3 matches found
CVE-2006-6629
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation PG Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings 1 dangerousMacros.pl, 2 PG.pl, or 3...
CVE-2006-6629
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation PG Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings 1 dangerousMacros.pl, 2 PG.pl, or 3...
CVE-2004-1442
Cross-site scripting XSS vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."...