/06/25 JVN#96312698:
- osCommerce Japanese version vulnerable to directory traversal
- 2015/06/23 JVN#19578958:
- Symfony vulnerable to code injection
- 2015/06/18 JVN#83881261:
- Ruby on Rails library Paperclip vulnerable to cross-site scripting
- 2015/06/12 JVN#18146081:
- LoadLibrary function in Microsoft Windows fails to validate input properly
- 2015/06/12 JVN#19732015:
- MilkyStep fails to restrict access permissions
- 2015/06/12 JVN#24336273:
- BloBee vulnerable to arbitrary file creation
- 2015/06/09 JVN#74280258:
- MilkyStep fails to restrict access permissions
- 2015/06/09 JVN#20879350:
- MilkyStep vulnerable to cross-site scripting
- 2015/06/09 JVN#52478686:
- MilkyStep vulnerable to SQL injection
- 2015/06/09 JVN#05559185:
- MilkyStep vulnerable to OS command injection
- 2015/06/09 JVN#12241436:
- MilkyStep vulnerable to cross-site request forgery
- 2015/06/09 JVN#16409640:
- MilkyStep fails to restrict access permissions
- 2015/06/05 JVN#50447904:
- Multiple Buffalo wireless LAN routers vulnerable to OS command injection
- 2015/06/05 JVN#79284156:
- NetFlow Analyzer vulnerable to cross-site request forgery
- 2015/06/05 JVN#25598413:
- NetFlow Analyzer fails to restrict access permissions
- 2015/06/05 JVN#98447310:
- NetFlow Analyzer vulnerable to cross-site scripting
- 2015/06/03 JVN#06120222:
- F21 JWT fails to verify token signatures
- 2015/06/03 JVN#95246510:
- "Open Explorer Beta" App for Android vulnerable to directory traversal
- 2015/05/28 JVN#51176150:
- ZenPhoto20 vulnerable to cross-site scripting
- 2015/05/28 JVN#68452022:
- Zenphoto vulnerable to cross-site scripting
- 2015/05/27 JVN#61328139:
- Apache Sling API and Servlets Post components vulnerable to cross-site scripting
- 2015/05/22 JVN#93976566:
- SXF Common Library vulnerable to buffer overflow
- 2015/05/20 JVN#64459670:
- mt-phpincgi vulnerable to PHP object injection
- 2015/05/19 JVN#78689801:
- BGA32.DLL and QBga32.DLL contain multiple vulnerabilities
- 2015/05/15 JVN#75851252:
- "Honda Moto LINC" App for Android fails to verify SSL server certificates
- 2015/05/14 JVN#18957556:
- Cacti vulnerable to SQL injection
- 2015/05/12 JVN#20133698:
- MailDealer vulnerable to cross-site scripting
- 2015/05/01 JVN#96439865:
- EasyCTF vulnerable to session management
- 2015/05/01 JVN#07538357:
- EasyCTF vulnerable to cross-site scripting
- 2015/05/01 JVN#67520407:
- EasyCTF vulnerable to arbitrary file creation
- 2015/04/23 JVN#41653647:
- TransmitMail vulnerable to directory traversal
- 2015/04/23 JVN#26860747:
- TransmitMail vulnerable to cross-site scripting
- 2015/04/14 JVN#56297719:
- JBoss RichFaces vulnerable to remote Java code execution
- 2015/04/10 JVN#91383083:
- Seasar S2Struts vulnerable to input validation bypass
- 2015/04/09 JVN#12329472:
- Lhaplus vulnerable to remote code execution
- 2015/04/09 JVN#02527990:
- Lhaplus vulnerable to directory traversal
- 2015/04/07 JVN#71903938:
- bBlog vulnerable to cross-site request forgery
- 2015/04/03 JVN#68819526:
- "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates
- 2015/04/02 JVN#58784309:
- Maruo Editor vulnerable to buffer overflow
- 2015/03/31 JVN#75615300:
- All in One SEO Pack information management vulnerability
- 2015/03/27 JVN#81094176:
- Android OS may behave as an open resolver
- 2015/03/26 JVN#97281747:
- WordPress theme flashy vulnerable to cross-site scripting
- 2015/03/26 JVN#74547976:
- Fumy Teacher's Schedule Board vulnerable to cross-site scripting
- 2015/03/24 JVN#86448949:
- The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass
- 2015/03/20 JVN#41281927:
- LINE vulnerable to script injection
- 2015/03/20 JVN#39175666:
- MP Form Mail CGI eCommerce edition vulnerable to code injection
- 2015/03/17 JVN#97099798:
- eXtplorer vulnerable to cross-site scripting
- 2015/03/06 JVN#87204433:
- All In One WP Security & Firewall vulnerable to cross-site request forgery
- 2015/03/06 JVN#30832515:
- All In One WP Security & Firewall vulnerable to SQL injection
- 2015/03/04 JVN#91016415:
- Maroyaka Relay Novel vulnerable to cross-site scripting
- 2015/03/04 JVN#09871547:
- Maroyaka Image Album vulnerable to cross-site scripting
- 2015/03/04 JVN#63687798:
- Maroyaka Simple Board vulnerable to cross-site scripting
- 2015/03/03 JVN#55063777:
- Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass
- 2015/03/03 JVN#93727681:
- BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass
- 2015/02/27 JVN#63949115:
- SEIL Series routers vulnerable to denial-of-service (DoS)
- 2015/02/27 JVN#77718330:
- Vulnerability in the jBCrypt key stretching process
- 2015/02/27 JVN#88862608:
- Joyful Note vulnerability in handling files
- 2015/02/27 JVN#62298871:
- KENT-WEB Clip Board vulnerability where arbitary files may be deleted
- 2015/02/27 JVN#34790526:
- checkpw vulnerable to denial-of-service (DoS)
- 2015/02/25 JVN#30135729:
- SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
- 2015/02/25 JVN#44544694:
- Zen Cart Japanese version vulnerable to cross-site scripting
- 2015/02/24 JVN#42768331:
- Speed Software Root Explorer and Explorer vulnerable to directory traversal
- 2015/02/20 JVN#93318392:
- AL-Mail32 vulnerable to buffer overflow
- 2015/02/20 JVN#55365709:
- AL-Mail32 vulnerable to denial-of-service (DoS)
- 2015/02/20 JVN#77294617:
- AL-Mail32 vulnerable to directory traversal
- 2015/02/20 JVN#64455813:
- Squid input validation vulnerability
- 2015/02/17 JVN#73261710:
- C-BOARD Moyuku vulnerable to arbitrary file creation
- 2015/02/17 JVN#18387086:
- Saurus CMS Community Edition vulnerable to cross-site scripting
- 2015/02/13 JVN#48659722:
- Smartphone Passbook for Android information management vulnerability
- 2015/02/13 JVN#14522790:
- Smartphone Passbook fails to verify SSL server certificates
- 2015/02/10 JVN#96155055:
- PerlTreeBBS vulnerable to cross-site scripting
- 2015/02/05 JVN#17480391:
- shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting
- 2015/01/30 JVN#13566542:
- Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
- 2015/01/30 JVN#33735535:
- Fumy News Clipper vulnerable to cross-site scripting
- 2015/01/29 JVN#88252465:
- Arbitrary files may be overwritten in multiple VMware products
- 2015/01/27 JVN#32631078:
- Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery
- 2015/01/27 JVN#77792759:
- Multiple ASUS wireless LAN routers vulnerable to OS command injection
- 2015/01/26 JVN#27142693:
- NP-BBRM vulnerable in UPnP functionality
- 2015/01/23 JVN#94502417:
- shiromuku(bu2)BBS vulnerable to arbitrary file creation
- 2015/01/19 JVN#88559134:
- SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal
2014
- 2014/12/18 JVN#76515134:
- WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
- 2014/12/18 JVN#09289074:
- WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
- 2014/12/18 JVN#97384696:
- TSUTAYA App for Android vulnerable to arbitrary Java method execution
- 2014/12/18 JVN#22440986:
- Multiple Allied Telesis products vulnerable to buffer overflow
- 2014/12/12 JVN#61181790:
- LinPHA vulnerable to cross-site scripting
- 2014/12/10 JVN#13160869:
- Chyrp vulnerable to cross-site scripting
- 2014/12/09 JVN#87910097:
- i-HTTPD vulnerable to cross-site scripting
- 2014/12/09 JVN#98097877:
- "Omake BBS" of i-HTTPD vulnerable to cross-site scripting
- 2014/12/09 JVN#89613370:
- i-HTTPD vulnerable to cross-site scripting
- 2014/12/09 JVN#16406395:
- "File Upload BBS" of i-HTTPD vulnerable to remote command execution
- 2014/12/04 JVN#24909891:
- Kaku-San-Sei Million Arthur for Android information management vulnerability
- 2014/12/04 JVN#12798709:
- KENT-WEB Clip Board vulnerable to cross-site scripting
- 2014/12/03 JVN#70490316:
- DBD::PgPP vulnerable to SQL injection
- 2014/12/02 JVN#71762315:
- LG Electronics mobile access routers lack access restrictions
- 2014/12/02 JVN#61593104:
- ARROWS Me F-11D vulnerability where arbitrary areas may be accessed
- 2014/12/02 JVN#06302787:
- OS command injection vulnerability in multiple FUJITSU Android devices
- 2014/12/02 JVN#67792023:
- Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors
- 2014/12/01 JVN#04895240:
- SEIL Series routers vulnerable to denial-of-service (DoS)
- 2014/12/01 JVN#21907573:
- SEIL Series routers vulnerable to denial-of-service (DoS)
- 2014/11/28 JVN#54775800:
- FAST/TOOLS vulnerable to improper restriction of XML external entity references
- 2014/11/21 JVN#07930208:
- BSD Operating Systems vulnerable to denial-of-service (DoS)
- 2014/11/14 JVN#89852154:
- iLogScanner vulnerable to cross-site scripting
- 2014/11/14 JVN#52422792:
- Direct Web Remoting (DWR) vulnerable to cross-site scripting
- 2014/11/14 JVN#91502163:
- Direct Web Remoting (DWR) vulnerable to XML external entity injection
- 2014/11/13 JVN#16318793:[Critical]
- Ichitaro series vulnerable to arbitrary code execution
- 2014/11/11 JVN#14691234:
- Multiple Cybozu products vulnerable to buffer overflow
- 2014/11/10 JVN#65559247:
- OpenAM vulnerable to denial-of-service (DoS)
- 2014/10/28 JVN#55667175:
- QNAP QTS vulnerable to OS command injection
- 2014/10/23 JVN#27388160:
- SumaHo for Android fails to verify SSL/TLS server certificates
- 2014/10/16 JVN#23809730:
- GIGAPOD vulnerable to denial-of-service (DoS)
- 2014/10/16 JVN#66285408:
- Aflax vulnerable to cross-site scripting
- 2014/10/16 JVN#87373393:
- BirdBlog vulnerable to cross-site scripting
- 2014/10/10 JVN#58417930:
- Huawei E5332 vulnerable to denial-of-service (DoS)
- 2014/10/10 JVN#63587560:
- Huawei E5332 vulnerable to denial-of-service (DoS)
- 2014/09/25 JVN#48270605:
- Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
- 2014/09/25 JVN#80531230:
- jigbrowser+ for iOS same origin policy bypass
- 2014/09/25 JVN#16485017:
- SLFileManager for Android vulnerable to directory traversal
- 2014/09/25 JVN#87863382:
- N-Media file uploader vulnerability in handling uploaded files
- 2014/09/25 JVN#45442753:
- Safari issue in handling application cache
- 2014/09/22 JVN#04560253:
- Yuko Yuko App for Android fails to verify SSL server certificates
- 2014/09/19 JVN#61637002:
- Dotclear vulnerable to cross-site scripting
- 2014/09/19 JVN#08994136:
- Bump for Android vulnerable in handling of implicit intents
- 2014/09/17 JVN#36205251:
- 365 Links series vulnerable to cross-site scripting
- 2014/09/12 JVN#84376800:
- Help Page in multiple Adobe products vulnerable to cross-site scripting
- 2014/09/09 JVN#73357573:
- Movable Type vulnerable to cross-site scripting
- 2014/09/04 JVN#49672671:
- WisePoint vulnerable to session fixation
- 2014/09/04 JVN#50367052:
- EmFTP may insecurely load executable files
- 2014/08/29 JVN#17637243:
- Kindle App for Android fails to verify SSL server certificates
- 2014/08/26 JVN#94409737:
- MailPoet Newsletters vulnerable to cross-site request forgery
- 2014/08/19 JVN#20812625:
- Advance-Flow vulnerable to SQL injection
- 2014/08/18 JVN#27531188:
- Cakifo vulnerable to cross-site scripting
- 2014/08/15 JVN#04455183:
- Shutter vulnerable to cross-site scripting
- 2014/08/15 JVN#48039501:
- Shutter vulnerable to SQL injection
- 2014/08/14 JVN#27702217:
- Ameba for Android contains an issue where it fails to verify SSL server certificates
