EUVD-2007-4264

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors...

CVE-2007-4281

Cross-site scripting XSS vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors...

CVE-2007-2849

KnowledgeTree Document Management aka KnowledgeTree Open Source before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check...

CVE-2006-2886

view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produc...

Design/Logic Flaw

view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produc...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 fDocumentId parameter in view.php and the 2 fSearchableText parameter in /search/simpleSearch.php...

CVE-2006-2885

KnowledgeTree Open Source prior to or including 3.0.3 is affected by XSS vulnerabilities in view.php (fDocumentId) and /search/simpleSearch.php (fSearchableText). The root cause is insufficient input validation/escaping enabling remote injection of arbitrary web scripts or HTML. Impact: attackers...