4485 matches found
CVE-2008-4581
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process aka Flow Process view...
CVE-2008-4581
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process aka Flow Process view...
Design/Logic Flaw
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process aka Flow Process view...
It's possible to execute a workflow action without being logged in.
To reproduce, open Jira in two browser windows. In the first, navigate to an issue with an available workflow action. In the second, log out. In the first, perform one of the workflow actions. You'll see a page asking you to log back in, but the action has still been performed. To see this, in th...
It's possible to execute a workflow action without being logged in.
To reproduce, open Jira in two browser windows. In the first, navigate to an issue with an available workflow action. In the second, log out. In the first, perform one of the workflow actions. You'll see a page asking you to log back in, but the action has still been performed. To see this, in th...
It's possible to execute a workflow action without being logged in.
To reproduce, open Jira in two browser windows. In the first, navigate to an issue with an available workflow action. In the second, log out. In the first, perform one of the workflow actions. You'll see a page asking you to log back in, but the action has still been performed. To see this, in th...
EMC ApplicationXtender Workflow Server Admin Agent Heap Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC ApplicationXtender Workflow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Admin Agent service awstmxn.exe which listens by...
EMC ApplicationXtender Workflow Server Admin Agent Arbitrary File Upload Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC ApplicationXtender Workflow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Admin Agent service awstmxn.exe which listens by...
XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering
XMRS Multiple Vulnerabilities ZeroDay at 25-07-2008 Author: AzzCoder [email protected] Product: http://www.xrms.org/ Product Type: CRM Thanks: coresecurity.com Remote File Inclusion File: activities/workflow-activities.php Variable: $includedirectory Required registerglobals: Yes XSS Multiple...
SA-2008-046 - Drupal core - Session fixation
When contributed modules such as Workflow NG terminate the current request during a login event, user module is not able to regenerate the user's session. This may lead to a session fixation attack, when a malicious user is able to control another users' initial session ID. As the session is not...
Hitachi Soumu Workflow Authentication Bypassing Vulnerability
Overview Hitachi Soumu Workflow template files contain vulnerabilities that could be exploited to bypass authentication mechanisms. Impact An attacker could access a web page bypassing authentication. Solution Please refer to the 'Vendor Information' section for official remediation and take...
Adobe LiveCycle Workflow管理登录页面跨站脚本漏洞
BUGTRAQ ID: 28209 CVECAN ID: CVE-2008-1202 Adobe LiveCycle Workflow是一个全面的流程管理解决方案,用于帮助企业简化、整合和保护以文档为中心的流程。 LiveCycle Workflow没有正确地过滤对Web管理登录页面的输入便返回给了用户,这可能导致跨站脚本攻击,允许在用户浏览器会话中注入并执行任意HTML和脚本代码。 Adobe LiveCycle Workflow 6.2 Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Cross site scripting
Cross-site scripting XSS vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-1202
Cross-site scripting XSS vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Adobe LiveCycle Workflow crossite scripting
Crossite scripting with web management page...
Advisory Adobe LiveCycle Workflow XSS Vulnerability
Summary Name: Adobe LiveCycle Workflow XSS Vulnerability Release Date: 11 March 2008 Reference: LSD002-2008 CVE Number: CVE-2008-1202 Discover: Dave Lewis Vendor: Adobe Systems Product: LiveCycle Workflow 6.2 Management Web Interface Systems Affected: version 6.2 as tested NB. Other versions may ...
CVE-2008-1202
Cross-site scripting XSS vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-1202
The CVE-2008-1202 case concerns Adobe LiveCycle Workflow 6.2, where the Web Management Login Page fails to properly sanitize input, enabling cross-site scripting (XSS) via unknown vectors. This vulnerability could allow an attacker to inject arbitrary HTML/script into a user’s browser session on ...
Seperate label permissions from edit issue permission
In 3.11 the labels plugin changed so that manipulating labels required the "Edit Issue" permission. This drastically impacted our organizations workflow, as we'd just introduced labels in our previous upgrade, and we don't give "edit issues" to all users, but we do want all authenticated users to...
Seperate label permissions from edit issue permission
In 3.11 the labels plugin changed so that manipulating labels required the "Edit Issue" permission. This drastically impacted our organizations workflow, as we'd just introduced labels in our previous upgrade, and we don't give "edit issues" to all users, but we do want all authenticated users to...