Vulnerability Reports

past 12 months201520142013201220112010200920082007200620052004

2016

2016/05/24 JVN#43529183:
Jetstar App for iOS fails to verify SSL server certificates
2016/05/24 JVN#85112513:
php-contact-form vulnerable to cross-site scripting
2016/05/24 JVN#56167268:
HumHub vulnerable to cross-site scripting
2016/05/20 JVN#42545812:
MP Form Mail CGI Professional Edition vulnerable to directory traversal
2016/05/19 JVNVU#97339542:
SaAT Netizen fails to properly verify downloaded installation and update files
2016/05/19 JVN#43076390:
Web Mailing List vulnerable to cross-site scripting
2016/05/18 JVN#11877654:
百五銀行 (105 BANK) App fails to verify SSL server certificates
2016/05/16 JVNVU#90405898:
ManageEngine Password Manager Pro fails to restrict access permissions
2016/05/16 JVNVU#92116866:[Critical]
Keitai Kit for Movable Type vulnerable to OS command injection
2016/05/16 JVN#11994518:
Cybozu KUNAI App fails to verify SSL server certificates
2016/05/16 JVN#03975805:
a-blog cms vulnerable to session management
2016/05/16 JVN#73166466:
a-blog cms vulnerable to cross-site scripting
2016/05/13 JVN#44657371:
WordPress plugin "Ninja Forms" vulnerable to PHP object injection
2016/05/13 JVN#91638315:
FileMaker server issue where PHP source code may be viewable
2016/05/12 JVN#22978346:
WN-G300R Series vulnerable to cross-site scripting
2016/05/12 JVN#25674893:
WN-GDN/R3 Series does not limit authentication attempts
2016/05/11 JVN#41772178:
Apache Cordova vulnerable to arbitrary plugin execution
2016/05/11 JVN#35341085:
Apache Cordova fails to restrict access permissions
2016/04/26 JVN#73776243:
EC-CUBE vulnerable to cross-site request forgery
2016/04/26 JVN#63384827:
Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting
2016/04/26 JVN#11458774:
EC-CUBE fails to restrict access permissions
2016/04/26 JVN#47473944:
EC-CUBE fails to restrict access permissions
2016/04/25 JVN#91816422:
kintone mobile for Android fails to verify SSL server certificates
2016/04/25 JVN#89026267:
kintone mobile for Android information management vulnerability
2016/04/22 JVN#00324715:
Electron may insecurely load Node modules
2016/04/19 JVN#11815655:
Photopt App fails to verify SSL server certificates
2016/04/13 JVN#00272277:
Tokyo Star bank App fails to verify SSL server certificates
2016/04/08 JVN#78482127:
EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting
2016/04/06 JVN#55801246:
baserCMS plugin "Casebook Plugin" multiple vulnerabilities
2016/04/06 JVN#26627848:
baserCMS plugin "Menubook Plugin" multiple vulnerabilities
2016/04/06 JVN#13288761:
baserCMS plugin "Recruit Plugin" multiple vulnerabilities
2016/04/04 JVN#28480773:
WisePoint contains issue in preventing clickjacking attacks
2016/04/04 JVN#47164236:
AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
2016/04/04 JVN#41875357:
ActiveX control for EVA Animator vulnerable to buffer overflow
2016/03/30 JVN#82020528:
Aterm WG300HP vulnerable to cross-site request forgery
2016/03/30 JVN#07818796:
Aterm WF800HP vulnerable to cross-site request forgery
2016/03/24 JVN#86517621:
WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
2016/03/02 JVN#59349382:
Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
2016/02/22 JVN#93535632:
Log-Chat vulnerable to cross-site scripting
2016/02/19 JVN#46044093:
LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)
2016/02/19 JVN#31524757:
EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
2016/02/19 JVN#78383854:
Internet Explorer cross-domain policy bypass
2016/02/19 JVN#69854312:
baserCMS vulnerable to OS command injection
2016/02/15 JVN#69278491:
Cybozu Office vulnerable to cross-site scripting
2016/02/15 JVN#71428831:
Cybozu Office vulnerable to open redirect
