EUVD-2008-3724

Malware in sbrugna...

EUVD-2008-3723

Malware in sbrugna...

Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

Overview La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ...

La!cooda WIZ and LacoodaST vulnerable to cross-site scripting

Overview La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability...

LacoodaST from SpaceTag, Inc. session fixation vulnerability

Overview LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability. LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinat...

La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery

Overview La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery...

CVE-2008-3737

Unspecified vulnerability in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact...

CVE-2008-3738

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2008-3736

Multiple cross-site request forgery CSRF vulnerabilities in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that a change passwords or b change configurations...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that a change passwords or b change configurations...

Cross site scripting

Cross-site scripting XSS vulnerability in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences...

Session fixation

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2008-3739

Cross-site scripting XSS vulnerability in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences...

Code injection

Unspecified vulnerability in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact...

CVE-2008-3737

La!cooda WIZ (System Consultants) <= 1.4.0 and LacoodaST (SpaceTag)

CVE-2008-3739

La!cooda WIZ (System Consultants) <= 1.4.0 and LacoodaST (SpaceTag)

CVE-2008-3738

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2008-3736

CVE-2008-3736 affects La!cooda WIZ 1.4.0 and earlier and LacoodaST 2.1.3 and earlier. The vulnerabilities are cross-site request forgery (CSRF) issues that may allow remote attackers to hijack the authentication of legitimate users to perform actions such as password changes or configuration chan...

CVE-2008-3738

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2008-3738

The CVE-2008-3738 case describes a session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier. Public documents confirm the affected product is LacoodaST by SpaceTag, Inc., with a vulnerability that could allow a remote attacker to hijack a user session. Impact details in sources indi...