- 2014/08/12 JVN#07957080:
- Dominion KX2-101 vulnerable to denial-of-service (DoS)
- 2014/08/08 JVN#87962145:
- Piwigo vulnerable to SQL injection
- 2014/08/08 JVN#09717399:
- Piwigo vulnerable to cross-site scripting
- 2014/08/08 JVN#80310172:
- Piwigo vulnerable to cross-site scripting
- 2014/08/06 JVN#32726697:
- GOM Player vulnerable to denial-of-service (DoS)
- 2014/08/01 JVN#22534185:
- ServerView Operations Manager vulnerable to cross-site scripting
- 2014/07/30 JVN#72950786:
- Outlook.com for Android contains an issue where it fails to verify SSL server certificates
- 2014/07/29 JVN#94592501:
- Multiple I-O DATA IP Cameras vulnerable to authentication bypass
- 2014/07/29 JVN#42511610:
- acmailer contains a cross-site request forgery vulnerability
- 2014/07/29 JVN#85748534:
- PerlMailer vulnerable to cross-site scripting
- 2014/07/25 JVN#30281958:
- Arbitrary program execution vulnerability in TrendLink ActiveX control
- 2014/07/18 JVN#94791545:
- FuelPHP vulnerable to remote code execution
- 2014/07/18 JVN#84335912:
- File Explorer vulnerable to directory traversal
- 2014/07/18 JVN#36028879:
- Meridian vulnerable to cross-site scripting
- 2014/07/16 JVN#41028866:
- Multifunctional MailForm Free vulnerable to cross-site scripting
- 2014/07/15 JVN#19118282:
- Seasar S2Struts vulnerable to ClassLoader manipulation
- 2014/07/15 JVN#94838679:
- Cybozu Garoon vulnerable to cross-site scritping
- 2014/07/15 JVN#75990997:
- Cybozu Garoon vulnerable to access restriction bypass
- 2014/07/15 JVN#80583739:
- Cybozu Garoon vulnerable to cross-site scritping
- 2014/07/15 JVN#97558950:
- Cybozu Garoon vulnerable to cross-site scritping
- 2014/07/15 JVN#31082531:
- Cybozu Garoon 3 API access restriction bypass vulnerability
- 2014/07/15 JVN#42024228:
- Cybozu Garoon CGI vulnerable to remote command execution
- 2014/07/08 JVN#35376006:
- Becky! Internet Mail vulnerable to buffer overflow
- 2014/07/02 JVN#35998716:
- SX-2000WG vulnerable to denial-of-service (DoS)
- 2014/07/02 JVN#85571806:
- SX-2000WG vulnerable to denial-of-service (DoS)
- 2014/06/25 JVN#36259412:
- Web Kyukincho vulnerable to cross-site request forgery
- 2014/06/25 JVN#80006084:
- Web Kyukincho vulnerable to cross-site scripting
- 2014/06/24 JVN#63940326:
- Sophos Disk Encryption vulnerable to authentication bypass
- 2014/06/24 JVN#05329568:
- Login rebuilder vulnerable to cross-site request forgery
- 2014/06/20 JVN#02213197:
- Webmin vulnerable to cross-site scripting
- 2014/06/20 JVN#49974594:
- Webmin vulnerable to cross-site scripting
- 2014/06/20 JVN#92737498:
- Usermin vulnerable to cross-site scripting
- 2014/06/20 JVN#48805624:
- Usermin vulnerable to OS command injection
- 2014/06/18 JVN#10603428:
- JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
- 2014/06/17 JVN#30962312:
- TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation
- 2014/06/17 JVN#07677464:
- 050 plus for Android information management vulnerability
- 2014/06/13 JVN#10724763:
- SEIL Series routers vulnerable to denial-of-service (DoS)
- 2014/06/13 JVN#49154900:
- Spring Framework vulnerable to directory traversal
- 2014/06/11 JVN#58029817:
- C-BOARD Moyuku vulnerable to cross-site scripting
- 2014/06/11 JVN#50129191:
- JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution
- 2014/06/06 JVN#61247051:
- OpenSSL improper handling of Change Cipher Spec message
- 2014/06/04 JVN#54650130:
- SOY CMS vulnerable to cross-site scripting
- 2014/06/04 JVN#78136804:
- CN8000 vulnerable to denial-of-service (DoS)
- 2014/05/08 JVN#68340046:
- intra-mart vulnerable to open redirect
- 2014/04/30 JVN#31230946:
- Cybozu Garoon API access restriction bypass vulnerability
- 2014/04/30 JVN#90519014:
- Cybozu Garoon Phone Messages vulnerable to denial-of-service (DoS)
- 2014/04/25 JVN#19294237:
- Apache Struts vulnerable to ClassLoader manipulation
- 2014/04/18 JVN#13313061:
- TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery
- 2014/04/18 JVN#00058727:
- Cybozu Remote Service Manager vulnerable to session fixation
- 2014/04/18 JVN#10319260:
- Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
- 2014/04/18 JVN#22670349:
- AndExplorer vulnerable to directory traversal
- 2014/04/16 JVN#93004610:
- Redmine vulnerable to open redirect
- 2014/04/14 JVN#55438786:
- Content Provider in CamiApp for Android fails to restrict access permissions
- 2014/04/11 JVN#47386847:
- SD Card Manager vulnerable to directory traversal
- 2014/03/20 JVN#70029459:
- ES File Explorer vulnerable to directory traversal
- 2014/03/20 JVN#14282890:
- Silex vulnerable to cross-site scripting
- 2014/03/18 JVN#89260331:
- sp mode mail vulnerability where Java methods may be executed
- 2014/03/18 JVN#05951929:
- sp mode mail issue where emails in the process of creation may be accessed
- 2014/03/18 JVN#81739241:
- sp mode mail issue when accessing attachments in incoming mail
- 2014/03/17 JVN#16263849:
- Demaecan for Android. contains an issue where it fails to verify SSL server certificates
- 2014/03/17 JVN#38227002:
- Unzipper vulnerable to directory traversal
- 2014/02/26 JVN#71045461:
- Cybozu Garoon vulnerable to SQL injection
- 2014/02/26 JVN#26393529:
- Cybozu Garoon vulnerable to directory traversal
- 2014/02/26 JVN#24035499:
- Cybozu Garoon vulnerable to session management
- 2014/02/26 JVN#48810179:
- Denny's App for Android. contains an issue where it fails to verify SSL server certificates
- 2014/02/26 JVN#02017463:
- Norman Security Suite vulnerable to privilege escalation
- 2014/02/26 JVN#87797318:
- XooNIps vulnerable to cross-site scripting
- 2014/02/21 JVN#24730765:
- Blackboard Vista/CE vulnerable to cross-site scripting
- 2014/02/21 JVN#43254599:
- AutoCAD may insecurely load dynamic libraries
- 2014/02/21 JVN#33382534:
- AutoCAD vulnerable to arbitrary VBScript execution
- 2014/02/10 JVN#14876762:[Critical]
- Apache Commons FileUpload vulnerable to denial-of-service (DoS)
- 2014/02/07 JVN#50943964:
- phpMyFAQ vulnerable to cross-site request forgery
- 2014/02/07 JVN#30050348:
- phpMyFAQ vulnerable to cross-site scripting
- 2014/02/06 JVN#23256725:
- Opera browser for Android issue in handling intent scheme URL's
- 2014/01/31 JVN#30718178:
- Joyful Note vulnerable to cross-site scripting
- 2014/01/28 JVN#28011378:
- Sanshiro Series vulnerable to arbitrary code execution
- 2014/01/28 JVN#91153528:
- Multiple SQL injection vulnerabilities in Cybozu Garoon
- 2014/01/24 JVN#69986880:
- OpenPNE vulnerable to PHP Object Injection
- 2014/01/24 JVN#49384502:
- SimZip (Simple Zip Viewer) vulnerable to directory traversal
- 2014/01/22 JVN#51770585:
- EC-CUBE vulnerable to authorization bypass
- 2014/01/22 JVN#17849447:
- EC-CUBE vulnerable to information alteration
- 2014/01/22 JVN#81637882:
- Information disclosure vulnerability in Sleipnir Mobile for Android
- 2014/01/10 JVN#85716574:
- NeoFiler vulnerable to directory traversal
- 2014/01/10 JVN#44392991:
- Security File Manager vulnerable to directory traversal
- 2014/01/10 JVN#51285738:
- tetra filer vulnerable to directory traversal
- 2014/01/10 JVN#88313872:
- ZIP with Pass vulnerable to directory traversal
2013
- 2013/12/26 JVN#69700259:
- HP Autonomy Ultraseek vulnerable to cross-site scripting
- 2013/12/25 JVN#81706478:
- Cybozu Garoon Keitai vulnerable to authentication bypass
- 2013/12/25 JVN#60997973:
- Cybozu Garoon vulnerable to SQL injection
- 2013/12/24 JVN#63194482:
- IrfanView vulnerable to buffer overflow
- 2013/12/24 JVN#13154935:
- VMware ESX and ESXi may allow access to arbitrary files
- 2013/12/17 JVN#53768697:
- Android OS vulnerable to arbitrary Java method execution
- 2013/12/13 JVN#28436508:
- Juniper ScreenOS vulnerable to denial-of-service (DoS)
- 2013/12/10 JVN#21336955:
- Cybozu Dezie vulnerable to cross-site scripting
- 2013/12/03 JVN#87729477:
- Cybozu Garoon vulnerable to session fixation
- 2013/12/03 JVN#84221103:
- Cybozu Garoon vulnerable to mail header injection
- 2013/12/03 JVN#94245330:
- Cybozu Garoon vulnerable to denial-of-service (DoS)
- 2013/12/03 JVN#82375148:
- Cybozu Garoon vulnerable to SQL injection
- 2013/12/03 JVN#23981867:
- Multiple cross-site scripting vulnerabilities in Cybozu Garoon
- 2013/11/29 JVN#41703192:
- TOWN (modified version) vulnerable to directory traversal
- 2013/11/22 JVN#97810280:
- KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates
- 2013/11/22 JVN#28812735:
- D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
- 2013/11/22 JVN#65312543:
- D-Link DES-3800 Series vulnerable to denial-of-service (DoS)
- 2013/11/20 JVN#06377589:
- EC-CUBE vulnerable to cross-site scripting
- 2013/11/20 JVN#55630933:
- EC-CUBE information disclosure vulnerability
- 2013/11/20 JVN#06870202:
- EC-CUBE information disclosure vulnerability
- 2013/11/20 JVN#11221613:
- EC-CUBE vulnerable to cross-site request forgery
- 2013/11/20 JVN#38790987:
- EC-CUBE vulnerable to cross-site scripting
- 2013/11/20 JVN#61077110:
- EC-CUBE vulnerable to information disclosure
- 2013/11/15 JVN#71256611:
- ASP.NET vulnerable to open redirect
- 2013/11/12 JVN#44999463:
- Ichitaro series vulnerable to arbitrary code execution
- 2013/11/07 JVN#28467717:
- Page Scroller vulnerable to cross-site scripting
- 2013/11/07 JVN#12513975:
- TOWN (modified version) vulnerable to cross-site scripting
- 2013/11/05 JVN#75720314:
- Tiki Wiki CMS Groupware vulnerable to SQL injection
- 2013/11/05 JVN#81813850:
- Tiki Wiki CMS Groupware vulnerable to cross-site scripting
- 2013/10/30 JVN#85336306:
- Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)
- 2013/10/30 JVN#70739377:
- Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)
- 2013/10/29 JVN#74608669:
- RockDisk vulnerable to cross-site scripting
- 2013/10/18 JVN#52509236:
- HDL-A and HDL2-A Series vulnerable in session management
- 2013/10/04 JVN#33788325:
- Accela BizSearch vulnerable to cross-site scripting
- 2013/09/20 JVN#43152129:
- SEIL Series routers vulnerable to buffer overflow
- 2013/09/20 JVN#40079308:
- SEIL Series routers vulnerable in RADIUS authentication
- 2013/09/20 JVN#70245052:
- D-Link DES-3810 Series vulnerable to denial-of-service (DoS)
- 2013/09/20 JVN#03082733:
- D-Link DWL-2100AP vulnerable to denial-of-service (DoS)
- 2013/09/19 JVN#27443259:[Critical]
- Internet Explorer vulnerable to arbitrary code execution
- 2013/09/19 JVN#62507275:
- Multiple broadband routers may behave as open resolvers
- 2013/09/13 JVN#77455005:
- ChamaCargo vulnerable to cross-site scripting
- 2013/09/12 JVN#01094166:
- Opera vulnerable to cross-site scripting
- 2013/09/10 JVN#53014207:
- Cybozu Office vulnerable to cross-site scripting
- 2013/09/06 JVN#19847770:
- VMware ESX and ESXi vulnerable to buffer overflow
- 2013/09/06 JVN#72911629:
- VMware ESX and ESXi vulnerable to directory traversal
- 2013/09/06 JVN#33504150:
- Apache Struts vulnerable to remote command execution
- 2013/08/30 JVN#15973066:
- EC-CUBE vulnerable to directory traversal when used in Windows
- 2013/08/21 JVN#24713981:
- PHP OpenID Library vulnerable to XML external entity injection
- 2013/08/19 JVN#75084836:
- Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
