6 matches found
Igreks MilkyStep Light and Professional Access Restriction Bypass Vulnerability
Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A security vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker could exploit the...
Igreks MilkyStep Light and Professional Cross-Site Request Forgery Vulnerabilities
Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A cross-site request forgery vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker could...
Igreks MilkyStep Light and Professional SQL Injection Vulnerabilities
Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A SQL injection vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker can exploit this...
CVE-2015-2958
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953...
JVN#19732015: MilkyStep fails to restrict access permissions
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information CWE-284. Impact A non-administrative user may be able to change administrative user credentials. Solution...
JVN#12241436: MilkyStep vulnerable to cross-site request forgery
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to...