Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by Igreks Inc.
JVNDB-2015-000077
Vulnerability from jvndb - Published: 2015-06-12 14:13 - Updated:2015-06-16 16:52Summary
MilkyStep fails to restrict access permissions
Details
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information (CWE-284).
Note that this vulnerability is different from JVN#16409640 or JVN#74280258.
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000077.html",
"dc:date": "2015-06-16T16:52+09:00",
"dcterms:issued": "2015-06-12T14:13+09:00",
"dcterms:modified": "2015-06-16T16:52+09:00",
"description": "MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information (CWE-284).\r\n\r\nNote that this vulnerability is different from JVN#16409640 or JVN#74280258.\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000077.html",
"sec:cpe": [
{
"#text": "cpe:/a:igreks:milkystep_light",
"@product": "MilkyStep Light",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional",
"@product": "MilkyStep Professional",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional_oem",
"@product": "MilkyStep Professional OEM",
"@vendor": "Igreks Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000077",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN19732015/index.html",
"@id": "JVN#19732015",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2952",
"@id": "CVE-2015-2952",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2952",
"@id": "CVE-2015-2952",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "MilkyStep fails to restrict access permissions"
}
JVNDB-2015-000083
Vulnerability from jvndb - Published: 2015-06-09 14:16 - Updated:2015-06-16 16:51Summary
MilkyStep fails to restrict access permissions
Details
MilkyStep provided by Igreks Inc. fails to restrict access permissions.
Note that this vulnerability is different from JVN#16409640.
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions (CWE-264).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000083.html",
"dc:date": "2015-06-16T16:51+09:00",
"dcterms:issued": "2015-06-09T14:16+09:00",
"dcterms:modified": "2015-06-16T16:51+09:00",
"description": "MilkyStep provided by Igreks Inc. fails to restrict access permissions.\r\n\r\nNote that this vulnerability is different from JVN#16409640.\r\n\r\nMilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions (CWE-264).\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000083.html",
"sec:cpe": [
{
"#text": "cpe:/a:igreks:milkystep_light",
"@product": "MilkyStep Light",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional",
"@product": "MilkyStep Professional",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional_oem",
"@product": "MilkyStep Professional OEM",
"@vendor": "Igreks Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000083",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN74280258/index.html",
"@id": "JVN#74280258",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2958",
"@id": "CVE-2015-2958",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2958",
"@id": "CVE-2015-2958",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "MilkyStep fails to restrict access permissions"
}
JVNDB-2015-000082
Vulnerability from jvndb - Published: 2015-06-09 14:15 - Updated:2015-06-16 16:52Summary
MilkyStep vulnerable to cross-site scripting
Details
MilkyStep provided by Igreks Inc. contains a cross-site scripting vulnerability.
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability (CWE-79).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000082.html",
"dc:date": "2015-06-16T16:52+09:00",
"dcterms:issued": "2015-06-09T14:15+09:00",
"dcterms:modified": "2015-06-16T16:52+09:00",
"description": "MilkyStep provided by Igreks Inc. contains a cross-site scripting vulnerability.\r\n\r\nMilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000082.html",
"sec:cpe": [
{
"#text": "cpe:/a:igreks:milkystep_light",
"@product": "MilkyStep Light",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional",
"@product": "MilkyStep Professional",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional_oem",
"@product": "MilkyStep Professional OEM",
"@vendor": "Igreks Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000082",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20879350/index.html",
"@id": "JVN#20879350",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2957",
"@id": "CVE-2015-2957",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2957",
"@id": "CVE-2015-2957",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "MilkyStep vulnerable to cross-site scripting"
}
JVNDB-2015-000081
Vulnerability from jvndb - Published: 2015-06-09 14:15 - Updated:2015-06-16 16:52Summary
MilkyStep vulnerable to SQL injection
Details
MilkyStep provided by Igreks Inc. contains a SQL injection vulnerability.