- 2013/08/19 JVN#68156832:
- Yafuoku! contains an issue where it fails to verify SSL server certificates
- 2013/08/13 JVN#21103639:
- Cybozu Mailwise vulnerable to information disclosure
- 2013/08/07 JVN#44035194:
- docomo overseas usage application vulnerability in the connection process
- 2013/07/29 JVN#00065218:
- JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation
- 2013/07/26 JVN#25280162:
- WordPress vulnerable to cross-site scripting
- 2013/07/22 JVN#26103805:
- Oracle Enterprise Manager vulnerable to cross-site scripting
- 2013/07/19 JVN#38787103:
- JBoss RichFaces vulnerable to remote code execution
- 2013/07/17 JVN#68663052:
- Oracle Outside In vulnerable to denial-of-service (DoS)
- 2013/07/17 JVN#07497769:
- Oracle Outside In vulnerable to buffer overflow
- 2013/07/16 JVN#19491840:
- Cybozu Office session management vulnerability
- 2013/07/11 JVN#68773685:
- AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)
- 2013/06/27 JVN#04161229:
- EC-CUBE vulnerable to directory traversal
- 2013/06/27 JVN#98665228:
- EC-CUBE vulnerable to cross-site scripting
- 2013/06/27 JVN#07192063:
- EC-CUBE vulnerable to cross-site scripting
- 2013/06/27 JVN#34900750:
- EC-CUBE vulnerable to code injection
- 2013/06/27 JVN#43886811:
- EC-CUBE vulnerable to directory traversal
- 2013/06/27 JVN#85804149:
- CLIP-MAIL vulnerable to cross-site scripting
- 2013/06/27 JVN#26394323:
- POST-MAIL vulnerable to cross-site scripting
- 2013/06/18 JVN#19740283:
- Cybozu Live for Android vulnerable in the WebView class
- 2013/06/18 JVN#63428218:
- Cybozu Live for Android vulnerable to arbitrary Java method execution
- 2013/06/18 JVN#98712361:
- Ichitaro series vulnerable to arbitrary code execution
- 2013/06/13 JVN#53622030:
- Orchard vulnerable to cross-site scripting
- 2013/06/11 JVN#99813183:
- Galapagos Browser vulnerable in the WebView class
- 2013/06/11 JVN#79301570:
- Angel Browser vulnerable in the WebView class
- 2013/06/07 JVN#39218538:
- Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates
- 2013/06/07 JVN#63901692:
- Internet Explorer vulnerable to information disclosure
- 2013/06/03 JVN#48108258:
- HP ProCurve 1700 series switches vulnerable to cross-site request forgery
- 2013/05/31 JVN#24560784:
- Adobe Reader X vulnerable to sandbox bypass
- 2013/05/31 JVN#07354844:
- Safari information disclosure vulnerability
- 2013/05/31 JVN#53579095:
- FileMaker Pro vulnerable to cross-site scripting
- 2013/05/31 JVN#85812843:
- FileMaker Pro fails to verify SSL server certificates
- 2013/05/29 JVN#90289505:
- Content Provider in MovatwiTouch fails to restrict access permissions
- 2013/05/29 JVN#22756333:
- Sleipnir Mobile for Android vulnerable to address bar spoofing
- 2013/05/27 JVN#31817913:
- Yahoo! Browser vulnerable to address bar spoofing
- 2013/05/23 JVN#39699406:
- EC-CUBE vulnerable to information disclosure as a result of improper input checking
- 2013/05/23 JVN#45306814:
- EC-CUBE fails to restrict access permissions
- 2013/05/23 JVN#00985872:
- EC-CUBE vulnerable to session fixation
- 2013/05/23 JVN#52552792:
- EC-CUBE vulnerable to cross-site scripting
- 2013/05/20 JVN#10461119:
- Cross-site scripting vulnerability in the web2py social bookmarking widget
- 2013/05/15 JVN#85371480:
- Wi-Fi Spot Configuration Software vulnerability in the connection process
- 2013/05/13 JVN#18501376:
- OpenPNE vulnerable to cross-site scripting
- 2013/05/08 JVN#61972596:
- Online Service Gate vulnerable in Office 365 password management
- 2013/04/26 JVN#55074201:
- Yahoo! Browser vulnerable to address bar spoofing
- 2013/04/26 JVN#01313594:
- jigbrowser+ for Android vulnerable to address bar spoofing
- 2013/04/15 JVN#06251813:
- Multiple Cybozu products vulnerable to cross-site request forgery
- 2013/04/12 JVN#02895867:
- Sleipnir Mobile for Android loads arbitrary Extension API
- 2013/04/11 JVN#65034198:
- Sleipnir for Windows vulnerable to address bar spoofing
- 2013/04/04 JVN#04288738:
- Active! mail vulnerable to information disclosure
- 2013/03/29 JVN#01167429:
- OpenWnn for Android vulnerable to information disclosure
- 2013/03/28 JVN#51305555:
- Lotus Domino vulnerable to denial-of-service (DoS)
- 2013/03/26 JVN#11434157:
- OpenWnn/Flick support vulnerable to information disclosure
- 2013/03/26 JVN#11249169:
- COBIME vulnerable to information disclosure
- 2013/03/26 JVN#80922020:
- ArtIME Japanese Input vulnerable to information disclosure
- 2013/03/26 JVN#77360971:
- Simeji vulnerable to information disclosure
- 2013/03/19 JVN#59503133:
- Multiple NEC mobile routers vulnerable to cross-site request forgery
- 2013/03/18 JVN#41022517:
- VxWorks Web Server vulnerable to denial-of-service (DoS)
- 2013/03/18 JVN#65923092:
- VxWorks WebCLI vulnerable to denial-of-service (DoS)
- 2013/03/18 JVN#20671901:
- VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
- 2013/03/18 JVN#52492830:
- VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
- 2013/03/18 JVN#01611135:
- VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
- 2013/03/18 JVN#45545972:
- VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
- 2013/03/07 JVN#05132866:
- Multiple Cisco products vulnerable to denial-of-service (DoS)
- 2013/03/01 JVN#55924624:
- Kingsoft Writer vulnerable to buffer overflow
- 2013/02/28 JVN#36339873:
- dopvSTAR* vulnerable to cross-site scripting
- 2013/02/28 JVN#64756004:
- dopvCOMET* vulnerable to cross-site scripting
- 2013/02/26 JVN#16817324:
- Multiple JustSystems products vulnerable to arbitrary code execution
- 2013/02/21 JVN#75585394:
- NEC Universal RAID Utility fails to restrict access permissions
- 2013/02/15 JVN#02596643:
- 3DM (3ware Disk Manager) vulnerable to directory traversal
- 2013/02/14 JVN#78601526:
- GREE for Android vulnerable to directory traversal
- 2013/02/14 JVN#09223079:
- imgboard vulnerable to cross-site scripting
- 2013/02/08 JVN#95863326:
- Cybozu Garoon vulnerable to cross-site scripting
- 2013/02/08 JVN#07629635:
- Cybozu Garoon vulnerable to SQL injection
- 2013/02/07 JVN#91387819:
- mora Downloader may insecurely load executable files
- 2013/01/31 JVN#86040029:
- Weathernews Touch for Android stores location information in the system log file
- 2013/01/25 JVN#24343509:
- WebSphere Application Server (WAS) vulnerable to cross-site scripting
- 2013/01/22 JVN#99681273:
- myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting
- 2013/01/18 JVN#52197991:
- Documents Pro (formerly Files HD) vulnerable to directory traversal
- 2013/01/18 JVN#91881278:
- Documents Pro (formerly Files HD) vulnerable to cross-site scripting
2012
- 2012/12/21 JVN#33159152:
- Loctouch for Android information management vulnerability
- 2012/12/21 JVN#42625179:
- Loctouch for Android vulnerable in handling of implicit intents
- 2012/12/21 JVN#65458431:
- concrete5 vulnerable to cross-site scripting
- 2012/12/20 JVN#27691264:
- Opera Mini / Opera Mobile for Android vulnerable in the WebView class
- 2012/12/20 JVN#69589791:
- Boat Browser / Boat Browser Mini vulnerable in the WebView class
- 2012/12/17 JVN#66596216:
- WikkaWiki vulnerable to cross-site scripting
- 2012/12/14 JVN#53269985:
- Welcart vulnerable to cross-site request forgery
- 2012/12/14 JVN#18731696:
- Welcart vulnerable to cross-site scripting
- 2012/12/06 JVN#23563149:
- KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
- 2012/12/06 JVN#68830017:
- KENT-WEB ACCESS REPORT vulnerable to cross-site scripting
- 2012/11/30 JVN#83907168:
- Multiple KYOCERA mobile devices may reboot during email reception
- 2012/11/21 JVN#60931933:
- BIGACE vulnerable to session fixation
- 2012/11/16 JVN#56923652:
- Monaca Debugger for Android information management vulnerability
- 2012/11/14 JVN#74829345:
- Multiple Android devices vulnerable to denial-of-service (DoS)
- 2012/11/07 JVN#18223913:
- BeZIP vulnerable to directory traversal
- 2012/11/02 JVN#55398821:
- Pebble vulnerable to open redirect
- 2012/11/02 JVN#39563771:
- Pebble vulnerable to HTTP header injection
- 2012/11/02 JVN#75492883:
- Pebble vulnerability where entries may become unviewable
- 2012/11/02 JVN#52264310:
- MosP kintai kanri vulnerable to authentication bypass
- 2012/11/02 JVN#23465354:
- MosP kintai kanri fails to restrict access permissions
- 2012/10/31 JVN#75345069:
- Mac OS X OpenSSH vulnerable to denial-of-service (DoS)
- 2012/10/26 JVN#00322303:
- Tokyo BBS vulnerable to cross-site scripting
- 2012/10/23 JVN#42676559:
- Safari vulnerable to local file content disclosure
- 2012/10/10 JVN#63650108:
- Smarty vulnerable to cross-site scripting
- 2012/10/05 JVN#58160713:
- MyWebSearch vulnerable to cross-site scripting
- 2012/09/28 JVN#86318665:
- jigbrowser+ for Android vulnerable in the WebView class
- 2012/09/27 JVN#42014489:
- Trend Micro Control Manager vulnerable to SQL injection
- 2012/09/25 JVN#93344001:
- ATOK for Android issue in the access permissions for the learning information file
- 2012/09/20 JVN#56373673:
- myLittleAdmin for SQL Server 2000 vulnerable to arbitrary script execution
- 2012/09/20 JVN#50701493:
- Email Anti-virus (formerly WebShield SMTP) vulnerable to denial-of-service
- 2012/09/13 JVN#03015214:
- KUNAI Browser for Remote Service beta vulnerable in the WebView class
- 2012/09/07 JVN#59652356:
- Cybozu KUNAI for Android vulnerable in the WebView class
- 2012/09/07 JVN#23568423:
- Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
- 2012/08/31 JVN#77393797:
- Cybozu Live for Android vulnerable in the WebView class
- 2012/08/31 JVN#23009798:
- Cybozu Live for Android vulnerable to arbitrary Java method execution
- 2012/08/30 JVN#69880570:
- Opera address bar spoofing vulnerability
- 2012/08/30 JVN#51615542:
- Adobe Reader fails to properly handle signatures
- 2012/08/17 JVN#92038939:
- mixi for Android information management vulnerability
- 2012/08/16 JVN#99192898:
- Multiple GREE Android applications vulnerable in the WebView class
- 2012/08/08 JVN#39519659:
- Sleipnir Mobile for Android vulnerable to arbitrary script execution
- 2012/08/08 JVN#99730704:
- Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
- 2012/08/07 JVN#67435981:
- LINE for Android vulnerable in handling of implicit intents
- 2012/08/02 JVN#01598734:
- GoodReader vulnerable to cross-site scripting
- 2012/07/30 JVN#51769987:
- Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration
- 2012/07/30 JVN#90389651:
- Multiple web browsers vulnerable in processing Tranfer-Encoding header
- 2012/07/24 JVN#88643450:
- Sleipnir Mobile for Android vulnerable in the WebView class
- 2012/07/13 JVN#46088915:
- Yahoo! Browser vulnerable in the WebView class
- 2012/07/06 JVN#79111101:
- Movable Type plugin MT4i vulnerable to cross-site scripting
- 2012/07/06 JVN#03582364:
- YY-BOARD vulnerable to cross-site scripting
- 2012/07/06 JVN#80835745:
- Movable Type plugin MT4i vulnerable to cross-site scripting
- 2012/07/06 JVN#90615481:
- Ruby hash table implementation vulnerable to denial-of-service
- 2012/07/03 JVN#59842447:
- Zenphoto vulnerable to cross-site scripting
- 2012/07/03 JVN#05102851:
- Yome Collection for Android issue in management of IMEI
- 2012/06/19 JVN#36993373:
- SmallPICT vulnerable to cross-site scripting
- 2012/06/19 JVN#51176027:
- Python SimpleHTTPServer vulnerable to cross-site scripting
- 2012/06/19 JVN#58102473:
- WEB PATIO vulnerable to cross-site scripting
- 2012/06/19 JVN#33171616:
- WEB PATIO vulnerable to cross-site scripting
- 2012/06/14 JVN#90751882:
- Dolphin Browser vulnerable in the WebView class
- 2012/06/11 JVN#38163638:
- Flash Player issue in implementations of the Same Origin Policy
- 2012/06/07 JVN#18397171:
- FeedDemon vulnerable to arbitrary script execution
- 2012/06/06 JVN#24646833:
- SEIL series fail to restrict access permissions
- 2012/06/06 JVN#15646988:
- WordPress plugin WassUp vulnerable to cross-site scripting
- 2012/06/05 JVN#78305073:
- @WEB ShoppingCart vulnerable to cross-site scripting
- 2012/06/01 JVN#23328321:
- Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
- 2012/06/01 JVN#97995841:
- Segue vulnerable to SQL injection
- 2012/06/01 JVN#29083866:
- Segue vulnerable to cross-site scripting
- 2012/05/25 JVN#85934986:
- Logitec LAN-W300N/R series fails to restrict access permissions
- 2012/05/25 JVN#21422837:
- Roundcube Webmail vulnerable to cross-site scripting
- 2012/05/25 JVN#39707339:
- Opera fails to verify SSL server certificates
- 2012/05/25 JVN#47662377:
- Sybase EAServer vulnerable to cross-site scripting
- 2012/05/25 JVN#77947437:
- RSSOwl vulnerable to arbitrary script execution
- 2012/05/21 JVN#86044443:
- iLunascape for Android vulnerable in the WebView class
- 2012/05/17 JVN#45898075:
- Drupal Form API fails to validate the redirect URL
- 2012/05/15 JVN#53465692:
- baserCMS vulnerable to session management
- 2012/05/15 JVN#63941302:
- WEB MART from KENT-WEB vulnerable to cross-site scripting
- 2012/05/15 JVN#47536971:
- WEB MART from KENT-WEB vulnerable to cross-site scripting
- 2012/04/26 JVN#15503729:
- OSQA vulnerable to cross-site scripting
- 2012/04/26 JVN#82029095:
- sp mode mail issue in the verification of SSL certificates
- 2012/04/24 JVN#09619876:
- Multiple JustSystems products vulnerable to buffer overflow
- 2012/04/24 JVN#95378720:
- Multiple JustSystems products may insecurely load dynamic libraries
- 2012/04/20 JVN#00000601:
- TwitRocker2 (Android version) vulnerable in the WebView class
- 2012/04/13 JVN#90055996:
- Dokodemo Rikunabi 2013 vulnerable to cross-site scripting
- 2012/04/13 JVN#33283707:
- ActiveScriptRuby vulnerable to arbitrary Ruby script execution
- 2012/04/05 JVN#97200417:
- SENCHA SNS vulnerable to session fixation
- 2012/04/05 JVN#44913777:
- SENCHA SNS vulnerable to cross-site request forgery
- 2012/04/05 JVN#92830293:
- TOSHIBA TEC e-Studio series vulnerable to authentication bypass
- 2012/03/19 JVN#83459967:
- Janetter vulnerable to cross-site request forgery
- 2012/03/19 JVN#10745573:
- Janetter vulnerable to information disclosure
- 2012/03/13 JVN#93406632:
- Redmine vulnerable to cross-site scripting
- 2012/03/13 JVN#31860555:
- twicca fails to restrict access permissions
- 2012/03/09 JVN#79950061:
- Jenkins vulnerable to cross-site scripting
- 2012/03/09 JVN#14791558:
- Jenkins vulnerable to cross-site scripting
- 2012/03/09 JVN#56653852:
- SquirrelMail plugin Autocomplete vulnerable to cross-site scripting
- 2012/03/05 JVN#08871006:
- ES File Explorer fails to restrict access permissions
- 2012/03/01 JVN#31517714:
- Kingsoft Internet Security 2011 vulnerable to denial-of-service
- 2012/02/23 JVN#20083397:
- Movable Type vulnerable to session hijacking
- 2012/02/23 JVN#92683325:
- Movable Type vulnerable to OS command injection
- 2012/02/23 JVN#49836527:
- Movable Type vulnerable to cross-site scripting
- 2012/02/23 JVN#70683217:
- Movable Type vulnerable to cross-site request forgery
- 2012/02/22 JVN#25731073:
- Multiple COOKPAD applications for Android vulnerable in WebView class
- 2012/02/15 JVN#35256978:
- cforms II vulnerable to cross-site scripting
- 2012/02/13 JVN#85695061:
- ALFTP may insecurely load executable files
- 2012/02/10 JVN#79099262:
- Apache Struts 2 vulnerable to an arbitrary Java method execution
- 2012/02/01 JVN#33021167:
- Pocket WiFi (GP02) vulnerable to cross-site request forgery
- 2012/01/23 JVN#65869891:
- glucose 2 vulnerable to arbitrary script execution
- 2012/01/20 JVN#38216398:
- osCommerce vulnerable to directory traversal
- 2012/01/20 JVN#64386898:
- osCommerce vulnerable to cross-site scripting
- 2012/01/20 JVN#36559450:
- osCommerce Japanese version vulnerable to cross-site scripting
- 2012/01/20 JVN#54779201:
- Oracle WebLogic Server vulnerable to cross-site scripting
- 2012/01/11 JVN#78901873:
- Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service
- 2012/01/11 JVN#63249231:
- Cogent DataHub vulnerable to HTTP header injection
- 2012/01/11 JVN#12983784:
- Cogent DataHub vulnerable to cross-site scripting
2011
- 2011/12/26 JVN#44439553:
- WordPress Japanese vulnerable to cross-site scripting
- 2011/12/26 JVN#40498018:
- WordPress vulnerable to arbitrary PHP code execution
- 2011/12/26 JVN#60887968:
- Movable Type Plugin MailForm vulnerable to cross-site scripting
- 2011/12/22 JVN#76515037:
- PukiWiki Plus! vulnerable to cross-site scripting
- 2011/12/22 JVN#25435092:
- Apache Struts vulnerable to cross-site scripting
- 2011/12/15 JVN#15549168:
- Safari for iOS vulnerable to denial-of-service
- 2011/12/15 JVN#05255562:
- Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK
- 2011/12/09 JVN#94002296:
- FFFTP may insecurely load executable files
- 2011/12/08 JVN#70502960:
- phpWebSite vulnerable to cross-site scripting
- 2011/12/06 JVN#04329324:
- Etomite vulnerable to cross-site scripting
- 2011/12/02 JVN#61695284:
- PowerChute Business Edition vulnerable to cross-site scripting
- 2011/11/21 JVN#48839888:
- Nikki vulnerable to OS command injection
- 2011/11/21 JVN#80081509:
- Nikki vulnerable to directory traversal
- 2011/11/08 JVN#16901583:
- ChaSen vulnerable to buffer overflow
- 2011/11/08 JVN#33861625:
- Iwate Portal Bar vulnerable to arbitrary script execution
- 2011/11/04 JVN#37223351:
- WebObjects vulnerable to cross-site scripting
- 2011/11/04 JVN#71349007:
- Opengear console servers vulnerable to authentication bypass
- 2011/11/01 JVN#98649286:
- CSWorks LiveData Service vulnerable to denial-of-service (DoS)
- 2011/10/31 JVN#56667137:
- Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery
- 2011/10/31 JVN#41032068:
- Multiple SKYARC System Co., Ltd. products fail to restrict access permissions
- 2011/10/28 JVN#50227837:
- Touhou Hisouten vulnerable to denial-of-service
- 2011/10/28 JVN#72640744:
- Multiple D-Link products vulnerable to buffer overflow
- 2011/10/28 JVN#62336482:
- FFFTP may insecurely load executable files
- 2011/10/17 JVN#41657660:
- Safari for iOS vulnerable to cross-site scripting
- 2011/10/14 JVN#44496332:
- EC-CUBE vulnerable to SQL injection
- 2011/10/14 JVN#51216285:
- DBD::mysqlPP vulnerable to SQL injection
- 2011/10/13 JVN#07414354:
- DAEMON Tools vulnerable to denial-of-service
- 2011/10/13 JVN#04013920:
- Pligg vulnerable to cross-site scripting
- 2011/10/13 JVN#08307791:
- Plume vulnerable to cross-site scripting
- 2011/10/11 JVN#80971236:
- WEB FORUM vulnerable to cross-site scripting
- 2011/10/11 JVN#89764731:
- WEB FORUM vulnerable to cross-site scripting
- 2011/10/11 JVN#36684331:
- WEB FORUM vulnerable to cross-site scripting
- 2011/10/07 JVN#84838479:
- Cybozu Office vulnerable in restricting access
- 2011/10/07 JVN#34980730:
- A-Form vulnerable in restricting access
- 2011/10/07 JVN#03869266:
- Enkai-kun vulnerable to cross-site scripting
- 2011/09/30 JVN#16617002:
- BaserCMS vulnerable to access restriction
- 2011/09/30 JVN#09789751:
- BaserCMS vulnerable to cross-site scripting
- 2011/09/16 JVN#28973089:
- SemanticScuttle vulnerable to cross-site scripting
- 2011/09/09 JVN#45458289:
- Megalith vulnerable to authentication bypass
- 2011/09/02 JVN#58019849:
- GTK+ may insecurely load dynamic libraries
- 2011/09/02 JVN#44642341:
- Juniper Networks IDP ACM vulnerable to cross-site scripting
- 2011/09/02 JVN#99203127:
- Sage vulnerable to arbitrary script execution
- 2011/09/02 JVN#30221194:
- Sage vulnerable to arbitrary script execution
- 2011/09/02 JVN#71435255:
- Multiple vulnerabilities in Phorum
- 2011/08/26 JVN#29529126:
- Samba Web Administration Tool vulnerable to cross-site request forgery
- 2011/08/26 JVN#63041502:
- Samba Web Administration Tool vulnerable to cross-site scripting
- 2011/08/26 JVN#02134508:
- WebsiteBaker vulnerable to cross-site scripting
- 2011/08/19 JVN#06924191:
- Microsoft Windows XP vulnerable to denial-of-service (DoS)
- 2011/08/16 JVN#31506102:
- Aipo vulnerable to SQL injection
- 2011/08/16 JVN#72854072:
- Aipo vulnerable to cross-site request forgery
- 2011/08/12 JVN#96E584EB:
- Internet Explorer window display vulnerability
- 2011/08/10 JVN#80404511:
- Windows URL Protocol Handler may insecurely load executable files
- 2011/07/29 JVN#43105011:
- Android vulnerability where an incorrect SSL certificate is displayed
- 2011/07/28 JVN#74649877:
- Mozilla Firefox vulnerable to cross-site scripting
- 2011/07/28 JVN#96950482:
- Mozilla Firefox vulnerable to cross-site scripting
- 2011/07/28 JVN#70984231:
- Mozilla Firefox vulnerable to denial-of-service (DoS)
- 2011/07/28 JVN#36721438:
- Mozilla Firefox vulnerability in processing content-length header
- 2011/07/27 JVN#41222793:
- Plone vulnerable to cross-site scripting
- 2011/07/25 JVN#47124169:
- Oracle iPlanet Web Server information disclosure vulnerability
- 2011/07/15 JVN#87908726:
- ASP.NET vulnerable to cross-site scripting
- 2011/07/15 JVN#86220950:
- Google Search Appliance vulnerable to cross-site scripting
- 2011/07/08 JVN#51325625:
- Internet Explorer vulnerable to cross-site scripting
- 2011/07/05 JVN#17844633:
- XnView may insecurely load executable files
- 2011/07/05 JVN#47757122:
- Opera vulnerable to denial-of-service (DoS)
- 2011/06/29 JVN#01547302:
- ALZip vulnerable to buffer overflow
- 2011/06/24 JVN#55508059:
- Cybozu Office vulnerable to cross-site scripting
- 2011/06/24 JVN#54074460:
- Multiple Cybozu products vulnerable to cross-site scripting
- 2011/06/24 JVN#80877328:
- Multiple Cybozu products vulnerable to cross-site scripting
- 2011/06/24 JVN#59779256:
- Cybozu Garoon vulnerable to cross-site scripting
- 2011/06/20 JVN#43386477:
- WeblyGo vulnerable to cross-site scripting
- 2011/06/16 JVN#87239473:
- Ichitaro series vulnerable to arbitrary code execution
- 2011/06/15 JVN#40382909:
- Microsoft Outlook read receipt function vulnerability
- 2011/06/15 JVN#72586781:
- ASP.NET vulnerable to cross-site scripting
- 2011/06/15 JVN#26408023:
- Internet Explorer vulnerable to cross-site scripting
- 2011/06/15 JVN#73643130:
- Microsoft MSXML vulnerability in HTTP request processing
- 2011/06/15 JVN#63451350:
- Clipboard contents alteration vulnerability in Internet Explorer
- 2011/06/15 JVN#5D1D3E36:
- Microsoft Windows VBScript implementation file name disclosure vulnerability
- 2011/06/10 JVN#18680611:
- Java Web Start may insecurely load dynamic libraries
- 2011/06/10 JVN#09206238:
- Java Web Start may insecurely load settings files
- 2011/06/10 JVN#29212182:
- Java Web Start may insecurely load policy files
