EUVD-2006-2950

Malware in sbrugna...

EUVD-2006-2951

Malware in sbrugna...

CVE-2006-2953

Cross-site scripting XSS vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter...

CVE-2006-2954

SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter...

Sql injection

SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter...

CVE-2006-2953

CVE-2006-2953 describes an XSS in OfficeFlow 2.6 and earlier via the sqlType parameter in default.asp. The vulnerability enables remote attackers to inject arbitrary script/HTML, with network attack vector, no confidentiality impact and partial integrity impact according to the cited metrics (I:P...

CVE-2006-2953

Cross-site scripting XSS vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter...

CVE-2006-2954

CVE-2006-2954 affects OfficeFlow 2.6 and earlier, where a SQL injection vulnerability exists in files.asp that allows remote attackers to execute arbitrary SQL commands via the Project parameter. The publicly available documents confirm the vulnerable component (files.asp) and the injection vecto...

CVE-2006-2954

SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter...