6 matches found
Quest InTrust 10.4.x ReportTree and SimpleTree Classes
No description provided by source. Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite homepage: http://www.quest.com/intrust/ description: InTrust securely collects, stores, reports and alerts on event log data from Windows, Unix and...
Design/Logic Flaw
The 1 SimpleTree and 2 ReportTree classes in the ARDoc ActiveX control ARDoc.dll in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument...
Quest InTrust 10.4.x - ReportTree SimpleTree Classes
Quest InTrust 10.4.x - ReportTree SimpleTree Classes Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite homepage: http://www.quest.com/intrust/ description: "InTrust securely collects, stores, reports and alerts on event log data from...
Quest InTrust 10.4.x - ReportTree / SimpleTree Classes
Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite homepage: http://www.quest.com/intrust/ description: "InTrust securely collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems, helping you comply...
CVE-2008-5043
Multiple cross-site scripting XSS vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via 1 the elementid parameter in a generatedreportresults action to the ReportTree program, 2 the jnlpnam...
IBM Tivoli Netcool Service Quality Manager跨站脚本及HTML代码注入漏洞
BUGTRAQ ID: 32233 IBM Tivoli Netcool Service Quality Manager是IBM Tivoli服务质量管理解决方案的核心软件。 Tivoli Netcool Service Quality Manager的Web接口中存在多个跨站脚本漏洞,已认证的用户可以使用报表生成功能创建名称中嵌入了恶意代码的报表,当在主面板中打开报表历史时就会在用户浏览器会话中执行注入的代码。 至少有以下三个页面存在漏洞: http://server/document root/ReportTree http://server/document root/Launch...