- 2011/05/26 JVN#46984044:
- WalRack upload file handilng vulnerability
- 2011/05/25 JVN#45658190:
- Movable Type vulnerable to cross-site scripting
- 2011/05/19 JVN#77697803:
- iVIEW Suite vulnerable to SQL injection
- 2011/05/17 JVN#99175647:
- Virus Buster 2009 key input encryption function vulnerability
- 2011/05/11 JVN#96839637:
- La Fonera+ vulnerable to denial-of-service (DoS)
- 2011/05/11 JVN#63898867:
- Applications that use the Windows Help function may be vulnerable to privilege escalation
- 2011/05/10 JVN#37878530:
- EC-CUBE vulnerable to cross-site request forgery
- 2011/04/19 JVN#50505257:
- Multiple Buffalo routers vulnerable to cross-site request forgery
- 2011/04/11 JVN#55714408:
- Multiple Yamaha routers vulnerable to denial-of-service (DoS)
- 2011/04/08 JVN#11424086:
- Password Vault Web Access vulnerable to cross-site scripting
- 2011/03/25 JVN#99977321:
- Picasa may insecurely load executable files
- 2011/03/14 JVN#01635457:
- e107 vulnerable to cross-site scripting
- 2011/03/10 JVN#81294135:
- IBM Tivoli vulnerable to denial-of-service (DoS)
- 2011/03/07 JVN#73162541:
- OTRS vulnerable to OS command injection
- 2011/03/04 JVN#97334690:
- IBM Lotus vulnerable to denial-of-service (DoS)
- 2011/03/04 JVN#26301278:
- IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
- 2011/03/04 JVN#16308183:
- IBM DB2 vulnerable to denial-of-service (DoS)
- 2011/03/02 JVN#20982938:
- Multiple Things CGI products vulnerable to cross-site scripting
- 2011/02/28 JVN#88991166:
- SEIL Series routers vulnerable to buffer overflow
- 2011/02/23 JVN#38362957:
- Lunascape may insecurely load executable files
- 2011/02/16 JVN#71542734:
- F-Secure Internet Gatekeeper for Linux authentication issue
- 2011/02/02 JVN#33880169:
- Opera may insecurely load executable files
- 2011/02/02 JVN#84393059:
- EC-CUBE vulnerable to cross-site scripting
- 2011/01/26 JVN#95385972:
- MODx Evolution vulnerable to directory traversal
- 2011/01/26 JVN#54092716:
- MODx Evolution vulnerable to SQL injection
- 2011/01/21 JVN#94695018:
- Lunascape may insecurely load dynamic libraries
- 2011/01/21 JVN#26605630:
- Cisco Linksys WRT54GC vulnerable to buffer overflow
- 2011/01/18 JVN#09115481:
- Cross-site scripting vulnerability in multiple Rocomotion products
- 2011/01/18 JVN#30414126:
- Ruby Version Manager escape sequence injection vulnerability
- 2011/01/11 JVN#86347943:
- SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
- 2011/01/11 JVN#53293565:
- Contents-Mall vulnerability in password handling
- 2011/01/11 JVN#50704770:
- Aipo vulnerable to SQL injection
- 2011/01/07 JVN#30881447:
- SquirrelMail vulnerable to cross-site request forgery
- 2011/01/07 JVN#09157962:
- SquirrelMail vulnerable to cross-site scripting
2010
- 2010/12/17 JVN#02175694:
- AttacheCase may insecurely load executable files
- 2010/12/15 JVN#33301529:
- Internet Explorer vulnerable to cross-site scripting
- 2010/12/15 JVN#21120853:
- Internet Explorer vulnerable to cross-site scripting
- 2010/12/15 JVN#30273074:
- Internet Explorer vulnerable to cross-site scripting
- 2010/12/15 JVN#62275332:
- Internet Explorer vulnerable to cross-site scripting
- 2010/12/08 JVN#78536512:[Critical]
- Movable Type vulnerable to SQL injection
- 2010/12/08 JVN#36673836:
- Movable Type vulnerable to cross-site scripting
- 2010/12/08 JVN#62736872:
- Vulnerability in Epson printer driver installer where access permissions are changed
- 2010/12/01 JVN#76662040:
- Clipboard contents alteration vulnerability in Grani
- 2010/12/01 JVN#64764004:
- Clipboard contents alteration vulnerability in Sleipnir
- 2010/11/26 JVN#36765384:
- Google Chrome information disclosure vulnerability
- 2010/11/26 JVN#46026251:
- Safari address bar spoofing vulnerability
- 2010/11/09 JVN#48425028:
- Flash Player access restriction bypass vulnerability
- 2010/11/04 JVN#01948274:
- Ichitaro series vulnerable to arbitrary code execution
- 2010/11/04 JVN#19173793:
- Ichitaro series vulnerable to arbitrary code execution
- 2010/11/01 JVN#27868039:
- GVim may insecurely load dynamic libraries
- 2010/10/29 JVN#72541530:
- Active! mail 6 vulnerable to HTTP header injection
- 2010/10/22 JVN#07497935:
- Multiple Yokka provided products may insecurely load executable files
- 2010/10/22 JVN#89272705:
- Sleipnir and Grani may insecurely load executable files
- 2010/10/22 JVN#50610528:
- Sleipnir and Grani may insecurely load dynamic libraries
- 2010/10/21 JVN#71138390:
- Apsaly may insecurely load executable files
- 2010/10/21 JVN#48097065:
- TeraPad may insecurely load dynamic libraries
- 2010/10/20 JVN#68536660:
- Archive Decoder may insecurely load executable files
- 2010/10/20 JVN#85599999:
- Explzh may insecurely load executable files
- 2010/10/18 JVN#50133036:
- Cross-site Request Forgery Vulnerability in Oracle iPlanet Web Server
- 2010/10/15 JVN#36921800:
- K2Editor may insecurely load executable files
- 2010/10/15 JVN#04665167:
- XacRett may insecurely load executable files
- 2010/10/15 JVN#18774708:
- Lhaplus may insecurely load executable files
- 2010/10/12 JVN#88850043:
- Lhasa may insecurely load executable files
- 2010/10/12 JVN#82752978:
- Lhaplus may insecurely load dynamic libraries
- 2010/10/05 JVN#69191943:
- AD-EDIT2 vulnerable to cross-site scripting
- 2010/09/10 JVN#35605523:
- Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe
- 2010/08/31 JVN#75101998:
- moobbs2 vulnerable to cross-site scripting
- 2010/08/31 JVN#24423311:
- moobbs vulnerable to cross-site scripting
- 2010/08/25 JVN#12683004:
- SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability
- 2010/08/20 JVN#91740962:[Critical]
- Winny vulnerable to buffer overflow
- 2010/08/20 JVN#21471805:[Critical]
- Winny vulnerable to buffer overflow
- 2010/08/20 JVN#25393522:[Critical]
- Winny node information processing vulnerability
- 2010/08/20 JVN#54336184:[Critical]
- Winny BBS information processing vulnerability
- 2010/08/13 JVN#86832361:
- Microsoft Windows denial of service (DoS) vulnerability
- 2010/06/22 JVN#34729123:
- Explzh buffer overflow vulnerability
- 2010/06/14 JVN#67120749:
- Multiple vulnerabilities in ActiveGeckoBrowser
- 2010/06/02 JVN#36925871:
- e-Pares vulnerable to session fixation
- 2010/06/02 JVN#82465391:
- e-Pares vulnerable to cross-site request forgery
- 2010/06/02 JVN#58439007:
- e-Pares vulnerable to cross-site scripting
- 2010/06/01 JVN#17293765:
- Ichitaro series vulnerable to arbitrary code execution
- 2010/05/17 JVN#82749282:
- CapsSuite Small Edition PatchMeister vulnerable to denial of service
- 2010/05/17 JVN#90872372:
- WebSAM DeploymentManager vulnerable to denial of service
- 2010/05/17 JVN#90248889:
- Interstage Application Server vulnerable in request processing
- 2010/05/12 JVN#92854093:
- Movable Type vulnerable to cross-site scripting
- 2010/04/19 JVN#87730223:
- Multiple Cybozu products vulnerable to authentication bypass
- 2010/04/12 JVN#98467259:
- Ichitaro series vulnerable to arbitrary code execution
- 2010/04/08 JVN#14313132:
- Cisco Router and Security Device Manager vulnerable to cross-site scripting
- 2010/04/08 JVN#46669729:
- MODx vulnerable to cross-site scripting
- 2010/04/08 JVN#19774883:
- MODx vulnerable to SQL injection
- 2010/04/07 JVN#49467403:
- Internet Explorer information disclosure vulnerability
- 2010/04/02 JVN#60969543:
- HL-SiteManager vulnerable to SQL injection
- 2010/04/01 JVN#38687002:
- Compiere vulnerable to cross-site scripting
- 2010/04/01 JVN#57963254:
- Compiere vulnerable to cross-site scripting
- 2010/04/01 JVN#41842181:
- PrettyFormMail vulnerable to cross-site scripting
- 2010/03/05 JVN#06874657:
- OpenPNE authentication bypass vulnerability
- 2010/02/25 JVN#73331060:
- tDiary plugin tb-send.rb vulnerable to cross-site scripting
- 2010/01/14 JVN#50837839:
- Oracle Application Server vulnerable to cross-site scripting
- 2010/01/12 JVN#22247093:
- WebCalenderC3 vulnerable to directory traversal
- 2010/01/12 JVN#33977065:
- WebCalenderC3 cross-site scripting vulnerability
- 2010/01/06 JVN#09872874:
- Movable Type access restriction bypass vulnerability
2009
- 2009/12/15 JVN#00152874:
- P forum vulnerable to directory traversal
- 2009/12/09 JVN#49602378:
- SEIL/B1 authentication issue
- 2009/12/08 JVN#36207497:
- Active! mail 2003 cookie disclosure vulnerability
- 2009/12/08 JVN#85821104:
- Active! mail 2003 session ID disclosure vulnerability
- 2009/12/08 JVN#49083120:
- Active! mail 2003 cross-site scripting vulnerability
- 2009/12/07 JVN#79762947:[Critical]
- EC-CUBE information disclosure vulnerability
- 2009/11/19 JVN#87341298:
- Redmine vulnerable to cross-site request forgery
- 2009/11/19 JVN#01245481:
- Redmine vulnerable to cross-site scripting
- 2009/11/04 JVN#75694913:
- Roundcube Webmail vulnerable to cross-site request forgery
- 2009/11/04 JVN#72974205:
- Roundcube Webmail vulnerable to cross-site request forgery
- 2009/10/28 JVN#13011682:
- SEIL/X Series and SEIL/B1 denial of service vulnerability
- 2009/10/28 JVN#06362164:
- SEIL/X Series and SEIL/B1 buffer overflow vulnerability
- 2009/10/26 JVN#75368899:
- Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
- 2009/10/20 JVN#33822756:
- Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
- 2009/10/15 JVN#23108985:
- Multiple Cybozu products vulnerable to cross-site scripting
- 2009/10/02 JVN#84396512:
- SugarCRM vulnerable to cross-site scripting
- 2009/09/18 JVN#65914253:
- Directory traversal vulnerability in multiple phpspot products
- 2009/09/18 JVN#53591199:
- Cross-site scripting vulnerability in multiple phpspot products
- 2009/09/17 JVN#00425482:
- XF-Section vulnerable to cross-site scripting
- 2009/09/17 JVN#39157969:
- Third-party cookie issue in Opera
- 2009/09/11 JVN#05857667:[Critical]
- Webservice-DIC yoyaku_v41 vulnerable to command injection
- 2009/09/09 JVN#62211338:[Critical]
- Buffer overflow vulnerability in Microsoft Windows
- 2009/09/02 JVN#57040664:
- ATOK screen lock bypass vulnerability
- 2009/08/27 JVN#68640473:
- bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery
- 2009/08/24 JVN#31035930:
- SugarCRM vulnerable to SQL injection
- 2009/08/21 JVN#20478978:
- Site Calendar 'mycaljp' vulnerable to cross-site scripting
- 2009/08/19 JVN#21388501:
- ColdFusion vulnerable to cross-site scripting
- 2009/08/05 JVN#15267895:
- Cross-site request forgery vulnerability in FreeNAS
- 2009/08/05 JVN#89791790:
- Cross-site scripting vulnerability in FreeNAS
- 2009/07/31 JVN#80436657:[Critical]
- Webservice-DIC yoyaku_v41 vulnerable to command injection
- 2009/07/29 JVN#59748723:
- MySQL Connector/J vulnerable to SQL injection
- 2009/07/24 JVN#29852698:
- Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
- 2009/07/14 JVN#31110006:
- shiromuku(fs6)DIARY cross-site scripting vulnerability
- 2009/06/25 JVN#32788272:
- PHP-I-BOARD from Let's PHP! vulnerable to directory traversal
- 2009/06/25 JVN#20219071:
- PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting
- 2009/06/25 JVN#93827000:
- Tree BBS from Let's PHP! vulnerable to cross-site scripting
- 2009/06/24 JVN#08369659:
- Movable Type access restriction bypass vulnerability
