Research

List of Vulnerabilities

Publically disclosed vulnerabilities discovered by MBSD researchers
CVE
CVE-2016-7838
Description
Wireshark for Windows issue where an arbitrary file may be deleted
CVSS Score
3.6
Published
2016/12/26
JVN
JVN#90813656
CVE
CVE-2016-6810
Description
Apache ActiveMQ vulnerable to cross-site scripting
CVSS Score
4.8
Published
2016/12/13
JVN
JVN#78980598
CVE
CVE-2016-7821
Description
Multiple vulnerabilities in WNC01WH
CVSS Score
6.5
Published
2016/12/02
JVN
JVN#40613060
CVE
CVE-2016-7822
Description
Multiple vulnerabilities in WNC01WH
CVSS Score
7.1
Published
2016/12/02
JVN
JVN#40613060
CVE
CVE-2016-7823
Description
Multiple vulnerabilities in WNC01WH
CVSS Score
4.3
Published
2016/12/02
JVN
JVN#40613060
CVE
CVE-2016-7824
Description
Multiple vulnerabilities in WNC01WH
CVSS Score
6.8
Published
2016/12/02
JVN
JVN#40613060
CVE
CVE-2016-7825
Description
Multiple vulnerabilities in WNC01WH
CVSS Score
2.0
Published
2016/12/02
JVN
JVN#40613060
CVE
CVE-2016-7826
Description
Multiple vulnerabilities in WNC01WH
CVSS Score
6.1
Published
2016/12/02
JVN
JVN#40613060
CVE
CVE-2016-7819
Description
Multiple I-O DATA network camera products multiple vulnerabilities
CVSS Score
6.8
Published
2016/11/30
JVN
JVN#25059363
CVE
CVE-2016-7820
Description
Multiple I-O DATA network camera products multiple vulnerabilities
CVSS Score
6.8
Published
2016/11/30
JVN
JVN#25059363
CVE
CVE-2016-7813
Description
DERAEMON-CMS vulnerable to cross-site scripting
CVSS Score
4.7
Published
2016/11/15
JVN
JVN#75396659
CVE
CVE-2016-7221
Description
Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."
CVSS Score
-
Published
2016/11/11
JVN
-
CVE
CVE-2016-7809
Description
CG-WLR300NX vulnerable to cross-site request forgery
CVSS Score
7.1
Published
2016/11/11
JVN
JVN#23823838
CVE
CVE-2016-7810
Description
CG-WLR300NX vulnerable to cross-site scripting
CVSS Score
4.3
Published
2016/11/11
JVN
JVN#92237169
CVE
CVE-2016-7811
Description
CG-WLR300NX fails to restrict access permissions
CVSS Score
6.8
Published
2016/11/11
JVN
JVN#23549283
CVE
CVE-2016-7804
Description
Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
CVSS Score
7.8
Published
2016/10/26
JVN
JVN#76780067
CVE
CVE-2016-4900
Description
Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
CVSS Score
7.8
Published
2016/10/19
JVN
JVN#03251132
CVE
-
Description
Microsoft Windows based applications may insecurely load dynamic libraries
CVSS Score
-
Published
2016/10/13
JVN
JVNVU#707943
CVE
CVE-2016-4891
Description
SetucoCMS contains multiple vulnerabilities.
CVSS Score
5.4
Published
2016/10/07
JVN
JVN#80157683
CVE
CVE-2016-4892
Description
SetucoCMS contains multiple vulnerabilities.
CVSS Score
6.1
Published
2016/10/07
JVN
JVN#80157683
CVE
CVE-2016-4896
Description
SetucoCMS contains multiple vulnerabilities.
CVSS Score
4.2
Published
2016/10/07
JVN
JVN#80157683
CVE
CVE-2016-4877
Description
baserCMS and bundled multiple plugins (Blog, Mail, Feed, and Uploader) contain multiple vulnerabilities. A user in Administrative group may be tricked to insert an arbitrary script in an administration page. The stored script may be executed on the user's web browser when another user in Administrative group accesses the administration page.
CVSS Score
5.4
Published
2016/09/29
JVN
JVN#92765814
CVE
CVE-2016-4879
Description
baserCMS and bundled multiple plugins (Blog, Mail, Feed, and Uploader) contain multiple vulnerabilities. When any of those plugins "Blog", "Mail", or "Feed" is enabled and a logged-in user in Administrative group accesses a malicious URL, the user may be forced to conduct unintended operations on the baserCMS server.
CVSS Score
4.3
Published
2016/09/29
JVN
JVN#92765814
CVE
CVE-2016-4880
Description
baserCMS and bundled multiple plugins (Blog, Mail, Feed, and Uploader) contain multiple vulnerabilities. A user in Administrative group may be tricked to insert an arbitrary script in an administration page. The stored script may be executed on the user's web browser when another user in Administrative group accesses the administration page.
