Search
Find a vulnerability
Search criteria
3 vulnerabilities by SKYARC System
JVNDB-2011-000094
Vulnerability from jvndb - Published: 2011-10-31 18:03 - Updated:2011-11-08 17:38Summary
Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery
Details
Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.
MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000094.html",
"dc:date": "2011-11-08T17:38+09:00",
"dcterms:issued": "2011-10-31T18:03+09:00",
"dcterms:modified": "2011-11-08T17:38+09:00",
"description": "Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.\r\n\r\nMTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000094.html",
"sec:cpe": [
{
"#text": "cpe:/a:skyarc:authoreffective",
"@product": "AuthorEffective",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:autotagging",
"@product": "AutoTagging",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:duplicateentry",
"@product": "DuplicateEntry",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:entryimexporter",
"@product": "EntryImExporter",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:mailpack",
"@product": "MailPack",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:mtcms",
"@product": "MTCMS",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:mtcms",
"@product": "MTCMS",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:multifileuploader",
"@product": "MultiFileUploader",
"@vendor": "SKYARC System",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000094",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN56667137/index.html",
"@id": "JVN#56667137",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3994",
"@id": "CVE-2011-3994",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-3994",
"@id": "CVE-2011-3994",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery"
}
JVNDB-2011-000093
Vulnerability from jvndb - Published: 2011-10-31 17:54 - Updated:2011-11-08 17:38Summary
Multiple SKYARC System Co., Ltd. products fail to restrict access permissions
Details
Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.
MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000093.html",
"dc:date": "2011-11-08T17:38+09:00",
"dcterms:issued": "2011-10-31T17:54+09:00",
"dcterms:modified": "2011-11-08T17:38+09:00",
"description": "Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.\r\n\r\nMTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000093.html",
"sec:cpe": [
{
"#text": "cpe:/a:skyarc:authoreffective",
"@product": "AuthorEffective",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:autotagging",
"@product": "AutoTagging",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:duplicateentry",
"@product": "DuplicateEntry",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:entryimexporter",
"@product": "EntryImExporter",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:mailpack",
"@product": "MailPack",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:mtcms",
"@product": "MTCMS",
"@vendor": "SKYARC System",
"@version": "2.2"
},
{
"#text": "cpe:/a:skyarc:multifileuploader",
"@product": "MultiFileUploader",
"@vendor": "SKYARC System",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000093",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN41032068/index.html",
"@id": "JVN#41032068",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3993",
"@id": "CVE-2011-3993",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-3993",
"@id": "CVE-2011-3993",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Multiple SKYARC System Co., Ltd. products fail to restrict access permissions"
}
JVNDB-2008-000003
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 11:30Summary
MTCMS WYSIWYG Editor cross-site scripting vulnerability
Details
MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability.
MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000003.html",
"dc:date": "2008-05-21T11:30+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T11:30+09:00",
"description": "MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability.\r\n\r\nMTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000003.html",
"sec:cpe": {
"#text": "cpe:/a:skyarc:mtcms_wysiwyg_editor",
"@product": "MTCMS WYSIWYG Editor",
"@vendor": "SKYARC System",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000003",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN21312708/index.html",
"@id": "JVN#21312708",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6448",
"@id": "CVE-2008-6448",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6448",
"@id": "CVE-2008-6448",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000003.html",
"@id": "JVNDB-2008-000003",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "MTCMS WYSIWYG Editor cross-site scripting vulnerability"
}