CVSS: 9.3EPSS: 5%CPEs: 8EXPL: 0CVE-2009-1054
https://notcve.org/view.php?id=CVE-2009-1054
Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to execute arbitrary code via a crafted file, as exploited in the wild by Trojan.Tarodrop.H in March 2009. Vulnerabilidad inespecífica en JustSystems Ichitaro v13, de la v2004 hasta la v2008, Lite2, y Ichitaro viewer v5.1.5.0 y anteriores permite a atacantes remotos ejecutar código de forma arbitraria a través de un fichero manipulado, tal y como lo explotaba Trojan.Tarodrop.H en Marzo de 2009. • http://secunia.com/advisories/34405 http://www.justsystems.com/jp/info/js09001.html http://www.securityfocus.com/bid/34138 http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031608-2424-99 http://www.vupen.com/english/advisories/2009/0769 https://exchange.xforce.ibmcloud.com/vulnerabilities/49280 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1938
https://notcve.org/view.php?id=CVE-2007-1938
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS). Ichitaro 2005 hasta 2007, y posiblemente productos relacionados, permite a atacantes remotos tener un impacto desconocido por medio de vectores no especificados en un documento distribuido por medio de correo electrónico o un sitio web, posiblemente debido a un desbordamiento de búfer o a un problema de tipo cross-site scripting (XSS). • http://osvdb.org/34759 http://secunia.com/advisories/24780 http://vil.mcafeesecurity.com/vil/content/v_141950.htm http://www.justsystem.co.jp/info/pd7002.html http://www.securityfocus.com/bid/23386 http://www.securitytracker.com/id?1017887 http://www.vupen.com/english/advisories/2007/1287 https://exchange.xforce.ibmcloud.com/vulnerabilities/33507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •