Search criteria
6 vulnerabilities found for mailpack by skyarc
FKIE_CVE-2011-3993
Vulnerability from fkie_nvd - Published: 2011-11-03 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| skyarc | autotagging | * | |
| skyarc | duplicateentry | * | |
| skyarc | mailpack | * | |
| skyarc | mtcms | * | |
| skyarc | mtcms | 5.2 | |
| skyarc | mtcms | 5.21 | |
| skyarc | mtcms | 5.22 | |
| skyarc | mtcms | 5.23 | |
| skyarc | mtcms | 5.24 | |
| skyarc | mtcms | 5.24 | |
| skyarc | mtcms | 5.24 | |
| skyarc | mtcms | 5.25 | |
| skyarc | mtcms | 5.25 | |
| skyarc | mtcms | 5.25 | |
| skyarc | mtcms | 5.251 | |
| skyarc | mtcms | 5.251 | |
| skyarc | multifileuploader | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:skyarc:autotagging:*:*:*:*:*:*:*:*",
"matchCriteriaId": "700A3014-4DD6-4694-A83E-C04267951C07",
"versionEndIncluding": "0.08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:duplicateentry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "943E5640-4B68-417A-B9DC-961029EBB604",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mailpack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C36983-9CA0-4705-BBB2-77EFA831460A",
"versionEndIncluding": "1.741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C8DD6E-6645-43BC-8C62-7CBB750DB9D7",
"versionEndIncluding": "5.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5A177C-9E80-4FBF-A443-8429142C0963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7E0117-F13D-48E5-A859-7C87C6F0FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B926DF53-7927-40E9-8565-F00BDFE06909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6725E4-D378-4EA6-983F-9C00A02F8B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3CD3BC-4D14-4924-8C9D-6F9046CAB9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D17F47AC-2B96-4D1B-932F-95E6852D7217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:smart:*:*:*:*:*",
"matchCriteriaId": "7B0CB190-C55D-4D58-9A64-A23D3C106B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5216DB-FE4C-486D-8597-6BBE2AE0D01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "58360AF1-8638-4B63-9655-702DFCA8F872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:smart:*:*:*:*:*",
"matchCriteriaId": "5DBDC0FD-7679-4503-AAF2-01DD31FB1A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.251:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "33D411B2-A032-451F-868A-4FBE2D6A0352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.251:*:smart:*:*:*:*:*",
"matchCriteriaId": "820F9FD8-6948-4DC2-ADFF-E69CC758C6CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:multifileuploader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89E4A66A-36C7-484E-B1C5-E8CB296A679A",
"versionEndIncluding": "0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad en plugins SKYARC MTCMS anterior a v5.252, y en MultiFileUploader v0.44 y anteriores, DuplicateEntry v1.2 y anteriores, MailPack v1.741 y anteriores, y AutoTagging v0.08 y anteriores para Movable Type utiliza permisos d\u00e9biles, lo que permite a usuarios remotos autenticados modificar ficheros y par\u00e1metros de configuraci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-3993",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-03T17:55:01.780",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3994
Vulnerability from fkie_nvd - Published: 2011-11-03 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| skyarc | autotagging | * | |
| skyarc | duplicateentry | * | |
| skyarc | mailpack | * | |
| skyarc | mtcms | * | |
| skyarc | mtcms | 5.2 | |
| skyarc | mtcms | 5.21 | |
| skyarc | mtcms | 5.22 | |
| skyarc | mtcms | 5.23 | |
| skyarc | mtcms | 5.24 | |
| skyarc | mtcms | 5.24 | |
| skyarc | mtcms | 5.24 | |
| skyarc | mtcms | 5.25 | |
| skyarc | mtcms | 5.25 | |
| skyarc | mtcms | 5.25 | |
| skyarc | mtcms | 5.251 | |
| skyarc | mtcms | 5.251 | |
| skyarc | multifileuploader | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:skyarc:autotagging:*:*:*:*:*:*:*:*",
"matchCriteriaId": "700A3014-4DD6-4694-A83E-C04267951C07",
"versionEndIncluding": "0.08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:duplicateentry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "943E5640-4B68-417A-B9DC-961029EBB604",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mailpack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C36983-9CA0-4705-BBB2-77EFA831460A",
"versionEndIncluding": "1.741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C8DD6E-6645-43BC-8C62-7CBB750DB9D7",
"versionEndIncluding": "5.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5A177C-9E80-4FBF-A443-8429142C0963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7E0117-F13D-48E5-A859-7C87C6F0FAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B926DF53-7927-40E9-8565-F00BDFE06909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6725E4-D378-4EA6-983F-9C00A02F8B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3CD3BC-4D14-4924-8C9D-6F9046CAB9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D17F47AC-2B96-4D1B-932F-95E6852D7217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:smart:*:*:*:*:*",