2016/02/15 JVN#64209269:
Cybozu Office vulnerable to cross-site request forgery
2016/02/15 JVN#48720230:
Cybozu Office access restriction bypass vulnerability
2016/02/15 JVN#47296923:
Cybozu Office vulnerable to information disclosure
2016/02/15 JVN#28042424:
Cybozu Office vulnerable to information disclosure
2016/02/15 JVN#20246313:
Cybozu Office vulnerable to denial-of-service (DoS)
2016/02/12 JVN#77012922:
Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting
2016/02/12 JVN#22578691:
Akerun - Smart Lock Robot App for iOS fails to verify SSL server certificates
2016/01/29 JVN#26921563:
JOB-CUBE vulnerable to cross-site scripting
2016/01/29 JVN#12165579:
Vine MV vulnerable to cross-site scripting
2016/01/29 JVN#03050861:
EXPRESSCLUSTER X vulnerable to directory traversal
2016/01/27 JVN#54686544:
HOME SPOT CUBE multiple vulnerabilities
2016/01/22 JVN#49225722:
Multiple Buffalo network devices vulnerable to cross-site scripting
2016/01/22 JVN#09268287:
Multiple Buffalo network devices vulnerable to cross-site request forgery
2016/01/18 JVN#47951769:
Shoplat App for iOS issue in the verification of SSL certificates
2016/01/15 JVN#45928828:
H2O vulnerable to HTTP header injection
2016/01/15 JVN#50899877:
acmailer vulnerable to OS command injection
2016/01/05 JVN#49476817:
DX Library vulnerable to buffer overflow

2015

2015/12/25 JVN#51250073:
CG-WLNCM4G may behave as an open resolver
2015/12/25 JVN#50775659:
CG-WLBARAGM may behave as an open proxy
2015/12/25 JVN#51349622:
CG-WLBARGS does not properly perform authentication
2015/12/17 JVN#43344629:
Welcart vulnerable to SQL injection
2015/12/17 JVN#64636058:
WinRAR may insecurely load executable files
2015/12/17 JVN#22533124:
Adobe Flash Player issue where iframe contents may be overwritten
2015/12/11 JVN#71730320:
Zend Framework vulnerable to SQL injection
2015/12/09 JVN#89965717:
WL-330NUL vulnerable to cross-site scripting
2015/12/09 JVN#85359294:
WL-330NUL vulnerable to denial-of-service (DoS)
2015/12/09 JVN#34489380:
WL-330NUL vulnerable to remote command execution
2015/12/09 JVN#69462495:
WL-330NUL information management vulnerability
2015/12/07 JVN#70083512:
Web Analytics Service vulnerable to cross-site scripting
2015/12/07 JVN#44541100:
GANMA! App for iOS fails to verify SSL server certificates
2015/12/03 JVN#55545372:
EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection
2015/11/30 JVN#72891124:
p++BBS vulnerable to cross-site scripting
2015/11/30 JVN#35845584:
Frame high-speed chat vulnerable to cross-site scripting
2015/11/27 JVN#18889193:
Apache Cordova vulnerable to improper application of whitelist restrictions
2015/11/27 JVN#12991684:
ManageEngine Firewall Analyzer fails to restrict access permissions
2015/11/27 JVN#21968837:
ManageEngine Firewall Analyzer vulnerable to directory traversal
2015/11/20 JVN#51046809:
ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting
2015/11/20 JVN#20649799:
Void vulnerable to cross-site scripting
2015/11/17 JVN#34780384:
Kirby vulnerable to arbitrary file creation
2015/11/17 JVN#29141986:
Gurunavi App for iOS fails to verify SSL server certificates
2015/11/17 JVN#64625488:
applican vulnerable to script injection
2015/11/17 JVN#71088919:
applican vulnerable to script injection
2015/11/13 JVN#25323093:
pWebManager vulnerable to OS command injection
2015/11/13 JVN#56210048:
Apple OS X authentication issue when recovering from sleep mode
2015/11/06 JVN#90135579:
SonicWall TotalSecure TZ 100 Series vulnerable to denial-of-service (DoS)
2015/11/05 JVN#80144272:
Multiple TYPE-MOON games vulnerable to OS command injection
2015/11/02 JVN#04281281:
ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection
2015/10/30 JVN#53973084:
HTML::Scrubber vulnerable to cross-site scripting
2015/10/30 JVN#48135658:
Multiple routers contain issue in preventing clickjacking attacks
2015/10/29 JVN#68289108:
Enisys Gw fails to restrict access permissions
2015/10/29 JVN#13874649:
Enisys Gw vulnerable to cross-site scripting
2015/10/29 JVN#33179297:
Enisys Gw vulnerable to arbitrary file creation
2015/10/29 JVN#58615092:
Enisys Gw vulnerable to SQL injection
2015/10/28 JVN#25086409:
ANA App fails to verify SSL server certificates
2015/10/26 JVN#97278546:
EC-CUBE vulnerable to cross-site request forgery
2015/10/16 JVN#25576608:
Avast vulnerable to directory traversal
2015/10/16 JVN#37825153:
AirDroid for Android vulnerable in handling of implicit intents
2015/10/15 JVN#92520335:
eXtplorer vulnerable to cross-site request forgery
2015/10/14 JVN#48211537:
Party Track SDK for iOS fails to verify server certificates
2015/10/09 JVN#84982142:
Pref Shimane CMS vulnerable to SQL injection
2015/10/09 JVN#02671769:
phpRechnung vulnerable to SQL injection
2015/10/09 JVN#13456571:
Dojo Toolkit vulnerable to cross-site scripting
2015/10/07 JVN#38369032:
Cybozu Garoon vulnerable to LDAP injection
2015/10/07 JVN#21025396:
Multiple PHP code execution vulnerabilitles in Cybozu Garoon
2015/10/02 JVN#27548431:
gollum vulnerable to file exposure
2015/10/02 JVN#65668004:
Dotclear vulnerable to cross-site scripting
2015/10/01 JVN#49503705:
Python for Windows may insecurely load dynamic libraries
2015/10/01 JVN#07676450:
Canary Labs Trend Web Server vulnerable to buffer overflow
2015/10/01 JVN#27462572:
AjaXplorer vulnerable to directory traversal
2015/09/30 JVN#79633796:
baserCMS vulnerable to SQL injection
2015/09/30 JVN#04855224:
baserCMS fails to restrict access permissions
2015/09/30 JVN#85118545:
MATCHA SNS access restriction bypass vulnerability
2015/09/30 JVN#08535069:
MATCHA SNS vulnerable to code injection
2015/09/30 JVN#66984217:
MATCHA INVOICE vulnerable to code injection
2015/09/30 JVN#18232032:
MATCHA INVOICE vulnerable to SQL injection
2015/09/29 JVN#20355129:
niconico App for iOS fails to verify SSL server certificates
2015/09/29 JVN#21612597:
Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection
2015/09/17 JVN#65602714:
H2O vulnerable to directory traversal
2015/09/16 JVN#19948778:
Photon vulnerable to URL whitelist bypass
2015/09/16 JVN#67586379:
Reversi vulnerable to URL whitelist bypass
2015/09/16 JVN#24517322:
Koritore vulnerable to URL whitelist bypass
2015/09/16 JVN#83862346:
MEGAPHONE MUSIC vulnerable to URL whitelist bypass
2015/09/16 JVN#71815309:
Auction Camera vulnerable to URL whitelist bypass
2015/09/16 JVN#73346595:
applican vulnerable to URL whitelist bypass
2015/09/11 JVN#07427376:
PIXMA MG7500 Series vulnerable to cross-site request forgery
2015/09/11 JVN#41048401:
Japan Connected-free Wi-Fi vulnerable to script injection
2015/09/11 JVN#04644117:
Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass
2015/09/07 JVN#62078684:
ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow
2015/09/04 JVN#00015036:
OpenDocMan vulnerable to cross-site scripting
2015/09/04 JVN#95989300:
Apache Struts vulnerable to cross-site scripting
2015/09/04 JVN#88408929:
Apache Struts vulnerable to cross-site scripting
2015/09/03 JVN#13684924:[Unreachable]
BBS X102 vulnerable to cross-site scripting
2015/09/03 JVN#24692261:[Unreachable]
hitSuji (rktSNS2) vulnetable to cross-site scripting
2015/09/02 JVN#08494613:
NScripter vulnerable to buffer overflow
2015/09/01 JVN#81207766:
Rakuten card App for iOS fails to verify SSL server certificates
2015/09/01 JVN#09283606:
desknet's NEO vulnerable to directory traversal
2015/09/01 JVN#77193915:
Twit BBS vulnerable to cross-site scripting
2015/08/27 JVN#91474878:
File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted
2015/08/20 JVN#17611367:
Apache Tapestry deserializes untrusted data
2015/08/18 JVN#17964918:
Multiple I-O DATA LAN routers vulnerable in UPnP functionality
2015/08/12 JVN#78240242:
Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery
2015/08/12 JVN#69175956:
Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting
2015/08/12 JVN#20459920:
Microsoft Office discloses a file path of a local file
2015/08/07 JVN#29053368:
Yodobashi App for Android fails to verify SSL server certificates
2015/08/07 JVN#70465405:
Yodobashi App for Android vulnerable to arbitrary Java method execution
2015/07/29 JVN#17522792:
yoyaku_v41 vulnerable to OS command injection
2015/07/29 JVN#52248864:
yoyaku_v41 vulnerable to authentication bypass
2015/07/29 JVN#46674982:
yoyaku_v41 vulnerable to arbitrary file creation
2015/07/28 JVN#86680970:
Gazou BBS plus vulnerability in file upload processing
2015/07/24 JVN#97971874:
Welcart vulnerable to cross-site scripting
2015/07/24 JVN#92828286:
Welcart vulnerable to SQL injection
2015/07/24 JVN#10559378:
Research Artisan Lite does not properly perform authentication
2015/07/24 JVN#58020495:
Research Artisan Lite vulnerable to cross-site scripting
2015/07/17 JVN#73568461:
PHP for Windows vulnerable to OS command injection
2015/07/15 JVN#19011483:
Thetis vulnerable to SQL injection
2015/07/15 JVN#64051989:
acmailer vulnerable to directory traversal
2015/07/10 JVN#22546110:
LINE@ vulnerable to script injection
2015/07/10 JVN#61935381:
Simple Oekaki BBS vulnerability where arbitary files may be deleted
2015/07/10 JVN#67540183:
Simple Oekaki BBS vulnerable to cross-site scripting
2015/07/09 JVN#55076671:
Cacti vulnerable to cross-site request forgery
2015/07/09 JVN#09758120:
Cacti vulnerable to cross-site scripting
2015/07/09 JVN#78187936:
Cacti vulnerable to cross-site scripting
2015/06/30 JVN#22677713:
OpenEMR vulnerable to authentication bypass
2015/06/30 JVN#77386811:
Explorer+ File Manager vulnerable to directory traversal
2015/06/25 JVN#25336719:
namshi/jose fails to verify token signatures
2015/06/25 JVN#96312698:
osCommerce Japanese version vulnerable to directory traversal
2015/06/23 JVN#19578958:
Symfony vulnerable to code injection
2015/06/18 JVN#83881261:
Ruby on Rails library Paperclip vulnerable to cross-site scripting
2015/06/12 JVN#18146081:
LoadLibrary function in Microsoft Windows fails to validate input properly
2015/06/12 JVN#19732015:
MilkyStep fails to restrict access permissions
2015/06/12 JVN#24336273:
BloBee vulnerable to arbitrary file creation
2015/06/09 JVN#74280258:
MilkyStep fails to restrict access permissions
2015/06/09 JVN#20879350:
MilkyStep vulnerable to cross-site scripting
2015/06/09 JVN#52478686:
MilkyStep vulnerable to SQL injection
2015/06/09 JVN#05559185:
MilkyStep vulnerable to OS command injection
2015/06/09 JVN#12241436:
MilkyStep vulnerable to cross-site request forgery
2015/06/09 JVN#16409640:
MilkyStep fails to restrict access permissions
2015/06/05 JVN#50447904:
Multiple Buffalo wireless LAN routers vulnerable to OS command injection
2015/06/05 JVN#79284156:
NetFlow Analyzer vulnerable to cross-site request forgery
2015/06/05 JVN#25598413:
NetFlow Analyzer fails to restrict access permissions
2015/06/05 JVN#98447310:
NetFlow Analyzer vulnerable to cross-site scripting
2015/06/03 JVN#06120222:
F21 JWT fails to verify token signatures
2015/06/03 JVN#95246510:
"Open Explorer Beta" App for Android vulnerable to directory traversal
2015/05/28 JVN#51176150:
ZenPhoto20 vulnerable to cross-site scripting
2015/05/28 JVN#68452022:
Zenphoto vulnerable to cross-site scripting
2015/05/27 JVN#61328139:
Apache Sling API and Servlets Post components vulnerable to cross-site scripting