Vulnerability Reports JP

past 12 months20202019201820172016201520142013201220112010200920082007

2021

2021/10/20 JVN#41119755:
Movable Type XMLRPC API vulnerable to OS command injection
2021/10/18 JVN#85073657:
128 Technology Session Smart Router vulnerable to authentication bypass
2021/10/08 JVN#51106450:
Apache HTTP Server vulnerable to directory traversal
2021/10/08 JVN#89126639:
Nike App fails to restrict custom URL schemes properly
2021/09/30 JVN#52694228:
Multiple vulnerabilities in Cybozu Remote Service
2021/09/28 JVN#29428319:
WordPress Plugin "OG Tags" vulnerable to cross-site request forgery
2021/09/28 JVN#63023305:
InBody App vulnerable to information disclosure
2021/09/28 JVN#10168753:
SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification
2021/09/17 JVN#42866574:
Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
2021/09/16 JVN#23406150:
EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
2021/09/13 JVN#46313661:
EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting
2021/09/10 JVN#81658818:
Multiple vulnerabilities in RevoWorks Browser
2021/08/27 JVN#14134801:
baserCMS vulnerable to cross-site scripting
2021/08/25 JVN#97545738:
Multiple cross-site scripting vulnerabilities in Movable Type
2021/08/24 JVN#80288258:
The installers of multiple Sony products may insecurely load Dynamic Link Libraries
2021/08/17 JVN#41646618:
Huawei EchoLife HG8045Q vulnerable to OS command injection
2021/08/12 JVN#50804280:
Plone vulnerable to open redirect
2021/08/10 JVN#65388002:
WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
2021/08/02 JVN#54794245:
Multiple vulnerabilities in Cybozu Garoon
2021/07/21 JVN#53278122:
Minecraft Java Edition vulnerable to directory traversal
2021/07/19 JVN#86026700:
Multiple vulnerabilities in GroupSession
2021/07/14 JVN#34364599:
Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery
2021/07/13 JVN#26891339:
Multiple vulnerabilities in Retty App
2021/07/09 JVN#68971465:
voidtools "Everything" vulnerable to HTTP header injection
2021/07/08 JVN#89054582:
WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery
2021/07/08 JVN#48413554:
WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery
2021/07/07 JVN#25850723:
GU App for Android fails to restrict access permissions
2021/07/06 JVN#42880365:
WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery
2021/07/06 JVN#91372527:
WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery
2021/07/05 JVN#21636825:
A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass
2021/07/01 JVN#57942445:
EC-CUBE fails to restrict access permissions
2021/06/30 JVN#15185184:
IkaIka RSS Reader vulnerable to cross-site scripting
2021/06/30 JVN#65660590:
boastMachine vulnerable to cross-site scripting
2021/06/23 JVN#95292458:
Multiple cross-site scripting vulnerabilities in EC-CUBE
2021/06/23 JVN#63066062:
WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
2021/06/22 JVN#93799513:
WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting
2021/06/22 JVN#29949691:
Inkdrop vulnerable to OS command injection
2021/06/18 JVN#21298724:
Hitachi Virtual File Platform vulnerable to OS command injection
2021/06/17 JVN#03776901:
Hitachi Application Server Help vulnerable cross-site scripting
2021/06/15 JVN#57524494:
Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE
2021/06/15 JVN#79254445:[Critical]
Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting
2021/06/14 JVN#95457785:
Multiple vulnerabilities in GROWI
2021/06/14 JVN#38034268:
あすけん App for Android fails to restrict custom URL schemes properly
2021/06/11 JVN#70566757:
WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
2021/06/03 JVN#64064138:
ATOM - Smart life App vulnerable to improper server certificate verification
2021/06/02 JVN#91691168:
goo blog App fails to restrict custom URL schemes properly
2021/05/26 JVN#98239374:
Zettlr vulnerable to cross-site scripting
2021/05/21 JVN#53910556:
Multiple cross-site scripting vulnerabilities in multiple PHP Factory products
2021/05/21 JVN#78254777:
Installer of Overwolf may insecurely load Dynamic Link Libraries
2021/05/21 JVN#74686032:
QND vulnerable to privilege escalation
2021/05/21 JVN#65733194:
The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries
2021/05/14 JVN#49704918:
mod_auth_openidc vulnerable to denial-of-service (DoS)
2021/05/14 JVN#71263107:
Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points
2021/05/13 JVN#34232719:
Multiple vulnerabilities in KonaWiki2
2021/05/13 JVN#13076220:
RFNTPS vulnerable to OS command injection
2021/05/10 JVN#97554111:[Critical]
EC-CUBE vulnerable to cross-site scripting
2021/04/27 JVN#35240327:
WordPress plugin "WP Fastest Cache" vulnerable to directory traversal
2021/04/27 JVN#97434260:
Hot Pepper Gourmet App fails to restrict access permissions
2021/04/22 JVN#55833077:[Unreachable]
yappa-ng vulnerable to cross-site scripting
2021/04/14 JVN#54025691:
Gurunavi Apps fail to restrict access permissions
2021/04/09 JVN#29739718:
Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
2021/04/09 JVN#67456944:
Multiple vulnerabilities in multiple Aterm products
2021/04/01 JVN#73236007:
Archive collectively operation utility vulnerable to directory traversal
2021/03/26 JVN#64869876:
Multiple vulnerabilities in baserCMS
2021/03/25 JVN#68244135:[Unreachable]
rNote vulnerable to cross-site scripting
2021/03/25 JVN#94705238:[Unreachable]
Yomi-Search vulnerable to cross-site scripting
2021/03/25 JVN#83042295:[Unreachable]
Yomi-Search vulnerable to cross-site scripting
2021/03/25 JVN#37179202:[Unreachable]
Yomi-Search vulnerable to cross-site scripting
2021/03/25 JVN#93207949:[Unreachable]
Click Ranker vulnerable to cross-site scripting
2021/03/25 JVN#11438679:[Unreachable]
Kagemai vulnerable to cross-site request forgery
2021/03/25 JVN#42220311:[Unreachable]
Kagemai vulnerable to cross-site scripting
2021/03/25 JVN#12559271:[Unreachable]
Kagemai vulnerable to cross-site scripting
2021/03/25 JVN#97370614:[Unreachable]
MagazinegerZ vulnerable to cross-site scripting
2021/03/22 JVN#12737530:
UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
2021/03/19 JVN#37607293:
Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
2021/03/17 JVN#08191557:
WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection
2021/03/15 JVN#45797538:
Multiple vulnerabilities in Cybozu Office
2021/03/12 JVN#47497535:
M-System DL8 contains multiple vulnerabilities
2021/03/11 JVN#18056666:
Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
2021/03/10 JVN#86438134:
Multiple cross-site scripting vulnerabilities in GROWI
2021/03/05 JVN#68418039:
The installers of E START products may insecurely load Dynamic Link Libraries
2021/02/24 JVN#66542874:
Multiple cross-site scripting vulnerabilities in Movable Type
2021/02/19 JVN#37417423:
Multiple vulnerabilities in SolarView Compact
2021/02/16 JVN#58774946:[Critical]
FileZen vulnerable to OS command injection
2021/02/15 JVN#87164507:
Calsos CSDJ fails to restrict access permissions
2021/02/10 JVN#80785288:
Wekan vulnerable to cross-site scripting
2021/02/05 JVN#50470170:
WordPress Plugin "Name Directory" vulnerable to cross-site request forgery
2021/02/04 JVN#42252698:
Panasonic Video Insight VMS vulnerable to arbitrary code execution
2021/01/27 JVN#41853173:
OS command injection vulnerability in multiple Infoscience Corporation log management tools
2021/01/26 JVN#96783542:
Multiple vulnerabilities in multiple LOGITEC products
2021/01/26 JVN#98115035:
Android App "ELECOM File Manager" vulnerable to directory traversal
2021/01/26 JVN#47580234:
Multiple vulnerabilities in multiple ELECOM products
2021/01/22 JVN#38248512:
Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2
2021/01/19 JVN#57544707:
GROWI vulnerable to cross-site scripting
2021/01/14 JVN#35906450:
Multiple vulnerabilities in acmailer
2021/01/12 JVN#69635538:
The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries
2021/01/04 JVN#38752718:
Multiple NEC Products vulnerable to authentication bypass
2021/01/04 JVN#38784555:
Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

