CVE-2006-3671

Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors.

CVE-2005-3421

estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.