CVSS Score
5.4
Published
2016/09/29
JVN
JVN#92765814
CVE
CVE-2016-4881
Description
baserCMS and bundled multiple plugins (Blog, Mail, Feed, and Uploader) contain multiple vulnerabilities. When any of those plugins "Blog", "Mail", or "Feed" is enabled and a logged-in user in Administrative group accesses a malicious URL, the user may be forced to conduct unintended operations on the baserCMS server
CVSS Score
4.3
Published
2016/09/29
JVN
JVN#92765814
CVE
CVE-2016-4849
Description
Geeklog IVYWE edition contains a cross-site scripting vulnerability
CVSS Score
6.1
Published
2016/08/19
JVN
JVN#09836883
CVE
CVE-2016-4846
Description
Installer of PhishWall Client Internet Explorer version may insecurely load Dynamic Link Libraries
CVSS Score
7.8
Published
2016/08/17
JVN
JVN#45583702
CVE
CVE-2016-4834
Description
Vtiger CRM does not properly restrict access to application data
CVSS Score
5.4
Published
2016/07/20
JVN
JVN#01956993
CVE
CVE-2016-4831
Description
LINE for Windows may insecurely load Dynamic Link Libraries
CVSS Score
7.8
Published
2016/07/08
JVN
JVN#51565015
CVE
CVE-2016-4430
Description
Multiple vulnerabilities in Apache Struts 2:Cross-site request forgery
CVSS Score
3.1
Published
2016/06/20
JVN
JVN#45093481
CVE
CVE-2016-4431
Description
Multiple vulnerabilities in Apache Struts 2:Input validation bypass
CVSS Score
5.6
Published
2016/06/20
JVN
JVN#45093481
CVE
CVE-2016-4433
Description
Multiple vulnerabilities in Apache Struts 2:Validation bypass in Getter method
CVSS Score
5.6
Published
2016/06/20
JVN
JVN#45093481
CVE
CVE-2016-4815
Description
Multiple Buffalo wireless LAN routers vulnerable to directory traversal
CVSS Score
6.5
Published
2016/05/27
JVN
JVN#81698369
CVE
CVE-2016-4816
Description
Multiple Buffalo wireless LAN routers vulnerable to information disclosure
CVSS Score
4.3
Published
2016/05/27
JVN
JVN#75813272
CVE
CVE-2016-1222
Description
php-contact-form vulnerable to cross-site scripting
CVSS Score
6.1
Published
2016/05/24
JVN
JVN#85112513
CVE
CVE-2016-1211
Description
Web Mailing List vulnerable to cross-site scripting
CVSS Score
6.1
Published
2016/05/19
JVN
JVN#43076390
CVE
CVE-2016-1178
Description
a-blog cms vulnerable to session management
CVSS Score
4.8
Published
2016/05/16
JVN
JVN#03975805
CVE
CVE-2016-1179
Description
a-blog cms vulnerable to cross-site scripting
CVSS Score
4.7
Published
2016/05/16
JVN
JVN#73166466
CVE
CVE-2016-1207
Description
WN-G300R Series vulnerable to cross-site scripting
CVSS Score
4.3
Published
2016/05/12
JVN
JVN#22978346
CVE
CVE-2016-4585
Description
A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.
CVSS Score
-
Published
2016/05/11
JVN
-
CVE
CVE-2016-1167
Description
Aterm WG300HP vulnerable to cross-site request forgery
CVSS Score
4.3
Published
2016/03/30
JVN
JVN#82020528
CVE
CVE-2016-1168
Description
Aterm WF800HP vulnerable to cross-site request forgery
CVSS Score
7.1
Published
2016/03/30
JVN
JVN#07818796
CVE
CVE-2016-1158
Description
Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
CVSS Score
7.1
Published
2016/03/02
JVN
JVN#59349382
CVE
CVE-2016-1134
Description
Multiple Buffalo network devices vulnerable to cross-site request forgery
CVSS Score
4.3
Published
2016/01/22
JVN
JVN#09268287
CVE
CVE-2016-1135
Description
Multiple Buffalo network devices vulnerable to cross-site scripting
CVSS Score
6.1
Published
2016/01/22
JVN
JVN#49225722
CVE
CVE-2016-1142
Description
acmailer vulnerable to OS command injection
CVSS Score
4.7
Published
2016/01/15
JVN
JVN#50899877
CVE
CVE-2016-1864
Description
An issue existed in URL redirection when XSS auditor was used in block mode. This issue was addressed through improved URL navigation.
