12 matches found
ICZ MATCHA SNS 跨站脚本漏洞
ICZ MATCHA SNS is a notification and message distribution system developed by the Japanese company ICZ. Versions of ICZ MATCHA SNS 1.3.9 and earlier contained a cross-site scripting vulnerability. This vulnerability was due to a susceptibility to cross-site scripting attacks, which could allow...
EUVD-2015-5596
Malware in sbrugna...
EUVD-2015-5595
Malware in sbrugna...
ICZ MATCHA SNS Privilege Access Control Vulnerability
ICZ MATCHA SNS is a set of SNS software from ICZ Japan. A security vulnerability exists in ICZ MATCHA SNS 1.3.6 and earlier versions. A remote attacker can exploit this vulnerability to gain administrator privileges...
CVE-2015-5645
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors...
CVE-2015-5644
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
Code injection
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
Code injection
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors...
CVE-2015-5644
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2015-5645
ICZ MATCHA SNS (MATCHA SNS) before 1.3.7 is vulnerable: remote authenticated users can obtain administrative privileges via unspecified vectors. Affected product: MATCHA SNS from ICZ Corporation, versions 1.3.6 and earlier. Root cause details are not specified in the provided documents; exploitat...
CVE-2015-5645
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors...
CVE-2015-5644
CVE-2015-5644 affects ICZ MATCHA SNS prior to 1.3.7. The installer fails to correctly configure the database, enabling a code injection path that allows a remote attacker to execute arbitrary PHP code. The vulnerability is tied to installer-time database configuration (CWE-94) and culminates in c...