Vulnerability Reports

past 12 months20142013201220112010200920082007200620052004

2015

2015/07/29 JVN#17522792:
yoyaku_v41 vulnerable to OS command injection
2015/07/29 JVN#52248864:
yoyaku_v41 vulnerable to authentication bypass
2015/07/29 JVN#46674982:
yoyaku_v41 vulnerable to arbitrary file creation
2015/07/28 JVN#86680970:
Gazou BBS plus vulnerability in file upload processing
2015/07/24 JVN#97971874:
Welcart vulnerable to cross-site scripting
2015/07/24 JVN#92828286:
Welcart vulnerable to SQL injection
2015/07/24 JVN#10559378:
Research Artisan Lite does not properly perform authentication
2015/07/24 JVN#58020495:
Research Artisan Lite vulnerable to cross-site scripting
2015/07/17 JVN#73568461:
PHP for Windows vulnerable to OS command injection
2015/07/15 JVN#19011483:
Thetis vulnerable to SQL injection
2015/07/15 JVN#64051989:
acmailer vulnerable to directory traversal
2015/07/10 JVN#22546110:
LINE@ vulnerable to script injection
2015/07/10 JVN#61935381:
Simple Oekaki BBS vulnerability where arbitary files may be deleted
2015/07/10 JVN#67540183:
Simple Oekaki BBS vulnerable to cross-site scripting
2015/07/09 JVN#55076671:
Cacti vulnerable to cross-site request forgery
2015/07/09 JVN#09758120:
Cacti vulnerable to cross-site scripting
2015/07/09 JVN#78187936:
Cacti vulnerable to cross-site scripting
2015/06/30 JVN#22677713:
OpenEMR vulnerable to authentication bypass
2015/06/30 JVN#77386811:
Explorer+ File Manager vulnerable to directory traversal
2015/06/25 JVN#25336719:
namshi/jose fails to verify token signatures
2015/06/25 JVN#96312698:
osCommerce Japanese version vulnerable to directory traversal
2015/06/23 JVN#19578958:
Symfony vulnerable to code injection
2015/06/18 JVN#83881261:
Ruby on Rails library Paperclip vulnerable to cross-site scripting
2015/06/12 JVN#18146081:
LoadLibrary function in Microsoft Windows fails to validate input properly
2015/06/12 JVN#19732015:
MilkyStep fails to restrict access permissions
2015/06/12 JVN#24336273:
BloBee vulnerable to arbitrary file creation
2015/06/09 JVN#74280258:
MilkyStep fails to restrict access permissions
2015/06/09 JVN#20879350:
MilkyStep vulnerable to cross-site scripting
2015/06/09 JVN#52478686:
MilkyStep vulnerable to SQL injection
2015/06/09 JVN#05559185:
MilkyStep vulnerable to OS command injection
2015/06/09 JVN#12241436:
MilkyStep vulnerable to cross-site request forgery
2015/06/09 JVN#16409640:
MilkyStep fails to restrict access permissions
2015/06/05 JVN#50447904:
Multiple Buffalo wireless LAN routers vulnerable to OS command injection
2015/06/05 JVN#79284156:
NetFlow Analyzer vulnerable to cross-site request forgery
2015/06/05 JVN#25598413:
NetFlow Analyzer fails to restrict access permissions
2015/06/05 JVN#98447310:
NetFlow Analyzer vulnerable to cross-site scripting
2015/06/03 JVN#06120222:
F21 JWT fails to verify token signatures
2015/06/03 JVN#95246510:
"Open Explorer Beta" App for Android vulnerable to directory traversal
2015/05/28 JVN#51176150:
ZenPhoto20 vulnerable to cross-site scripting
2015/05/28 JVN#68452022:
Zenphoto vulnerable to cross-site scripting
2015/05/27 JVN#61328139:
Apache Sling API and Servlets Post components vulnerable to cross-site scripting
2015/05/22 JVN#93976566:
SXF Common Library vulnerable to buffer overflow
2015/05/20 JVN#64459670:
mt-phpincgi vulnerable to PHP object injection
2015/05/19 JVN#78689801:
BGA32.DLL and QBga32.DLL contain multiple vulnerabilities
2015/05/15 JVN#75851252:
"Honda Moto LINC" App for Android fails to verify SSL server certificates
2015/05/14 JVN#18957556:
Cacti vulnerable to SQL injection
2015/05/12 JVN#20133698:
MailDealer vulnerable to cross-site scripting
2015/05/01 JVN#96439865:
EasyCTF vulnerable to session management
2015/05/01 JVN#07538357:
EasyCTF vulnerable to cross-site scripting
2015/05/01 JVN#67520407:
EasyCTF vulnerable to arbitrary file creation
2015/04/23 JVN#41653647:
TransmitMail vulnerable to directory traversal
