CVE-2024-24978

TvRock 0.9t8a has a DoS vulnerability that can trigger an ABEND via a specially crafted request, with exploitation possible by remote attackers or by users clicking the crafted request. The developer is unreachable, and multiple sources advise stopping use of TvRock 0.9t8a. No public patch or mit...

PT-2024-19955 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site request forgery CSRF issue exists, allowing unintended operations to be performed if a logged-in user accesses a specially crafted page. Recommendations: For TvRock version 0.9t8a, consider...

PT-2024-20685 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A denial-of-service DoS issue exists, where receiving a specially crafted request by a remote attacker or having a user click a specially crafted request may lead to an abnormal end ABEND. The developer of...

TvRock vulnerable to denial-of-service (DoS)

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. During the meeting of Committee for authorizing the disclosure of unresolved...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

0ch BBS Script (0ch) vulnerable to cross-site scripting

Overview 0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. During the meeting of...

TvRock vulnerable to cross-site scripting

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

WebProxy vulnerable to OS command injection

Overview WebProxy provided by LunarNight Laboratory according to the original report submitted by the reporter is software to build a proxy server. WebProxy contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved...

PT-2024-22281 · Easyrange · Easyrange

Name of the Vulnerable Software and Affected Versions: EasyRange Ver 1.41 Description: The issue with the executable file search path when displaying an extracted file on Explorer may lead to loading an executable file that resides in the same folder where the extracted file is placed. If this...

PT-2024-22226 · Unknown · Mini Thread

Name of the Vulnerable Software and Affected Versions: Mini Thread version 3.33βi Description: A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users are...

PT-2024-21278 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site scripting vulnerability exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users...

PT-2024-22278 · Unknown · 0Ch Bbs Script

Name of the Vulnerable Software and Affected Versions: 0ch BBS Script version 4.00 Description: A cross-site scripting vulnerability exists in the product, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was...

rNote vulnerable to cross-site scripting

Overview rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an advisory for this...

Click Ranker vulnerable to cross-site scripting

Overview Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January...

WL-Enq (WEB Enquete) vulnerable to OS command injection

Overview WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was...

mailform vulnerable to cross-site scripting

Overview mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it...

mailform vulnerable to PHP code execution

Overview mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. During the meeting of Committee for authorizing the disclosure of unresolved...

CuteNews vulnerable to cross-site scripting

Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...

TinyFTP Daemon vulnerable to buffer overflow

Overview TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that an...

PHP 2chBBS vulnerable to cross-site scripting

Overview PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing...