Cross site scripting

Cross-site scripting XSS vulnerability in ServiceRequests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the RequestNameDisplay parameter...

CVE-2006-1266

CVE-2006-1266 is a cross-site scripting (XSS) flaw in VPMi Enterprise 3.3, exploitable via the Request_Name_Display parameter in Service_Requests.asp. The issue allows remote attackers to inject arbitrary web script or HTML. The vulnerability is documented with an NVD CVSSv2 base score of 4.3 (ME...

Sql injection

DISPUTED SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely fr...

CVE-2006-0897

SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...