- 2009/06/24 JVN#86472161:
- Movable Type cross-site scripting vulnerability
- 2009/06/19 JVN#12244807:
- Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac
- 2009/06/18 JVN#87239696:
- iPhone OS denial of service (DoS) vulnerability
- 2009/06/11 JVN#70858401:[Critical]
- Buffer overflow vulnerability in Microsoft Works converters
- 2009/06/10 JVN#55752635:
- Cross-site scripting vulnerability in activeCollab
- 2009/06/09 JVN#87272440:
- Apache Tomcat denial of service (DoS) vulnerability
- 2009/06/09 JVN#63832775:
- Apache Tomcat information disclosure vulnerability
- 2009/06/08 JVN#20689557:
- Predictable session ID vulnerability in Serene Bach
- 2009/05/29 JVN#70836284:
- IMG-BBS from MT312 vulnerable to cross-site scripting
- 2009/05/29 JVN#01115659:
- REP-BBS from MT312 vulnerable to cross-site scripting
- 2009/05/29 JVN#62527913:
- Directory traversal vulnerability in multiple Cisco Systems products
- 2009/05/22 JVN#57036470:
- Cross-site scripting vulnerability in leger (free edition)
- 2009/05/21 JVN#42927215:
- a-News from Appleple vulnerable to cross-site scripting
- 2009/05/20 JVN#02331156:
- HP System Management Homepage vulnerable to cross-site scripting
- 2009/05/18 JVN#28521500:
- Trees from CGI RESCUE vulnerable to cross-site scripting
- 2009/05/13 JVN#73653977:
- Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
- 2009/05/11 JVN#03114223:
- SQL injection vulnerability in SKIP from SKIP User Group
- 2009/05/11 JVN#43233160:
- Cross-site scripting vulnerability in SKIP from SKIP User Group
- 2009/04/27 JVN#28020230:
- Web Mailer from CGI RESCUE vulnerable to HTTP header injection
- 2009/04/27 JVN#76370393:
- FORM2MAIL from CGI RESCUE allows unauthorized email transmission
- 2009/04/27 JVN#11396739:
- Cross-site scripting vulnerability in MiniBBS from CGI RESCUE
- 2009/04/27 JVN#36982346:
- MiniBBS22 from CGI RESCUE allows unauthorized email transmission
- 2009/04/24 JVN#97248625:
- Movable Type cross-site scripting vulnerability
- 2009/04/16 JVN#82744714:
- Cross-site scripting vulnerability in apricot.php from LovPop.net
- 2009/04/07 JVN#33846134:
- Ichitaro series buffer overflow vulnerability
- 2009/04/02 JVN#74747784:
- XOOPS Cube Legacy cross-site scripting vulnerability
- 2009/03/31 JVN#63511247:
- Access Analyzer CGI Professional Version vulnerability allows third party to gain administrative privileges
- 2009/03/16 JVN#23558374:
- Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
- 2009/03/10 JVN#84899898:
- MP Form Mail CGI vulnerability allows third party to gain administrative privileges
- 2009/02/26 JVN#66905322:
- Apache Tomcat information disclosure vulnerability
- 2009/02/25 JVN#91591874:
- PEAK XOOPS piCal cross-site scripting vulnerability
- 2009/02/23 JVN#16767117:
- Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras
- 2009/02/12 JVN#29641290:[Critical]
- Becky! Internet Mail buffer overflow vulnerability
- 2009/02/10 JVN#45184501:
- FAST ESP cross-site scripting vulnerability
- 2009/01/23 JVN#80771386:
- Fulltext search CGI vulnerability allows third party to gain administrative privileges
- 2009/01/20 JVN#93431860:
- Oracle WebLogic Server vulnerable to cross-site scripting
- 2009/01/15 JVN#28344798:
- Cisco IOS cross-site scripting vulnerability
- 2009/01/09 JVN#72630020:
- MODx vulnerable to SQL injection
- 2009/01/09 JVN#66828183:
- MODx cross-site request forgery vulnerability
- 2009/01/09 JVN#10170564:
- MODx cross-site scripting vulnerability
- 2009/01/08 JVN#71945722:
- Movable Type Enterprise cross-site scripting vulnerability
- 2009/01/07 JVN#36802959:
- MyNETS cross-site scripting vulnerability
2008
- 2008/12/25 JVN#98063934:
- BlackJumboDog authentication bypass vulnerability
- 2008/12/25 JVN#17298485:
- Mayaa cross-site scripting vulnerability
- 2008/12/19 JVN#50327700:
- PHP vulnerable to cross-site scripting
- 2008/12/12 JVN#07468800:
- Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe
- 2008/12/03 JVN#02216739:
- Movable Type Enterprise cross-site scripting vulnerability
- 2008/11/26 JVN#70599814:
- I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
- 2008/11/21 JVN#86833991:
- CGI RESCUE MiniBBS2000 directory traversal vulnerability
- 2008/11/17 JVN#47875752:
- GungHo LoadPrgAx vulnerable to arbitrary Java program execution
- 2008/11/06 JVN#19072922:[Critical]
- EC-CUBE vulnerable to SQL injection
- 2008/11/06 JVN#67060882:
- sISAPILocation vulnerability bypasses HTTP header rewrite function
- 2008/10/28 JVN#20502807:[Critical]
- Snoopy command injection vulnerability
- 2008/10/20 JVN#53267766:
- MyNETS cross-site scripting vulnerability
- 2008/10/20 JVN#55410403:
- Internet Explorer vulnerable in handling CDO protocol
- 2008/10/20 JVN#03300113:
- Blosxom vulnerable to cross-site scripting
- 2008/10/17 JVN#81490697:
- Movable Type cross-site scripting vulnerability
- 2008/10/17 JVN#67334580:
- hisa_cart information disclosure vulnerability
- 2008/10/10 JVN#30732239:
- Apache Tomcat allows access from a non-permitted IP address
- 2008/10/06 JVN#92651529:
- Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting
- 2008/10/01 JVN#81111541:[Critical]
- EC-CUBE vulnerable to SQL injection
- 2008/10/01 JVN#99916563:
- EC-CUBE cross-site scripting vulnerability
- 2008/10/01 JVN#36085487:
- EC-CUBE cross-site scripting vulnerability
- 2008/10/01 JVN#26621646:
- EC-CUBE cross-site scripting vulnerability
- 2008/09/26 JVN#54824688:
- phpMyAdmin cross-site scripting vulnerability
- 2008/09/17 JVN#94163107:
- Kantan WEB Server cross-site scripting vulnerability
- 2008/09/17 JVN#79026329:
- Kantan WEB Server directory traversal vulnerability
- 2008/09/10 JVN#18616622:
- Multiple Tor World CGI scripts vulnerable to arbitrary script execution
- 2008/09/09 JVN#30385652:
- Movable Type vulnerable to cross-site scripting
- 2008/09/09 JVN#55010230:
- Sound Master 2nd from High Norm vulnerable to cross-site scripting
- 2008/09/03 JVN#79914432:
- Webservice-DIC shop_v50 and shop_v52 vulnerable to cross-site scripting
- 2008/08/29 JVN#03859837:
- Blogn vulnerable to cross-site scripting
- 2008/08/29 JVN#84125369:
- Blogn vulnerable to cross-site request forgery
- 2008/08/26 JVN#27417220:
- mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting
- 2008/08/21 JVN#53886050:
- Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
- 2008/08/21 JVN#52557009:
- La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
- 2008/08/21 JVN#31723154:
- LacoodaST from SpaceTag, Inc. session fixation vulnerability
- 2008/08/21 JVN#83428818:
- La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
- 2008/08/12 JVN#66077895:
- Virus Security and Virus Security ZERO denial of service (DoS) vulnerability
- 2008/07/31 JVN#33706820:
- Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting
- 2008/07/25 JVN#60419863:
- Geeklog Forum Plugin vulnerable to cross-site scripting
- 2008/07/23 JVN#72065744:
- K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting
- 2008/07/23 JVN#46869708:
- K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting
- 2008/07/22 JVN#67573833:
- Multiple Century Systems routers vulnerable to cross-site request forgery
- 2008/07/18 JVN#49704543:
- WebProxy from LunarNight Laboratory vulnerable to cross-site scripting
- 2008/07/18 JVN#81667751:
- Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
- 2008/07/14 JVN#88676089:
- Safari installed in iPod touch and iPhone vulnerable in handling server certificates
- 2008/07/07 JVN#00945448:
- Redmine vulnerable to cross-site scripting
- 2008/07/03 JVN#77432756:
- FreeStyleWiki cross-site scripting vulnerability
- 2008/06/27 JVN#52363223:
- Cybozu Garoon vulnerable to arbitrary script execution
- 2008/06/27 JVN#18700809:
- Cybozu Garoon session fixation vulnerability
- 2008/06/27 JVN#18405927:
- Multiple Cybozu products vulnerable to cross-site request forgery
- 2008/06/25 JVN#36635562:
- nProtect : Netizen denial of service (DoS) vulnerability
- 2008/06/19 JVN#45389864:
- CGIWrap error page cross-site scripting vulnerability
- 2008/06/17 JVN#14072646:
- BlognPlus SQL injection vulnerability
- 2008/06/10 JVN#88935101:
- X.Org Foundation X server buffer overflow vulnerability
- 2008/06/04 JVN#25448394:
- Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
- 2008/05/30 JVN#43906021:
- WEB MART from KENT WEB vulnerable to cross-site scripting
- 2008/04/28 JVN#74468481:[Critical]
- Lhaplus buffer overflow vulnerability
- 2008/04/28 JVN#31351020:
- Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
- 2008/04/23 JVN#76788395:
- Sony mylo COM-2 does not verify server SSL certificate
- 2008/04/04 JVN#21563357:
- Mozilla Firefox cross-site scripting vulnerability
- 2008/03/27 JVN#76669770:
- PerlMailer cross-site scripting vulnerability
- 2008/03/27 JVN#58803701:
- DesignForm cross-site scripting vulnerability
- 2008/03/21 JVN#00892830:
- Namazu cross-site scripting vulnerability
- 2008/03/18 JVN#13159997:[Critical]
- Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication
- 2008/03/12 JVN#79114735:
- Google Desktop cross-site scripting vulnerability
- 2008/03/11 JVN#04032535:
- Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
- 2008/03/07 JVN#10606373:
- BFup ActiveX Control buffer overflow vulnerability
- 2008/03/07 JVN#21312708:
- MTCMS WYSIWYG Editor cross-site scripting vulnerability
- 2008/03/07 JVN#95014590:
- Zimbra Collaboration Suite script execution vulnerability
- 2008/03/05 JVN#10056705:
- FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers
- 2008/02/29 JVN#53757727:
- Nagios cross-site scripting vulnerability
- 2008/02/21 JVN#54593414:
- Cross-site scripting vulnerability in multiple Tor World CGI scripts
- 2008/02/21 JVN#42381549:
- Internet Scanner reporting engine vulnerable to cross-site scripting
- 2008/02/12 JVN#09470767:
- Apache Tomcat fails to properly handle cookie value
- 2008/02/07 JVN#38893575:
- PC2M cross-site scripting vulnerability
- 2008/02/05 JVN#91868305:
- RaidenHTTPD cross-site scripting vulnerability
- 2008/01/28 JVN#01162446:
- Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products
- 2008/01/28 JVN#88575577:
- Multiple Yamaha routers vulnerable to cross-site request forgery
- 2008/01/07 JVN#08237857:
- Multiple JustSystems products vulnerable to buffer overflow
2007
- 2007/12/26 JVN#33044255:
- GreaseKit and Creammonkey allows execution of userscript functions
- 2007/12/25 JVN#44736880:
- WinAce buffer overflow vulnerability
- 2007/12/21 JVN#89292430:
- Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server
- 2007/12/20 JVN#50876069:
- Flash Player allows to send arbitrary HTTP headers
- 2007/12/20 JVN#45675516:
- Flash Player vulnerable in handling cross-domain policy files
- 2007/12/18 JVN#75130343:
- Google Web Toolkit vulnerable to cross-site scripting
- 2007/12/13 JVN#80057925:
- Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
- 2007/12/13 JVN#52846259:
- JP1/Cm2/Network Node Manager vulnerable to cross-site scripting
- 2007/12/12 JVN#23120863:
- Rainboard cross-site scripting vulnerability
- 2007/12/11 JVN#90712589:
- Multiple Cybozu products vulnerable to cross-site scripting
- 2007/12/11 JVN#77730435:
- Multiple Cybozu products vulnerable to HTTP header injection
