EUVD-2006-5555

Malware in sbrugna...

EUVD-2007-1776

Malware in sbrugna...

Cruiseworks 1.09 Cws.EXE Doc Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20698/info Cruiseworks is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from th...

Cruiseworks 1.09 Cws.exe Doc Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20699/info Cruiseworks is prone to a remote buffer-overflow vulnerability. Specifically, the application fails to validate input passed to the 'doc' parameter of the '/scripts/cruise/cms.exe' application. Cruiseworks 1.09...

CruiseWorks and Minna De Office vulnerable in access restrictions

Overview CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set. Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information...

CVE-2007-1782

CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information...

Design/Logic Flaw

CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information...

CVE-2007-1782

CruiseWorks 1.09e and earlier (CruiseWorks and Minna De Office) contain an access control weakness: user privileges are not properly restricted, allowing a standard-privilege user to change configurations or cause other unspecified impacts. Root cause: inadequate restriction of certain privileged...

CVE-2007-1782

CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information...

JVN#73258608 CruiseWorks and Minna De Office vulnerable in access restrictions

Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information registered. Solution Products Affected CruiseWorks 1.09e and earlier Minna De Office version 1.xx and 2.xx For more information, refer to the vendor...

CVE-2006-5570

Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. dot dot in the doc parameter...

CVE-2006-5571

Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter...

CVE-2006-5571

CVE-2006-5571 is a stack-based buffer overflow in CruiseWorks 1.09c/1.09d, triggered by a long string in the doc parameter of /scripts/cruise/cws.exe. This vulnerability allows remote attackers to execute arbitrary code. The impact is described as remote code execution with partial confidentialit...

CVE-2006-5570

CVE-2006-5570 is a directory traversal vulnerability in CruiseWorks 1.09c/1.09d, exploited via a ../ sequence in the doc parameter to /scripts/cruise/cws.exe, allowing remote read of arbitrary files. The NVD CVSSv2 base score is 5.0 (Medium) with network access, low attack complexity, no authenti...

CVE-2006-5571

Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter...

CVE-2006-5570

Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. dot dot in the doc parameter...

[vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities

vuln.sg Vulnerability Research Advisory CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities by Tan Chew Keong Release Date: 2006-10-24 Summary ------- Two vulnerabilities have been found in CruiseWorks. When exploited, the vulnerabilities allow an authenticated user to retrieve...

CruiseWorks目录遍历及缓冲区溢出漏洞

CruiseWorks是一款日语的办公协作软件。 CruiseWorks在显示文件之前没有正确过滤/scripts/cruise/cws.exe文件中对doc参数的输入，允许攻击者通过目录遍历攻击显示任意文件的内容。 此外，攻击者还可以通过向该参数发送超长（大于512字节）字符串触发栈溢出，导致执行任意指令。 kynoslogic inc. Cruiseworks 1.09.d kynoslogic inc. Cruiseworks 1.09.c 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Cruiseworks 1.09 - Cws.exe Doc Directory Traversal

Cruiseworks 1.09 - Cws.exe Doc Directory Traversal source: https://www.securityfocus.com/bid/20698/info Cruiseworks is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...

Cruiseworks 1.09 - Cws.exe Doc Buffer Overflow

Cruiseworks 1.09 - Cws.exe Doc Buffer Overflow source: https://www.securityfocus.com/bid/20699/info Cruiseworks is prone to a remote buffer-overflow vulnerability. Specifically, the application fails to validate input passed to the 'doc' parameter of the '/scripts/cruise/cms.exe' application...