CVSS Score
-
Published
2016/01/13
JVN
-
CVE
CVE-2015-5661
Description
AirDroid for Android vulnerable in handling of implicit intents
CVSS Score
2.6
Published
2015/10/16
JVN
JVN#37825153
CVE
CVE-2015-6059
Description
Scripting Engine Information Disclosure Vulnerability
CVSS Score
Published
2015/10/15
JVN
CVE
CVE-2015-5652
Description
Python for Windows may insecurely load dynamic libraries
CVSS Score
6.8
Published
2015/10/01
JVN
JVN#49503705
CVE
CVE-2015-2992
Description
Apache Struts vulnerable to cross-site scripting
CVSS Score
4.3
Published
2015/09/04
JVN
JVN#88408929
CVE
CVE-2014-1972
Description
Apache Tapestry deserializes untrusted data
CVSS Score
6.8
Published
2015/08/20
JVN
JVN#17611367
CVE
CVE-2015-4034
Description
Samsung Garaxy S5 MethodSpec Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Score
-
Published
2015/06/30
JVN
CVE
CVE-2015-2308
Description
Symfony vulnerable to code injection
CVSS Score
6.8
Published
2015/06/23
JVN
JVN#19578958
CVE
CVE-2015-1758
Description
LoadLibrary function in Microsoft Windows fails to validate input properly
CVSS Score
7.6
Published
2015/06/09
JVN
JVN#18146081
CVE
-
Description
CakePHP RequestHandlerComponent vulnerability
CVSS Score
-
Published
2015/06/01
JVN
CVE
CVE-2015-0279
Description
JBoss RichFaces vulnerable to remote Java code execution
CVSS Score
7.5
Published
2015/04/14
JVN
JVN#56297719
CVE
CVE-2014-3197
Description
Information Leak in XSS Auditor
CVSS Score
-
Published
2015/03/12
JVN
CVE
CVE-2014-6328
Description
Internet Explorer XSS Filter Bypass Vulnerability
CVSS Score
-
Published
2015/03/12
JVN
CVE
CVE-2014-6345
Description
Internet Explorer Cross-domain Information Disclosure Vulnerability
CVSS Score
-
Published
2015/03/12
JVN
CVE
CVE-2014-6346
Description
Internet Explorer Cross-domain Information Disclosure Vulnerability
CVSS Score
-
Published
2015/03/12
JVN
CVE
CVE-2014-7939
Description
Same-origin-bypass in V8
CVSS Score
-
Published
2015/03/12
JVN
CVE
CVE-2014-5325
Description
Direct Web Remoting (DWR) vulnerable to XML external entity injection
CVSS Score
5.8
Published
2014/11/14
JVN
JVN#91502163
CVE
CVE-2014-5326
Description
Direct Web Remoting (DWR) vulnerable to cross-site scripting
CVSS Score
4.3
Published
2014/11/14
JVN
JVN#52422792
CVE
CVE-2014-5320
Description
Bump for Android vulnerable in handling of implicit intents
CVSS Score
2.6
Published
2014/09/19
JVN
JVN#08994136
CVE
CVE-2014-3896
Description
Acmailer contains a cross-site request forgery vulnerability
CVSS Score
5.1
Published
2014/07/29
JVN
JVN#42511610
CVE
CVE-2014-3578
Description
Spring Framework vulnerable to directory traversal
CVSS Score
5.0
Published
2014/06/13
JVN
JVN#49154900
CVE
CVE-2014-0815
Description
Opera browser for Android issue in handling intent scheme URL's
CVSS Score
4.3
Published
2014/02/06
JVN
JVN#23256725
CVE
CVE-2013-2251
Description
Apache Struts vulnerable to remote command execution
CVSS Score
7.5
Published
2013/09/06
JVN
JVN#33504150
CVE
CVE-2013-4701
Description
PHP OpenID Library vulnerable to XML external entity injection
CVSS Score
6.4
Published
2013/08/21
JVN
JVN#24713981
CVE
CVE-2013-2165
Description
JBoss RichFaces vulnerable to remote code execution
CVSS Score
6.8
Published
2013/07/19
JVN
JVN#38787103
CVE
CVE-2013-2248
Description
Multiple Open Redirection Vulnerabilities
CVSS Score
-
Published
2013/07/19
JVN
CVE
CVE-2013-2251
Description
Apache Struts vulnerable to remote command execution
CVSS Score
-
Published
2013/07/19
JVN
JVN#33504150
CVE
CVE-2013-3646
Description
Cybozu Live for Android vulnerable to arbitrary Java method execution
CVSS Score
5.8
Published
2013/06/18
JVN
JVN#63428218
CVE
CVE-2013-3647
Description
Cybozu Live for Android vulnerable in the WebView class
CVSS Score
2.6
Published
2013/06/18
JVN
JVN#19740283
CVE
CVE-2013-3642
Description
Angel Browser vulnerable in the WebView class
CVSS Score
2.6
Published
2013/06/11
JVN
JVN#79301570
CVE
CVE-2013-3643
Description
Galapagos Browser vulnerable in the WebView class
CVSS Score
2.6
Published
2013/06/11
JVN
JVN#99813183
CVE
-
Description
Internet Explorer vulnerable to information disclosure
CVSS Score
2.6
Published
2013/06/07
JVN
JVN#63901692
CVE
-
Description
Safari information disclosure vulnerability
CVSS Score
2.6
Published
2013/05/31
JVN
JVN#07354844