Lucene search
K

6 matches found

CNVD
CNVD
added 2015/06/16 12:0 a.m.3 views

Igreks MilkyStep Light and Professional Access Restriction Bypass Vulnerability

Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A security vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker could exploit the...

5CVSS6.8AI score0.01385EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/16 12:0 a.m.2 views

Igreks MilkyStep Light and Professional Cross-Site Request Forgery Vulnerabilities

Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A cross-site request forgery vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker could...

6.8CVSS6.9AI score0.00656EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/16 12:0 a.m.2 views

Igreks MilkyStep Light and Professional SQL Injection Vulnerabilities

Igreks MilkyStep is a magazine push CGI via email system from Igreks Japan.MilkyStep Light and MilkyStep Professional are the lightweight and professional versions respectively. A SQL injection vulnerability exists in Igreks MilkyStep Light and Professional. A remote attacker can exploit this...

7.5CVSS8.5AI score0.01285EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/06/13 3:0 p.m.28 views

CVE-2015-2958

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953...

6.5AI score0.01553EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/12 12:0 a.m.29 views

JVN#19732015: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information CWE-284. Impact A non-administrative user may be able to change administrative user credentials. Solution...

6.5CVSS5.9AI score0.012EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/09 12:0 a.m.35 views

JVN#12241436: MilkyStep vulnerable to cross-site request forgery

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to...

6.8CVSS6.3AI score0.00656EPSS
Exploits0
Rows per page
Query Builder