2020

2020/12/18 JVN#10100024:
Management software for NEC Storage disk array system vulnerable to improper server certificate verification
2020/12/18 JVN#94244575:
Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
2020/12/15 JVN#94169589:
Multiple vulnerabilities in GROWI
2020/12/11 JVN#55917325:
Multiple vulnerabilities in Aterm SA3500G
2020/12/11 JVN#43969166:
Apache Struts 2 vulnerable to remote code execution (S2-061)
2020/12/10 JVN#12884935:
FileZen vulnerable to directory traversal
2020/12/07 JVN#59779918:
Apache Cordova Plugin camera vulnerable to information exposure
2020/12/03 JVN#24457594:
Multiple vulnerabilities in EC-CUBE
2020/12/03 JVN#42199826:
desknet's NEO vulnerable to cross-site scripting
2020/11/25 JVN#56450373:
Multiple vulnerabilities in GROWI
2020/11/24 JVN#27806339:
NETGEAR GS108Ev3 vulnerable to cross-site request forgery
2020/11/20 JVN#26835001:
The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
2020/11/19 JVN#90729322:
Hibernate ORM vulnerable to SQL injection
2020/11/18 JVN#94245475:
Movable Type Premium vulnerable to cross-site scripting
2020/11/12 JVN#44764844:
MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption
2020/11/05 JVN#00414047:
Studyplus App uses a hard-coded API key for an external service
2020/11/04 JVN#57942454:
Cybozu Garoon vulnerable to improper input validation
2020/10/21 JVN#31425618:
Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"