- 2007/12/11 JVN#50342989:
- Multiple Cybozu products vulnerable to cross-site scripting
- 2007/12/11 JVN#77414947:
- Cybozu Office denial of service (DoS) vulnerability
- 2007/12/07 JVN#02854109:
- HttpLogger vulnerable to cross-site scripting
- 2007/12/04 JVN#66291445:
- SonicStage CP buffer overflow vulnerability
- 2007/11/22 JVN#82610488:[Critical]
- Lhaplus buffer overflow vulnerability
- 2007/11/21 JVN#55833292:
- FileMaker cross-site scripting vulnerability
- 2007/11/20 JVN#33218020:
- Feed2JS cross-site scripting vulnerability
- 2007/11/19 JVN#33820033:
- RoundCube Webmail cross-site request forgery vulnerability
- 2007/11/13 JVN#65427327:
- Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution
- 2007/11/09 JVN#99453765:
- Cross-site scripting vulnerability in updir.php in UPDIR.NET
- 2007/11/07 JVN#84565055:
- Lotus Domino cross-site scripting vulnerability
- 2007/11/05 JVN#79295963:
- NetCommons cross-site scripting vulnerability
- 2007/10/25 JVN#29211062:
- Ichitaro series buffer overflow vulnerability
- 2007/10/25 JVN#32981509:
- Ichitaro series buffer overflow vulnerability
- 2007/10/25 JVN#50495547:
- Ichitaro series buffer overflow vulnerability
- 2007/10/12 JVN#63304072:
- MouseoverDictionary vulnerable to arbitrary script execution
- 2007/10/12 JVN#71872818:
- AirStation series and BroadStation series vulnerable to cross-site request forgery
- 2007/10/05 JVN#61323184:
- PowerArchiver buffer overflow vulnerability
- 2007/10/03 JVN#61208749:
- Webmin OS command injection vulnerability
- 2007/10/01 JVN#79013771:
- Safari allows access from HTTP to HTTPS
- 2007/09/28 JVN#70075625:
- Aipo session fixation vulnerability
- 2007/09/21 JVN#70734805:
- Lhaplus buffer overflow vulnerability
- 2007/09/07 JVN#35677737:
- Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files
- 2007/09/06 JVN#75899905:
- Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
- 2007/09/06 JVN#01913089:
- Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal
- 2007/09/05 JVN#62868899:
- 7-ZIP32.DLL buffer overflow vulnerability
- 2007/09/03 JVN#43091983:
- Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting
- 2007/08/31 JVN#20452446:
- Shopping Basket Pro directory traversal vulnerability
- 2007/08/27 JVN#38199598:
- Mayaa cross-site scripting vulnerability
- 2007/08/27 JVN#82276964:
- Tuigwaa cross-site scripting vulnerability
- 2007/08/15 JVN#59851336:
- Apache Tomcat Host Manager cross-site scripting vulnerability
- 2007/08/10 JVN#66303599:
- WebCart cross-site scripting vulnerability
- 2007/08/02 JVN#16018033:
- Safari URL spoofing vulnerability
- 2007/07/31 JVN#43615794:
- Yayoi Kaikei improper handling of credential information
- 2007/07/25 JVN#25471539:
- Aruba Mobility Controller Series cross-site scripting vulnerability
- 2007/07/20 JVN#34058672:
- Nessus report function vulnerable to arbitrary script execution
- 2007/07/11 JVN#72595280:
- Flash Player allows to send arbitrary Referer headers
- 2007/07/09 JVN#33593387:
- KDDI sample CGI download program directory traversal vulnerability
- 2007/06/27 JVN#44532794:
- rktSNS cross-site scripting vulnerability
- 2007/06/27 JVN#74063879:
- sHTTPd cross-site scripting vulnerability
- 2007/06/25 JVN#05187780:
- Hiki arbitrary file deletion vulnerability
- 2007/06/21 JVN#90438169:
- RaidenHTTPD cross-site scripting vulnerability
- 2007/06/19 JVN#16535199:
- Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
- 2007/06/18 JVN#27203006:
- Internet Explorer vulnerable in MHTML handling
- 2007/06/18 JVN#95019167:
- Internet Explorer vulnerable in handling MHTML protocol
- 2007/06/15 JVN#64851600:
- Apache Tomcat sample web application cross-site scripting vulnerability
- 2007/06/15 JVN#07100457:
- Apache Tomcat cross-site scripting vulnerability
- 2007/06/14 JVN#63602912:
- dotProject cross-site scripting vulnerability
- 2007/06/07 JVN#23891849:
- ADPLAN cross-site scripting vulnerability
- 2007/06/04 JVN#89497739:
- Meneame cross-site scripting vulnerability
- 2007/06/01 JVN#38605899:
- Mozilla Firefox cross-site scripting vulnerability
- 2007/06/01 JVN#19240523:
- HP System Management Homepage cross-site scripting vulnerability
- 2007/05/18 JVN#92832583:
- Advance-Flow cross-site scripting vulnerability
- 2007/05/16 JVN#81294906:[Critical]
- Homepage Builder sample CGI programs vulnerable to OS command injection
- 2007/05/09 JVN#36628264:
- Lunascape RSS reader arbitrary script execution vulnerability
- 2007/05/08 JVN#44724673:[Critical]
- Java Web Start vulnerable to execution of unauthorized system classes
- 2007/04/19 JVN#06735665:
- Canon Network Camera Server VB100 Series vulnerable to cross-site scripting
- 2007/04/19 JVN#19445002:
- APOP password recovery vulnerability
- 2007/04/17 JVN#91305178:
- InfoBarrier4 self-decrypted file vulnerability
- 2007/04/16 JVN#62334841:
- Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability
- 2007/04/16 JVN#84646028:
- open-gorotto cross-site scripting vulnerability
- 2007/03/30 JVN#40511721:
- MailDwarf cross-site scripting vulnerability
- 2007/03/30 JVN#08951968:
- MailDwarf vulnerability allows unauthorized sending of emails
- 2007/03/30 JVN#62399483:
- Overlay Weaver cross-site scripting vulnerability
- 2007/03/29 JVN#73258608:
- CruiseWorks and Minna De Office vulnerable in access restrictions
- 2007/03/26 JVN#86092776:
- BASP21 vulnerable in handling CRLF sequences
- 2007/03/22 JVN#64227086:
- NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability
- 2007/03/19 JVN#83832818:
- Interstage Application Server cross-site scripting vulnerability
- 2007/03/16 JVN#19795972:
- FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability
- 2007/03/13 JVN#91706484:
- Trac cross-site scripting vulnerability
- 2007/03/12 JVN#80126589:
- CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables
- 2007/02/16 JVN#84746611:
- Ariel AirOne series cross-site scripting vulnerability
- 2007/02/14 JVN#48566866:
- ColdFusion error page cross-site scripting vulnerability
- 2007/02/14 JVN#14243645:
- Adobe JRun cross-site scripting vulnerability
- 2007/02/14 JVN#28356427:
- ColdFusion cross-site scripting vulnerability
- 2007/02/10 JVN#77366274:
- CCC Cleaner buffer overflow vulnerability
- 2007/02/09 JVN#84430861:
- Sage vulnerable to arbitrary script execution
- 2007/01/29 JVN#80271113:
- MODx cross-site scripting vulnerability
- 2007/01/26 JVN#93700808:
- Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
- 2007/01/26 JVN#64354801:
- b2evolution cross-site scripting vulnerability
- 2007/01/25 JVN#82258242:[Critical]
- Shopping Basket Professional vulnerable to OS command injection
- 2007/01/25 JVN#24879092:
- CGI RESCUE WebFORM missing mail content vulnerability
- 2007/01/25 JVN#05123538:
- CGI RESCUE WebFORM vulnerable to cross-site scripting
- 2007/01/25 JVN#05088443:
- CGI RESCUE WebFORM vulnerable to HTTP header injection
- 2007/01/23 JVN#32985115:
- Movable Type cross-site scripting vulnerability
- 2007/01/22 JVN#07274813:
- phpAdsNew cross-site scripting vulnerability
- 2007/01/18 JVN#95249468:
- Fresh Reader RSS feed cross-site scripting vulnerability
- 2007/01/17 JVN#13939411:
- Drupal cross-site scripting vulnerability
- 2007/01/05 JVN#65500885:
- Serene Bach cross-site scripting vulnerability
2006
- 2006/12/28 JVN#45006961:
- Joomla! cross-site scripting vulnerability
- 2006/12/28 JVN#31185550:
- tDiary arbitrary Ruby script execution vulnerability
- 2006/12/25 JVN#02729869:
- pnamazu cross-site scripting vulnerability
- 2006/12/22 JVN#78520316:
- a-blog cross-site scripting vulnerability
- 2006/12/21 JVN#74079537:
- SugarCRM cross-site scripting vulnerability
- 2006/12/08 JVN#34830904:
- Shobo Shobo Nikki System (sns) cross-site scripting vulnerability
- 2006/12/05 JVN#47272891:
- Hanako buffer overflow vulnerability
- 2006/12/04 JVN#84798830:
- Denial of service vulnerability in Ruby CGI library (cgi.rb)
- 2006/12/04 JVN#38746816:
- TikiWiki cross-site scripting vulnerability
- 2006/11/30 JVN#08494205:
- Chama Cargo cross-site scripting vulnerability
- 2006/11/29 JVN#21125043:
- Blogn cross-site scripting vulnerability
- 2006/11/27 JVN#47223461:
- tDiary cross-site scripting vulnerability
- 2006/11/24 JVN#57280612:
- phpComasy cross-site scripting vulnerability
- 2006/11/20 JVN#46244305:
- eyeOS cross-site scripting vulnerability
- 2006/11/17 JVN#61543834:
- EC-CUBE cross-site scripting vulnerability
- 2006/11/14 JVN#84656399:
- Nucleus cross-site scripting vulnerability
- 2006/11/10 JVN#34522909:
- Kahua vulnerable in allowing to share login sessions
- 2006/11/06 JVN#30994815:
- MyODBC Japanese Conversion Edition denial of service vulnerability
- 2006/11/06 JVN#88325166:
- Hyper NIKKI System cross-site scripting vulnerability
- 2006/10/24 JVN#07235355:
- desknet's buffer overflow vulnerability
- 2006/10/20 JVN#85996645:
- NEC MultiWriter 1700C/7500C FTP server vulnerability
- 2006/10/20 JVN#63999575:
- NEC MultiWriter 1700C web server authentication bypass vulnerability
- 2006/10/18 JVN#90815371:
- Ichitaro buffer overflow vulnerability
- 2006/10/12 JVN#41241092:
- Kmail CGI authentication bypass vulnerability
- 2006/10/02 JVN#93484133:
- TeraStation HD-HTGL series cross-site request forgery vulnerability
- 2006/09/28 JVN#79484135:
- Joomla! cross-site scripting vulnerability
- 2006/09/28 JVN#82240092:
- Drupal cross-site scripting vulnerability
- 2006/09/26 JVN#68295640:
- Movable Type vulnerabile to cross-site scripting
- 2006/09/26 JVN#30144870:
- SugarCRM cross-site scripting vulnerability
- 2006/09/22 JVN#46630603:
- MDPro cross-site scripting vulnerability
- 2006/09/13 JVN#52201480:
- Microsoft Windows Indexing Service cross-site scripting vulnerability
- 2006/08/31 JVN#99776858:
- Multiple vulnerabilities in Webmin and Usermin
- 2006/08/28 JVN#31125599:
- Cybozu Office 6 information disclosure vulnerability
- 2006/08/28 JVN#90420168:
- Cybozu products vulnerable to directory traversal
- 2006/08/23 JVN#11048526:
- mail f/w system vulnerable to allow unauthorized email transmissionk
- 2006/08/16 JVN#39103264:
- Owl SQL injection vulnerability
- 2006/08/16 JVN#01137722:
- Owl cross-site scripting vulnerability
- 2006/08/14 JVN#02091617:
- 04WebServer cross-site scripting vulnerability
- 2006/08/14 JVN#27428836:
- 04WebServer directory traversal vulnerability
- 2006/08/14 JVN#51301450:
- NetCommons cross-site scripting vulnerability
- 2006/08/10 JVN#62171179:
- Kiri directory traversal vulnerability
- 2006/07/31 JVN#65677118:
- Pixelpost cross-site scripting vulnerability
- 2006/07/28 JVN#27794427:
- Dokeos cross-site scripting vulnerability
- 2006/07/18 JVN#92975133:
- Loudblog cross-site scripting vulnerability
- 2006/07/18 JVN#62307185:
- QwikiWiki cross-site scripting vulnerability
- 2006/07/18 JVN#81108784:
- Geeklog cross-site scripting vulnerability
- 2006/07/12 JVN#76686161:
- ServerView cross-site scripting vulnerability
- 2006/07/12 JVN#73368472:
- ServerView directory traversal vulnerability
- 2006/07/11 JVN#83768862:
- Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox
- 2006/07/11 JVN#13947696:
- Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.
