MidnightBSD

Advisories for skyarc

CVE-2011-3993 MEDIUM

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
skyarc mtcms 5.2
skyarc duplicateentry *
skyarc mtcms 5.22
skyarc mtcms 5.251
skyarc mtcms 5.21
skyarc mailpack *
skyarc multifileuploader *
skyarc autotagging *
skyarc mtcms 5.23
skyarc mtcms *
skyarc mtcms 5.25
skyarc mtcms 5.24
CVE-2011-3994 MEDIUM

Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
skyarc mtcms 5.2
skyarc duplicateentry *
skyarc mtcms 5.22
skyarc mtcms 5.251
skyarc mtcms 5.21
skyarc mailpack *
skyarc multifileuploader *
skyarc autotagging *
skyarc mtcms 5.23
skyarc mtcms *
skyarc mtcms 5.25
skyarc mtcms 5.24