39 matches found
EUVD-2007-3010
Malware in sbrugna...
EUVD-2007-3009
Malware in sbrugna...
EUVD-2007-3005
Malware in sbrugna...
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
''' CVE Identifier: CVE-2017-7221 Vendor: OpenText Affected products: OpenText Documentum Content Server all versions Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Fix: not available PoC:...
contentserver 5.6.2929 errors/transaction.asp msg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24895/info activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitra...
ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these input-validation...
contentserver 5.6.2929 errors/rights.asp msg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24895/info activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitra...
ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24894/info activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
CVE-2008-1000
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 aka Leopard allows remote authenticated users to write arbitrary files via ".." sequences in file attachments...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
Design/Logic Flaw
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
Design/Logic Flaw
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3018
CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
ActiveWeb Contentserver Picture_Real_Edit.ASP SQL注入漏洞
ActiveWeb Contentserver是一款基于ASP的WEB应用程序。 ActiveWeb Contentserver不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'picturerealedit.asp'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 activeWeb contentserver 5.6.2929 升级到5.6.2964版本: http://www.active-web.de/aw/home/Produkte/gf/contentserver/...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3013
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...