- 2006/07/06 JVN#44846612:
- ATutor cross-site scripting vulnerability
- 2006/07/06 JVN#73705637:
- ACollab SQL injection vulnerability
- 2006/07/03 JVN#98836916:
- Wiki clone products vulnerable to denial of service attacks
- 2006/06/26 JVN#39188922:
- dotProject cross-site scripting vulnerability
- 2006/06/26 JVN#76207423:
- Phorum cross-site scripting vulnerability
- 2006/06/23 JVN#67974490:
- Webmin directory traversal vulnerability
- 2006/06/14 JVN#74969119:
- Microsoft Internet Explorer address bar spoofing vulnerability
- 2006/06/09 JVN#39570254:
- CGI RESCUE WebFORM allows unauthorized email transmission
- 2006/06/05 JVN#97636431:
- dotProject cross-site scripting vulnerability
- 2006/06/02 JVN#28513736:
- Mozilla Firefox HTTP 1.0 response smuggling vulnerability
- 2006/06/02 JVN#62734622:
- Mozilla Firefox vulnerable to HTTP response splitting
- 2006/05/24 JVN#16558862:
- RWiki cross-site scripting vulnerability
- 2006/05/24 JVN#46691257:
- RWiki arbitrary Ruby script execution vulnerability
- 2006/05/22 JVN#55425662:
- MyWeb SQL injection vulnerability
- 2006/05/17 JVN#03D5EAA8:
- Sun Java System Web Server cross-site scripting vulnerability
- 2006/05/09 JVN#84775942:
- Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
- 2006/04/27 JVN#7F8621DE:
- DonutP and UnDonut confirmation dialog display vulnerability
- 2006/04/26 JVN#72225922:
- Apache Struts Validator allows to bypass input data validation
- 2006/04/21 JVN#74294680:
- Winny buffer overflow vulnerability
- 2006/04/21 JVN#83263796:
- SquirrelMail cross-site scripting vulnerability
- 2006/04/19 JVN#84091359:
- Trac cross-site scripting vulnerability
- 2006/04/17 JVN#35274905:
- FreeStyleWiki cross-site scripting vulnerability
- 2006/04/13 JVN#68630618:
- QUICK CART cross-site scripting vulnerability
- 2006/04/13 JVN#10222000:
- QUICK CART OS command injection vulnerability
- 2006/04/10 JVN#78363061:
- CAFEMILK Shopping Cart CGI cross-site scripting vulnerability
- 2006/03/01 JVN#27365476:
- Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
- 2006/02/28 JVN#65542239:
- Hyper NIKKI System allows unauthorized email submission
- 2006/02/03 JVN#41550845:
- Nagasaki Electronic Prefectural Office System SQL injection vulnerability
- 2006/02/01 JVN#77886599:
- Hatena Toolbar sends URL information unecnrypted
- 2006/01/31 JVN#89344424:
- Multiple email clients vulnerable in handling an attachement inapropriately
- 2006/01/17 JVN#73133641:
- Eudora Japanese version stops working after the application crashes
- 2006/01/12 JVN#836B21C0:
- Nagasaki Electronic Prefectural Office System vulnerable to bypass authentication
- 2006/01/12 JVN#6CA72ADB:
- Nagasaki Electronic Prefectural Office System authentication information vulnerability
2005
- 2005/12/27 JVN#93004125:
- BBSNote cross-site scripting vulnerability
- 2005/12/20 JVN#87830692:
- WebNote Clip vulnerable to OS command injection
- 2005/12/15 JVN#06045169:
- mod_imap cross-site scripting vulnerability
- 2005/12/14 JVN#28011334:
- Opera bookmark function vulnerability
- 2005/12/13 JVN#15972537:
- Fujitsu Java Runtime Environment reflection API vulnerability
- 2005/12/09 JVN#15243167:
- Problem with referer header handling on mobile phone web browsers
- 2005/12/05 JVN#76357668:
- MitakeSearch cross-site scripting vulnerability
- 2005/12/05 JVN#67001206:
- Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
- 2005/11/16 JVN#30451602:
- HTTPD-User-Manage cross-site scripting vulnerability
- 2005/11/11 JVN#25106961:
- Kent Web PostMail vulnerable to third party mail relay
- 2005/10/28 JVN#18282718:
- Hyper Estraier directory traversal/denial of service vulnerability
- 2005/10/24 JVN#77105349:
- XOOPS cross-site scripting vulnerability
- 2005/10/21 JVN#59130192:
- eBASEweb SQL injection vulnerability
- 2005/10/11 JVN#23632449:
- OpenSSL version rollback vulnerability
- 2005/09/30 JVN#76659792:
- WirelessIP5000 has multiple vulnerabilities
- 2005/09/30 JVN#79314822:
- Tomcat vulnerable in request processing
- 2005/09/29 JVN#31226748:
- Vulnerability in multiple web browsers allowing request spoofing attacks
- 2005/09/22 JVN#79925E6F:
- Cross-site scripting vulnerability in the Unicode version of msearch
- 2005/09/21 JVN#62914675:
- Ruby vulnerability allowing to bypass safe level 4 as a sandbox
- 2005/09/20 JVN#40940493:
- Webmin and Usermin authentication bypass vulnerability
- 2005/09/01 JVN#97422426:
- Hyper NIKKI System cross-site request forgery vulnerability
- 2005/08/29 JVN#42435855:
- FreeStyleWiki command injection vulnerability
- 2005/08/25 JVN#23727054:
- Pochy denial-of-service (DoS) vulnerability
- 2005/08/24 JVN#8778A308:
- Common Management Agent 3.x vulnerable to information leakage
- 2005/08/04 JVN#38138980:
- Hiki cross-site scripting vulnerability
- 2005/07/28 JVN#29273468:
- QRcode Perl CGI & PHP script vulnerable to denial of service attack
- 2005/07/20 JVN#60776919:
- tDiary cross-site request forgery vulnerability
- 2005/07/13 JVN#93926203:
- Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
- 2005/07/12 JVN#257C6F28:
- Vulnerability involving security zone handling in applications using Internet Explorer components
- 2005/06/10 JVN#7B700088:
- SFS cross-site scripting vulnerability
- 2005/06/06 JVN#0DC004F6:
- desknet's cross-site scripting vulnerability
- 2005/05/26 JVN#FCAD9BD8:
- Inappropriate interpretation of mailto URL scheme by mail client software
- 2005/05/19 JVN#465742E4:
- Wiki clone cross-site scripting vulnerability
- 2005/05/12 JVN#8EDB8A96:
- Virus Security heap overflow vulnerability
- 2005/05/12 JVN#A45697B1:
- Virus Security memory leak vulnerability
- 2005/05/12 JVN#74012178:
- Movable Type session management vulnerability
- 2005/04/25 JVN#AF02FB4B:
- nProtect Netizen has multiple vulnerabilities
- 2005/04/22 JVN#A7DA6818:
- WebUD arbitrary program execution vulnerability
- 2005/04/19 JVN#97757029:
- w3ml cross-site scripting vulnerability
- 2005/04/15 JVN#55023557:
- Buffalo router configuration management interface vulnerable to remote access and password leakage
- 2005/04/14 JVN#9ADCBB12:
- Website connection problem when a mobile phone terminal uses specific QR code
- 2005/04/11 JVN#55F159B6:
- ppBlog cross-site scripting vulnerability
- 2005/03/29 JVN#C45D8EAD:
- Norton AntiVirus causes abnormal OS termination when scanning illegal files
- 2005/03/29 JVN#23D7E89F:
- Norton AntiVirus causes abnormal OS termination when a user edits a shared network file
- 2005/03/18 JVN#1F649902:
- McAfee VirusScan Engine buffer overflow vulnerability
- 2005/03/14 JVN#DD18AD07:
- Apache Tomcat denial of service vulnerability
- 2005/03/08 JVN#8BAAAB4E:
- msearch directory traversal vulnerability
- 2005/02/07 JVN#8F8B1C85:
- Cybozu Office browser script execution vulnerability
- 2005/01/11 JVN#1BF8D7AA:
- LDAP server update function vulnerable to buffer overflow
2004
- 2004/12/21 JVN#B4BE09A4:
- Shuriken Pro3 S/MIME signature verification does not verify the certificate authenticity
- 2004/12/15 JVN#904429FE:
- Namazu cross-site scripting vulnerability
- 2004/11/19 JVN#B410A83F:
- Shuriken Pro3 S/MIME signature verification does not verify the From address
- 2004/11/17 JVN#7C9208F1:
- Becky! Internet Mail vulnerability in S/MIME signature verification
- 2004/10/28 JVN#E59B594B:
- Tsuru-Kame Mail vulnerable in S/MIME signature verification
- 2004/10/20 JVN#61857DA9:
- DNS cache servers resource consumption by TCP SYN_SENT states
- 2004/10/15 JVN#E7DDE712:
- Toshiba HDD & DVD video recorders can be accessed without authentication
- 2004/09/30 JVN#67B82FA3:
- SSL-VPN products vulnerable to cookie theft
- 2004/09/24 JVN#F88C2C13:
- desknet's buffer overflow vulnerability
- 2004/09/03 JVN#FF73142E:
- Virus Buster Corporate Edition vulnerability