2015/04/23 JVN#26860747:
TransmitMail vulnerable to cross-site scripting
2015/04/14 JVN#56297719:
JBoss RichFaces vulnerable to remote Java code execution
2015/04/10 JVN#91383083:
Seasar S2Struts vulnerable to input validation bypass
2015/04/09 JVN#12329472:
Lhaplus vulnerable to remote code execution
2015/04/09 JVN#02527990:
Lhaplus vulnerable to directory traversal
2015/04/07 JVN#71903938:
bBlog vulnerable to cross-site request forgery
2015/04/03 JVN#68819526:
"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates
2015/04/02 JVN#58784309:
Maruo Editor vulnerable to buffer overflow
2015/03/31 JVN#75615300:
All in One SEO Pack information management vulnerability
2015/03/27 JVN#81094176:
Android OS may behave as an open resolver
2015/03/26 JVN#97281747:
WordPress theme flashy vulnerable to cross-site scripting
2015/03/26 JVN#74547976:
Fumy Teacher's Schedule Board vulnerable to cross-site scripting
2015/03/24 JVN#86448949:
The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass
2015/03/20 JVN#41281927:
LINE vulnerable to script injection
2015/03/20 JVN#39175666:
MP Form Mail CGI eCommerce edition vulnerable to code injection
2015/03/17 JVN#97099798:
eXtplorer vulnerable to cross-site scripting
2015/03/06 JVN#87204433:
All In One WP Security & Firewall vulnerable to cross-site request forgery
2015/03/06 JVN#30832515:
All In One WP Security & Firewall vulnerable to SQL injection
2015/03/04 JVN#91016415:
Maroyaka Relay Novel vulnerable to cross-site scripting
2015/03/04 JVN#09871547:
Maroyaka Image Album vulnerable to cross-site scripting
2015/03/04 JVN#63687798:
Maroyaka Simple Board vulnerable to cross-site scripting
2015/03/03 JVN#55063777:
Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass
2015/03/03 JVN#93727681:
BestWebSoft Captcha plugin vulnerable to CAPTCHA authentication bypass
2015/02/27 JVN#63949115:
SEIL Series routers vulnerable to denial-of-service (DoS)
2015/02/27 JVN#77718330:
Vulnerability in the jBCrypt key stretching process
2015/02/27 JVN#88862608:
Joyful Note vulnerability in handling files
2015/02/27 JVN#62298871:
KENT-WEB Clip Board vulnerability where arbitary files may be deleted
2015/02/27 JVN#34790526:
checkpw vulnerable to denial-of-service (DoS)
2015/02/25 JVN#30135729:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
2015/02/25 JVN#44544694:
Zen Cart Japanese version vulnerable to cross-site scripting
2015/02/24 JVN#42768331:
Speed Software Root Explorer and Explorer vulnerable to directory traversal
2015/02/20 JVN#93318392:
AL-Mail32 vulnerable to buffer overflow
2015/02/20 JVN#55365709:
AL-Mail32 vulnerable to denial-of-service (DoS)
2015/02/20 JVN#77294617:
AL-Mail32 vulnerable to directory traversal
2015/02/20 JVN#64455813:
Squid input validation vulnerability
2015/02/17 JVN#73261710:
C-BOARD Moyuku vulnerable to arbitrary file creation
2015/02/17 JVN#18387086:
Saurus CMS Community Edition vulnerable to cross-site scripting
2015/02/13 JVN#48659722:
Smartphone Passbook for Android information management vulnerability
2015/02/13 JVN#14522790:
Smartphone Passbook fails to verify SSL server certificates
2015/02/10 JVN#96155055:
PerlTreeBBS vulnerable to cross-site scripting
2015/02/05 JVN#17480391:
shiromuku(u1)GUESTBOOK vulnerable to cross-site scripting
2015/01/30 JVN#13566542:
Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
2015/01/30 JVN#33735535:
Fumy News Clipper vulnerable to cross-site scripting
2015/01/29 JVN#88252465:
Arbitrary files may be overwritten in multiple VMware products
2015/01/27 JVN#32631078:
Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery
2015/01/27 JVN#77792759:
Multiple ASUS wireless LAN routers vulnerable to OS command injection
2015/01/26 JVN#27142693:
NP-BBRM vulnerable in UPnP functionality
2015/01/23 JVN#94502417:
shiromuku(bu2)BBS vulnerable to arbitrary file creation
2015/01/19 JVN#88559134:
SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal

