Search

Find a vulnerability

Search criteria

    3 vulnerabilities by SKYARC System

    JVNDB-2011-000094

    Vulnerability from jvndb - Published: 2011-10-31 18:03 - Updated:2011-11-08 17:38
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery
    Details
    Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000094.html",
      "dc:date": "2011-11-08T17:38+09:00",
      "dcterms:issued": "2011-10-31T18:03+09:00",
      "dcterms:modified": "2011-11-08T17:38+09:00",
      "description": "Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.\r\n\r\nMTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000094.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:skyarc:authoreffective",
          "@product": "AuthorEffective",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:autotagging",
          "@product": "AutoTagging",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:duplicateentry",
          "@product": "DuplicateEntry",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:entryimexporter",
          "@product": "EntryImExporter",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:mailpack",
          "@product": "MailPack",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:mtcms",
          "@product": "MTCMS",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:mtcms",
          "@product": "MTCMS",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:multifileuploader",
          "@product": "MultiFileUploader",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2011-000094",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN56667137/index.html",
          "@id": "JVN#56667137",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3994",
          "@id": "CVE-2011-3994",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-3994",
          "@id": "CVE-2011-3994",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery"
    }

    JVNDB-2011-000093

    Vulnerability from jvndb - Published: 2011-10-31 17:54 - Updated:2011-11-08 17:38
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple SKYARC System Co., Ltd. products fail to restrict access permissions
    Details
    Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000093.html",
      "dc:date": "2011-11-08T17:38+09:00",
      "dcterms:issued": "2011-10-31T17:54+09:00",
      "dcterms:modified": "2011-11-08T17:38+09:00",
      "description": "Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.\r\n\r\nMTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.",
      "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000093.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:skyarc:authoreffective",
          "@product": "AuthorEffective",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:autotagging",
          "@product": "AutoTagging",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:duplicateentry",
          "@product": "DuplicateEntry",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:entryimexporter",
          "@product": "EntryImExporter",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:mailpack",
          "@product": "MailPack",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:mtcms",
          "@product": "MTCMS",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skyarc:multifileuploader",
          "@product": "MultiFileUploader",
          "@vendor": "SKYARC System",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2011-000093",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN41032068/index.html",
          "@id": "JVN#41032068",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3993",
          "@id": "CVE-2011-3993",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-3993",
          "@id": "CVE-2011-3993",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Multiple SKYARC System Co., Ltd. products fail to restrict access permissions"
    }

    JVNDB-2008-000003

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 11:30
    Severity
    N/A (UNKNOWN) - -
    Summary
    MTCMS WYSIWYG Editor cross-site scripting vulnerability
    Details
    MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability. MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000003.html",
      "dc:date": "2008-05-21T11:30+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T11:30+09:00",
      "description": "MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability.\r\n\r\nMTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability.",
      "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000003.html",
      "sec:cpe": {
        "#text": "cpe:/a:skyarc:mtcms_wysiwyg_editor",
        "@product": "MTCMS WYSIWYG Editor",
        "@vendor": "SKYARC System",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2008-000003",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN21312708/index.html",
          "@id": "JVN#21312708",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6448",
          "@id": "CVE-2008-6448",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6448",
          "@id": "CVE-2008-6448",
          "@source": "NVD"
        },
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000003.html",
          "@id": "JVNDB-2008-000003",
          "@source": "JVNDB_Ja"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "MTCMS WYSIWYG Editor cross-site scripting vulnerability"
    }