IBM Rational ClearQuest CQOle ActiveX

Added: 05/30/2012 CVE: CVE-2012-0708 BID: 53170 OSVDB: 81443 Background Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker. Problem The ClearQuest web client installs ActiveX modules on the client system. Thes...

[SECURITY] Fedora 17 Update: python-virtualenvwrapper-3.2-3.fc17

virtualenvwrapper is a set of extensions to Ian Bicking's virtualenv tool. The extensions include wrappers for creating and deleting virtual environments and otherwise managing your development workflow, making it easier to work on more than one project at a time without introducing conflicts in...

[SECURITY] Fedora 17 Update: trytond-2.2.2-1.fc17

Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton also called Tryton kernel provides all the necessary...

A DTMF-based IVR application that is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs crashes

Fixes an issue in which a DTMF-based IVR application crashes when a user barges-in multiple times with invalid DTMF digits or barges-in to request help. This issue occurs if the application is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs.SymptomsConsider the following scenario: You...

[SECURITY] Fedora 16 Update: trytond-2.0.4-1.fc16

Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton also called Tryton kernel provides all the necessary...

OpenKM Document Management System 5.1.7 Privilege Escalation

COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-001 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Privilege Escalation, Improper Access Control Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...

Oracle Database Multiple Vulnerabilities (January 2007 CPU)

The remote Oracle database server is missing the January 2007 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Advanced Replication - Advanced Security Option - Change Data Capture - Data Guard - Export - Log Min...

Oracle Database Multiple Vulnerabilities (January 2006 CPU)

The remote Oracle database server is missing the January 2006 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net...

HP MFP Digital Sending Software 4.9x <= 4.91.21 Local Workflow Metadata Information Disclosure

The remote Windows host contains a version of HP MFP Digital Sending Software version 4.9x that's 4.91.21 or earlier. It is reportedly affected by a local information disclosure vulnerability that could result in disclosure of personal information in workflow metadata. C Tenable Network Security,...

Design/Logic Flaw

HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors...

SAP NetWeaver Workflow Modeler - Multiple XSS

Application: SAP NetWeaver Workflow Modeler Versions Affected: SAP NetWeaver NW2004s SP6 Workflow Modeler Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 06.08.2010 Vendor response: 07.08.2010 Date of Public Advisory: 12.02.2014 Reference: SAP Security Note 1860923 Author:...

Joomla Component com_articleman Upload Vulnerability

Exploit for php platform in category web applications ==================================================== Joomla Component comarticleman Upload Vulnerability ==================================================== Description : Article Factory Manager is a very useful tool for any article driven...

Joomla! Component Article Factory Manager - Arbitrary File Upload

Joomla! Component Article Factory Manager - Arbitrary File Upload vendor :http://www.thefactory.ro/shop/joomla-components/article-manager.html ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 888 888. .8888. .8' 888 888 888 .8'888. .8' 888 888 888.8' 888.8' 888 88b ooo 888' 888'...

Cross site scripting

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...

CVE-2010-1539

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...

CVE-2010-1539

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...

CVE-2010-1539

The CVE-2010-1539 entry concerns a Cross-site scripting (XSS) vulnerability in Drupal’s Workflow module when used with the Token module. Affected versions are Workflow 5.x-2.x prior to 5.x-2.6 and 6.x-1.x prior to 6.x-1.4. The issue allows remote authenticated users to inject arbitrary web script...

CVE-2009-4776

CVE-2009-4776 describes a buffer overflow in Hitachi Cosminexus components (V4–V8 Processing Kit for XML and Developer’s Kit for Java) used in products such as uCosminexus, Electronic Form Workflow, GroupMax, and IBM XL C/C++ Enterprise Edition 7–8. The issue involves GIF image processing APIs in...

CVE-2010-0857

Technical details about CVE-2010-0857 are not publicly provided in the supplied documents. The connected sources mention Oracle CPU advisories and general vulnerability groupings but do not specify affected components, vectors, or fixes. Monitor for updates.

CVE-2010-0511

Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors...