Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by SPACETAG INC.
JVNDB-2008-000049
Vulnerability from jvndb - Published: 2008-09-02 17:03 - Updated:2008-09-02 17:03Summary
Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
Details
La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server.
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000049.html",
"dc:date": "2008-09-02T17:03+09:00",
"dcterms:issued": "2008-09-02T17:03+09:00",
"dcterms:modified": "2008-09-02T17:03+09:00",
"description": "La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server.\r\n\r\nLa!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server.\r\n\r\nHirotaka Katagiri reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000049.html",
"sec:cpe": [
{
"#text": "cpe:/a:spacetag:lacoodast",
"@product": "LacoodaST",
"@vendor": "SPACETAG INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:system_consultants:la_cooda_wiz",
"@product": "La!coodaWIZ",
"@vendor": "System Consultants Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000049",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN53886050/index.html",
"@id": "JVN#53886050",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3737",
"@id": "CVE-2008-3737",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3737",
"@id": "CVE-2008-3737",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/31582",
"@id": "SA31582",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/31574",
"@id": "SA31574",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/30791",
"@id": "30791",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/44594",
"@id": "44594",
"@source": "XF"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000049.html",
"@id": "JVNDB-2008-000049",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution"
}
JVNDB-2008-000048
Vulnerability from jvndb - Published: 2008-09-02 17:02 - Updated:2008-09-02 17:02Summary
La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
Details
La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000048.html",
"dc:date": "2008-09-02T17:02+09:00",
"dcterms:issued": "2008-09-02T17:02+09:00",
"dcterms:modified": "2008-09-02T17:02+09:00",
"description": "La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.\r\n\r\nLa!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.\r\n\r\nHirotaka Katagiri reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000048.html",
"sec:cpe": [
{
"#text": "cpe:/a:spacetag:lacoodast",
"@product": "LacoodaST",
"@vendor": "SPACETAG INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:system_consultants:la_cooda_wiz",
"@product": "La!coodaWIZ",
"@vendor": "System Consultants Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000048",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN52557009/index.html",
"@id": "JVN#52557009",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3739",
"@id": "CVE-2008-3739",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3739",
"@id": "CVE-2008-3739",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/31582",
"@id": "SA31582",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/31574",
"@id": "SA31574",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/30791",
"@id": "30791",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/44593",
"@id": "44593",
"@source": "XF"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000048.html",
"@id": "JVNDB-2008-000048",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "La!cooda WIZ and LacoodaST vulnerable to cross-site scripting"
}
JVNDB-2008-000047
Vulnerability from jvndb - Published: 2008-09-02 17:01 - Updated:2008-09-02 17:01Summary
LacoodaST from SpaceTag, Inc. session fixation vulnerability
Details
LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability.
LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000047.html",
"dc:date": "2008-09-02T17:01+09:00",
"dcterms:issued": "2008-09-02T17:01+09:00",
"dcterms:modified": "2008-09-02T17:01+09:00",
"description": "LacoodaST from SpaceTag, Inc. contains a session fixation vulnerability. \r\n\r\nLacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability.\r\n\r\nHirotaka Katagiri reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000047.html",
"sec:cpe": {
"#text": "cpe:/a:spacetag:lacoodast",
"@product": "LacoodaST",
"@vendor": "SPACETAG INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000047",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN31723154/index.html",
"@id": "JVN#31723154",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3738",
"@id": "CVE-2008-3738",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3738",
"@id": "CVE-2008-3738",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/31582",
"@id": "SA31582",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/30791",
"@id": "30791",
"@source": "BID"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000047.html",
"@id": "JVNDB-2008-000047",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-255",
"@title": "Credentials Management(CWE-255)"
}
],
"title": "LacoodaST from SpaceTag, Inc. session fixation vulnerability"
}
JVNDB-2008-000046
Vulnerability from jvndb - Published: 2008-09-02 16:58 - Updated:2008-09-02 16:58Summary
La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery
Details
La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability.
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000046.html",
"dc:date": "2008-09-02T16:58+09:00",
"dcterms:issued": "2008-09-02T16:58+09:00",
"dcterms:modified": "2008-09-02T16:58+09:00",
"description": "La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. \r\n\r\nLa!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. \r\n\r\nHirotaka Katagiri reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000046.html",
"sec:cpe": [
{
"#text": "cpe:/a:spacetag:lacoodast",
"@product": "LacoodaST",
"@vendor": "SPACETAG INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:system_consultants:la_cooda_wiz",
"@product": "La!coodaWIZ",
"@vendor": "System Consultants Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000046",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN83428818/index.html",
"@id": "JVN#83428818",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3736",
"@id": "CVE-2008-3736",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3736",
"@id": "CVE-2008-3736",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/31582",
"@id": "SA31582",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/31574",
"@id": "SA31574",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/30791",
"@id": "30791",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/44592",
"@id": "44592",
"@source": "XF"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000046.html",
"@id": "JVNDB-2008-000046",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery"
}