Kazuhiko Kusano

**Name of the Vulnerable Software and Affected Versions** IPA iLogScanner version 4.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. This can lead to the execution of malicious code on the victim's browser. **Recommendations** For IPA iLogScanner version 4.0, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.

**Name of the Vulnerable Software and Affected Versions** mora Downloader versions prior to 1.0.0.1 **Description** The issue allows remote attackers to trigger the launch of a .exe file via unspecified vectors due to an untrusted search path vulnerability. **Recommendations** For versions prior to 1.0.0.1, update to version 1.0.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mixi application versions prior to 4.3.0 **Description** The issue allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. **Recommendations** For versions prior to 4.3.0, update to version 4.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NEC BIGLOBE Yome Collection application versions 1.8.3 and earlier **Description** The issue allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the `READ PHONE STATE` permission. **Recommendations** For NEC BIGLOBE Yome Collection application versions 1.8.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Puella Magi Madoka Magica iP application versions 1.05 and earlier **Description** The issue allows remote attackers to obtain sensitive information, specifically Twitter credentials, via a crafted application. This is because the application places cleartext Twitter credentials in a log file. **Recommendations** For versions 1.05 and earlier, consider removing or restricting access to the log file that contains the cleartext Twitter credentials until a fix is available. As a temporary workaround, avoid using the application with Twitter credentials enabled.

**Name of the Vulnerable Software and Affected Versions** RECRUIT Dokodemo Rikunabi 2013 extension versions prior to 1.0.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Janetter versions prior to 3.3.0 **Description** The issue allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. **Recommendations** For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Janetter versions prior to 3.3.0.0 **Description** The issue allows remote attackers to hijack the authentication of arbitrary users for requests that tweet, upload an image file, or execute arbitrary commands due to multiple cross-site request forgery (CSRF) vulnerabilities. **Recommendations** For versions prior to 3.3.0.0, update to version 3.3.0.0 or later to resolve the issue.