2014

2014/12/18 JVN#76515134:
WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
2014/12/18 JVN#09289074:
WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
2014/12/18 JVN#97384696:
TSUTAYA App for Android vulnerable to arbitrary Java method execution
2014/12/18 JVN#22440986:
Multiple Allied Telesis products vulnerable to buffer overflow
2014/12/12 JVN#61181790:
LinPHA vulnerable to cross-site scripting
2014/12/10 JVN#13160869:
Chyrp vulnerable to cross-site scripting
2014/12/09 JVN#87910097:
i-HTTPD vulnerable to cross-site scripting
2014/12/09 JVN#98097877:
"Omake BBS" of i-HTTPD vulnerable to cross-site scripting
2014/12/09 JVN#89613370:
i-HTTPD vulnerable to cross-site scripting
2014/12/09 JVN#16406395:
"File Upload BBS" of i-HTTPD vulnerable to remote command execution
2014/12/04 JVN#24909891:
Kaku-San-Sei Million Arthur for Android information management vulnerability
2014/12/04 JVN#12798709:
KENT-WEB Clip Board vulnerable to cross-site scripting
2014/12/03 JVN#70490316:
DBD::PgPP vulnerable to SQL injection
2014/12/02 JVN#71762315:
LG Electronics mobile access routers lack access restrictions
2014/12/02 JVN#61593104:
ARROWS Me F-11D vulnerability where arbitrary areas may be accessed
2014/12/02 JVN#06302787:
OS command injection vulnerability in multiple FUJITSU Android devices
2014/12/02 JVN#67792023:
Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors
2014/12/01 JVN#04895240:
SEIL Series routers vulnerable to denial-of-service (DoS)
2014/12/01 JVN#21907573:
SEIL Series routers vulnerable to denial-of-service (DoS)
2014/11/28 JVN#54775800:
FAST/TOOLS vulnerable to improper restriction of XML external entity references
2014/11/21 JVN#07930208:
BSD Operating Systems vulnerable to denial-of-service (DoS)
2014/11/14 JVN#89852154:
iLogScanner vulnerable to cross-site scripting
2014/11/14 JVN#52422792:
Direct Web Remoting (DWR) vulnerable to cross-site scripting
2014/11/14 JVN#91502163:
Direct Web Remoting (DWR) vulnerable to XML external entity injection
2014/11/13 JVN#16318793:[Critical]
Ichitaro series vulnerable to arbitrary code execution
2014/11/11 JVN#14691234:
Multiple Cybozu products vulnerable to buffer overflow
2014/11/10 JVN#65559247:
OpenAM vulnerable to denial-of-service (DoS)
2014/10/28 JVN#55667175:
QNAP QTS vulnerable to OS command injection
2014/10/23 JVN#27388160:
SumaHo for Android fails to verify SSL/TLS server certificates
2014/10/16 JVN#23809730:
GIGAPOD vulnerable to denial-of-service (DoS)
2014/10/16 JVN#66285408:
Aflax vulnerable to cross-site scripting
2014/10/16 JVN#87373393:
BirdBlog vulnerable to cross-site scripting
2014/10/10 JVN#58417930:
Huawei E5332 vulnerable to denial-of-service (DoS)
2014/10/10 JVN#63587560:
Huawei E5332 vulnerable to denial-of-service (DoS)
2014/09/25 JVN#48270605:
Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
2014/09/25 JVN#80531230:
jigbrowser+ for iOS same origin policy bypass
2014/09/25 JVN#16485017:
SLFileManager for Android vulnerable to directory traversal
2014/09/25 JVN#87863382:
N-Media file uploader vulnerability in handling uploaded files
2014/09/25 JVN#45442753:
Safari issue in handling application cache
2014/09/22 JVN#04560253:
Yuko Yuko App for Android fails to verify SSL server certificates
2014/09/19 JVN#61637002:
Dotclear vulnerable to cross-site scripting
2014/09/19 JVN#08994136:
Bump for Android vulnerable in handling of implicit intents
2014/09/17 JVN#36205251:
365 Links series vulnerable to cross-site scripting
2014/09/12 JVN#84376800:
Help Page in multiple Adobe products vulnerable to cross-site scripting
2014/09/09 JVN#73357573:
Movable Type vulnerable to cross-site scripting
2014/09/04 JVN#49672671:
WisePoint vulnerable to session fixation
2014/09/04 JVN#50367052:
EmFTP may insecurely load executable files
2014/08/29 JVN#17637243:
Kindle App for Android fails to verify SSL server certificates
2014/08/26 JVN#94409737:
MailPoet Newsletters vulnerable to cross-site request forgery
2014/08/19 JVN#20812625:
Advance-Flow vulnerable to SQL injection
2014/08/18 JVN#27531188:
Cakifo vulnerable to cross-site scripting
2014/08/15 JVN#04455183:
Shutter vulnerable to cross-site scripting
2014/08/15 JVN#48039501:
Shutter vulnerable to SQL injection
2014/08/14 JVN#27702217:
Ameba for Android contains an issue where it fails to verify SSL server certificates
2014/08/12 JVN#07957080:
Dominion KX2-101 vulnerable to denial-of-service (DoS)
2014/08/08 JVN#87962145:
Piwigo vulnerable to SQL injection
2014/08/08 JVN#09717399:
Piwigo vulnerable to cross-site scripting
2014/08/08 JVN#80310172:
Piwigo vulnerable to cross-site scripting
2014/08/06 JVN#32726697:
GOM Player vulnerable to denial-of-service (DoS)
2014/08/01 JVN#22534185:
ServerView Operations Manager vulnerable to cross-site scripting
2014/07/30 JVN#72950786:
Outlook.com for Android contains an issue where it fails to verify SSL server certificates