Gaku Mochizuki

**Name of the Vulnerable Software and Affected Versions** Rakuma App for Android versions 7.15.0 and earlier Rakuma App for iOS versions 7.16.4 and earlier **Description** The issue allows an attacker to bypass authentication and obtain a user's authentication information through a malicious application created by a third party. **Recommendations** For Rakuma App for Android versions 7.15.0 and earlier, update to a version later than 7.15.0 to resolve the issue. For Rakuma App for iOS versions 7.16.4 and earlier, update to a version later than 7.16.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cordova-plugin-ionic-webview versions prior to 2.2.0 **Description** The issue is related to a directory traversal vulnerability in the cordova-plugin-ionic-webview, which allows remote attackers to access arbitrary files via unspecified vectors. This vulnerability is due to insufficient restrictions on directory path names, enabling a remote attacker to access local files that should be inaccessible to third-party applications. The package launches a web server listening on http://localhost:8080 without restricting access, thus escaping the iOS application sandbox and accessing local files. **Recommendations** Upgrade to version 2.2.0

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.1.0.1 and earlier baserCMS versions 3.0.15 and earlier **Description** A cross-site scripting issue allows remote authenticated attackers to inject arbitrary web script or HTML. **Recommendations** For versions 4.1.0.1 and earlier, update to a version later than 4.1.0.1. For versions 3.0.15 and earlier, update to a version later than 3.0.15.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.1.0.1 and earlier baserCMS versions 3.0.15 and earlier **Description** The issue allows remote authenticated attackers to execute arbitrary OS commands. **Recommendations** For versions 4.1.0.1 and earlier, update to a version later than 4.1.0.1. For versions 3.0.15 and earlier, update to a version later than 3.0.15.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.1.0.1 and earlier baserCMS versions 3.0.15 and earlier **Description** The issue allows remote attackers to bypass access restrictions in the mail form, enabling them to view files uploaded by site users. **Recommendations** For versions 4.1.0.1 and earlier, update to a version later than 4.1.0.1 to resolve the issue. For versions 3.0.15 and earlier, update to a version later than 3.0.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.1.0.1 and earlier baserCMS versions 3.0.15 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions 4.1.0.1 and earlier, update to a version later than 4.1.0.1. For versions 3.0.15 and earlier, update to a version later than 3.0.15.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.1.0.1 and earlier baserCMS versions 3.0.15 and earlier **Description** The issue allows remote authenticated attackers to bypass access restrictions, enabling them to view or alter restricted content. **Recommendations** For versions 4.1.0.1 and earlier, update to a version later than 4.1.0.1 to resolve the issue. For versions 3.0.15 and earlier, update to a version later than 3.0.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.1.0.1 and earlier baserCMS versions 3.0.15 and earlier **Description** The issue allows remote attackers to bypass access restrictions for content, enabling them to view files uploaded by site users. The attack vector is not specified. **Recommendations** For versions 4.1.0.1 and earlier, update to a version later than 4.1.0.1 to resolve the issue. For versions 3.0.15 and earlier, update to a version later than 3.0.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.1.0.1 and earlier baserCMS versions 3.0.15 and earlier **Description** The issue allows remote attackers with site operator privilege to upload arbitrary files. **Recommendations** For versions 4.1.0.1 and earlier, update to a version later than 4.1.0.1 to resolve the issue. For versions 3.0.15 and earlier, update to a version later than 3.0.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Corega CG-WLBARGMH (affected versions not specified) Corega CG-WLBARGNL (affected versions not specified) **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For Corega CG-WLBARGMH, at the moment, there is no information about a newer version that contains a fix for this issue. For Corega CG-WLBARGNL, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Corega CG-WLBARGMH and CG-WLBARGNL devices (affected versions not specified) **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions. This can lead to unauthorized access and control of the devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAND STUDIO AirDroid versions 1.1.0 and earlier **Description** The issue arises from the application's mishandling of implicit intents, allowing attackers to craft an application that can obtain sensitive information. **Recommendations** For versions 1.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Bump application for Android (affected versions not specified) **Description** The issue arises from the application's improper handling of implicit intents, allowing attackers to craft an application that can obtain sensitive owner-name information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cybozu Live versions prior to 2.0.1 **Description** The issue allows remote attackers to execute arbitrary Java methods and obtain sensitive information or execute arbitrary commands via a crafted web site. This is due to a regression of a previously fixed issue. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cybozu Live application versions prior to 2.0.1 **Description** The issue in the Cybozu Live application allows attackers to execute arbitrary JavaScript code and obtain sensitive information. This is achieved by a crafted application placing malicious code into a local file associated with a file: URL. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebView class until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Angel Browser application versions 1.47b and earlier for Android 1.6 through 2.1 Angel Browser application versions 1.62b and earlier for Android 2.2 through 2.3.4 Angel Browser application versions 1.68b and earlier for Android 3.0 through 4.0.3 Angel Browser application versions 1.76b and earlier for Android 4.1 through 4.2 **Description** The issue arises from the improper implementation of the WebView class in the Angel Browser application, allowing attackers to obtain sensitive information via a crafted application. **Recommendations** For Angel Browser application versions 1.47b and earlier for Android 1.6 through 2.1, update to a version later than 1.47b. For Angel Browser application versions 1.62b and earlier for Android 2.2 through 2.3.4, update to a version later than 1.62b. For Angel Browser application versions 1.68b and earlier for Android 3.0 through 4.0.3, update to a version later than 1.68b. For Angel Browser application versions 1.76b and earlier for Android 4.1 through 4.2, update to a version later than 1.76b.

**Name of the Vulnerable Software and Affected Versions** Galapagos Browser (affected versions not specified) **Description** The issue is related to the improper implementation of the WebView class in the Galapagos Browser application for Android, allowing attackers to obtain sensitive information via a crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OMRON OpenWnn application versions prior to 1.3.6 **Description** The issue allows attackers to obtain sensitive information by accessing the local filesystem due to weak permissions for unspecified files. **Recommendations** For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** COBIME application versions prior to 0.9.4 **Description** The issue allows attackers to obtain sensitive information via an application that accesses the local filesystem, due to weak permissions for unspecified files. **Recommendations** For versions prior to 0.9.4, update to version 0.9.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ArtIME Japanese Input application versions 1.1.2 and earlier **Description** The issue allows attackers to obtain sensitive information via an application that accesses the local filesystem, due to weak permissions for unspecified files. **Recommendations** For ArtIME Japanese Input application versions 1.1.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.