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability (CWE-89).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000081.html",
"dc:date": "2015-06-16T16:52+09:00",
"dcterms:issued": "2015-06-09T14:15+09:00",
"dcterms:modified": "2015-06-16T16:52+09:00",
"description": "MilkyStep provided by Igreks Inc. contains a SQL injection vulnerability.\r\n\r\nMilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability (CWE-89).\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000081.html",
"sec:cpe": [
{
"#text": "cpe:/a:igreks:milkystep_light",
"@product": "MilkyStep Light",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional",
"@product": "MilkyStep Professional",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional_oem",
"@product": "MilkyStep Professional OEM",
"@vendor": "Igreks Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000081",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN52478686/index.html",
"@id": "JVN#52478686",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2956",
"@id": "CVE-2015-2956",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2956",
"@id": "CVE-2015-2956",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20150609-jvn.html",
"@id": "Security Alert for Vulnerability in MilkyStep (JVN#05559185)(JVN#52478686)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "MilkyStep vulnerable to SQL injection"
}
JVNDB-2015-000080
Vulnerability from jvndb - Published: 2015-06-09 14:02 - Updated:2015-06-16 16:52Summary
MilkyStep vulnerable to OS command injection
Details
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability (CWE-78).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000080.html",
"dc:date": "2015-06-16T16:52+09:00",
"dcterms:issued": "2015-06-09T14:02+09:00",
"dcterms:modified": "2015-06-16T16:52+09:00",
"description": "MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability (CWE-78).\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000080.html",
"sec:cpe": [
{
"#text": "cpe:/a:igreks:milkystep_light",
"@product": "MilkyStep Light",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional",
"@product": "MilkyStep Professional",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional_oem",
"@product": "MilkyStep Professional OEM",
"@vendor": "Igreks Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000080",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN05559185/index.html",
"@id": "JVN#05559185",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2955",
"@id": "CVE-2015-2955",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2955",
"@id": "CVE-2015-2955",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20150609-jvn.html",
"@id": "Security Alert for Vulnerability in MilkyStep (JVN#05559185)(JVN#52478686)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "MilkyStep vulnerable to OS command injection"
}
JVNDB-2015-000079
Vulnerability from jvndb - Published: 2015-06-09 13:45 - Updated:2015-06-16 16:52Summary
MilkyStep vulnerable to cross-site request forgery
Details
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability (CWE-352).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000079.html",
"dc:date": "2015-06-16T16:52+09:00",
"dcterms:issued": "2015-06-09T13:45+09:00",
"dcterms:modified": "2015-06-16T16:52+09:00",
"description": "MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000079.html",
"sec:cpe": [
{
"#text": "cpe:/a:igreks:milkystep_light",
"@product": "MilkyStep Light",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional",
"@product": "MilkyStep Professional",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional_oem",
"@product": "MilkyStep Professional OEM",
"@vendor": "Igreks Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000079",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN12241436/index.html",
"@id": "JVN#12241436",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2954",
"@id": "CVE-2015-2954",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2954",
"@id": "CVE-2015-2954",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "MilkyStep vulnerable to cross-site request forgery"
}
JVNDB-2015-000078
Vulnerability from jvndb - Published: 2015-06-09 13:43 - Updated:2015-06-16 16:52Summary
MilkyStep fails to restrict access permissions
Details
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions (CWE-264).
Note that this vulnerability is different from JVN#74280258.
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000078.html",
"dc:date": "2015-06-16T16:52+09:00",
"dcterms:issued": "2015-06-09T13:43+09:00",
"dcterms:modified": "2015-06-16T16:52+09:00",
"description": "MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions (CWE-264).\r\n\r\nNote that this vulnerability is different from JVN#74280258.\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000078.html",
"sec:cpe": [
{
"#text": "cpe:/a:igreks:milkystep_light",
"@product": "MilkyStep Light",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional",
"@product": "MilkyStep Professional",
"@vendor": "Igreks Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:igreks:milkystep_professional_oem",
"@product": "MilkyStep Professional OEM",
"@vendor": "Igreks Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000078",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16409640/index.html",
"@id": "JVN#16409640",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2953",
"@id": "CVE-2015-2953",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2953",
"@id": "CVE-2015-2953",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "MilkyStep fails to restrict access permissions"
}