"matchCriteriaId": "7B0CB190-C55D-4D58-9A64-A23D3C106B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5216DB-FE4C-486D-8597-6BBE2AE0D01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "58360AF1-8638-4B63-9655-702DFCA8F872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:smart:*:*:*:*:*",
"matchCriteriaId": "5DBDC0FD-7679-4503-AAF2-01DD31FB1A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.251:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "33D411B2-A032-451F-868A-4FBE2D6A0352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:mtcms:5.251:*:smart:*:*:*:*:*",
"matchCriteriaId": "820F9FD8-6948-4DC2-ADFF-E69CC758C6CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:skyarc:multifileuploader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89E4A66A-36C7-484E-B1C5-E8CB296A679A",
"versionEndIncluding": "0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en SKYARC MTCMS anterior a v5.252, y el MultiFileUploader v0.44 y anteriores, DuplicateEntry v1.2 y anteriores, MailPack v1.741 y anteriores, y el etiquetado autom\u00e1tico v0.08 y anteriores plugins para Movable Type, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para las peticiones que modifican los datos."
}
],
"id": "CVE-2011-3994",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-03T17:55:01.827",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-3994 (GCVE-0-2011-3994)
Vulnerability from cvelistv5 – Published: 2011-11-03 17:00 – Updated: 2024-09-17 00:50
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"name": "JVN#56667137",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-03T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"name": "JVN#56667137",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mtcms.jp/news/product/201110131921.html",
"refsource": "CONFIRM",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000094",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"name": "JVN#56667137",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3994",
"datePublished": "2011-11-03T17:00:00Z",
"dateReserved": "2011-10-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:50:31.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3993 (GCVE-0-2011-3993)
Vulnerability from cvelistv5 – Published: 2011-11-03 17:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#41032068",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000093",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-03T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#41032068",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000093",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#41032068",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"name": "http://www.mtcms.jp/news/product/201110131921.html",
"refsource": "CONFIRM",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000093",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3993",
"datePublished": "2011-11-03T17:00:00Z",
"dateReserved": "2011-10-05T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:41.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3994 (GCVE-0-2011-3994)
Vulnerability from nvd – Published: 2011-11-03 17:00 – Updated: 2024-09-17 00:50
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"name": "JVN#56667137",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-03T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"name": "JVN#56667137",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mtcms.jp/news/product/201110131921.html",
"refsource": "CONFIRM",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000094",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094"
},
{
"name": "JVN#56667137",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56667137/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3994",
"datePublished": "2011-11-03T17:00:00Z",
"dateReserved": "2011-10-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:50:31.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3993 (GCVE-0-2011-3993)
Vulnerability from nvd – Published: 2011-11-03 17:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#41032068",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000093",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-03T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#41032068",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000093",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#41032068",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41032068/index.html"
},
{
"name": "http://www.mtcms.jp/news/product/201110131921.html",
"refsource": "CONFIRM",
"url": "http://www.mtcms.jp/news/product/201110131921.html"
},
{
"name": "JVNDB-2011-000093",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3993",
"datePublished": "2011-11-03T17:00:00Z",
"dateReserved": "2011-10-05T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:41.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}