CVE-2010-0511

CVE-2010-0511 applies to Apple Mac OS X 10.6 (pre-10.6.3). The vulnerability stems from Podcast Producer: when a Podcast Composer workflow is overwritten, the access restrictions on that workflow are removed, enabling an unauthorized user to access the workflow via unspecified vectors. Red Hat an...

SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting

When used in combination with the Token module, the Workflow module does not escape the text entered into the Comment field of the workflow fieldset on the node form. This allows a user with the permission to change the workflow state of a node to perform a Cross Site Scripting XSS attack if a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a 1 workflow or 2 workflow state...

CVE-2009-4513

Multiple cross-site scripting XSS vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a 1 workflow or 2 workflow state...

CVE-2009-4513

Multiple cross-site scripting XSS vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a 1 workflow or 2 workflow state...

CVE-2009-4513

CVE-2009-4513 affects the Drupal Workflow module: 5.x before 5.x-2.4 and 6.x before 6.x-1.2. An XSS vulnerability allows remote authenticated users with the administer workflow privilege to inject arbitrary script/HTML via the name of a workflow or a workflow state. Root cause is insufficient san...

SA-CONTRIB-2009-088 - Workflow Multiple Cross Site Scripting Vulnerabilities

The Workflow module enables sites to define flexible process management systems. Names of workflows and workflow states are not sanitised to display as plain text, leading to a Cross Site Scripting XSS vulnerability. Exploiting this vulnerability would allow a malicious user to gain full...

Heap overflow

Heap-based buffer overflow in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606...

Directory traversal

Directory traversal vulnerability in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to T...

CVE-2008-3684

CVE-2008-3684 is a heap-based buffer overflow in the AWS_TMXN.EXE component (Admin Agent service) of EMC Documentum ApplicationXtender Workflow Server. The vulnerability exists in the aws_tmxn.exe listener on TCP port 2606 and allows remote attackers to execute arbitrary code, as described by ZDI...

CVE-2008-3685

CVE-2008-3685 affects EMC Documentum ApplicationXtender Workflow Server Admin Agent (aws_tmxn.exe); vulnerable via directory traversal sequences over TCP port 2606, enabling remote attackers to upload arbitrary files and execute arbitrary code. Impact is described as potentially remote code execu...

Workflow permission to limit ability to link issues

We need to be able to limit the ability to link issues by the issue status. If we have two issues, and they are both closed, I do not want to be able to link them. If one or both are opened or in progress, I'd like to be able to create the link from the open issue. We are trying to use Jira for...

HP Quality Center缓存工作流脚本绕过安全限制漏洞

BUGTRAQ ID: 33854 CVECAN ID: CVE-2007-5289 HP质量中心可管理和控制质量流程，并在IT和应用环境中实现软件测试自动化。 HP质量中心的前端有一些嵌入到WEB浏览器中的COM组件组成。质量中心提供了自定义功能（被称为工作流），允许管理员修改默认的行为。这个工作流是由VBScript函数驱动的，每当客户端前端出现特定的事件时就会调用这些函数。...

CVE-2007-5289

HP Mercury Quality Center QC 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture OTA API, as...

Issue security based on workflow status

I would be great if permission types could be associated with workflow status. What we would like to do is limit the ability to edit an issue by the reporter to a specific workflow status. Using the issue security scheme is not possible since the reporter should always be allowed to view the issu...

Issue security based on workflow status

I would be great if permission types could be associated with workflow status. What we would like to do is limit the ability to edit an issue by the reporter to a specific workflow status. Using the issue security scheme is not possible since the reporter should always be allowed to view the issu...

Cross site scripting

Cross-site scripting XSS vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-5719

Cross-site scripting XSS vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-5719

CVE-2008-5719 describes a cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages (ASP) before 06-52-/C and Hitachi Groupmax Workflow – Development Kit for Active Server Pages before 06-52-/A. The flaw allows remote attackers to inject arbitrary w...

Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability

Overview Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability. Impact A remote attacker could have the users execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...