EUVD-2015-3040

Malware in sbrugna...

EUVD-2015-3039

Malware in sbrugna...

EUVD-2015-3042

Malware in sbrugna...

Igreks MilkyStep Light and Professional Access Restriction Bypass Vulnerability

Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A security vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker could exploit the...

Igreks MilkyStep Light and Professional Cross-Site Request Forgery Vulnerabilities

Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A cross-site request forgery vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker could...

Igreks MilkyStep Light and Professional SQL Injection Vulnerabilities

Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A SQL injection vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker can exploit this...

CVE-2015-2958

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953...

Design/Logic Flaw

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953...

CVE-2015-2958

The CVE-2015-2958 entry concerns Igreks MilkyStep Light (0.94 and earlier) and MilkyStep Professional (1.82 and earlier), where remote attackers could bypass access restrictions and modify administrator credentials via unspecified vectors. This vulnerability is distinct from CVE-2015-2952 and CVE...

CVE-2015-2954

The CVE concerns Igreks MilkyStep products vulnerable to Cross-Site Request Forgery (CSRF, CWE-352). Affected components are MilkyStep Light version 0.94 and earlier, MilkyStep Professional version 1.82 and earlier, and related OEM/builds. If a logged-in user views a malicious page, an attacker c...

CVE-2015-2957

MilkyStep XSS (CVE-2015-2957) affects Igreks MilkyStep Light 0.94 and earlier and MilkyStep Professional 1.82 and earlier. The vulnerability is a cross-site scripting flaw (CWE-79) in the MilkyStep CGI for email newsletter management, arising from improper handling of input/output that allows rem...

JVN#19732015: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information CWE-284. Impact A non-administrative user may be able to change administrative user credentials. Solution...

JVN#12241436: MilkyStep vulnerable to cross-site request forgery

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to...