CVE-2007-0275

Cross-site scripting XSS vulnerability in Oracle Reports Web Cartridge RWCGI60 in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and...

CVE-2007-0275

CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...

Hitachi Soumu Workflow多个未明SQL注入漏洞

Soumu Workflow多个模板文件不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 目前没有详细漏洞细节提供。 Hitachi Soumu Workflow For Groupmax 1.0 Hitachi Soumu Workflow 3.0 Hitachi Soumu Workflow 2.0 Hitachi Koukyoumuke Soumu Workflow 1.0 用户可以联系供应商，参考如下公告获得补丁信息： http://www.hitachi-support.com/securitye/vulse/HS06-016e/01-e.ht...

Hitachi Soumu Workflow多个验证绕过漏洞

Soumu Workflow多个模板文件中存在验证绕过问题。 由于这些问题，验证机制在某些WEB页上没有工作，导致攻击者可以利用这些WEB页进行各种管理操作。 Hitachi Soumu Workflow For Groupmax 1.0 Hitachi Soumu Workflow 3.0 Hitachi Soumu Workflow 2.0 Hitachi Koukyoumuke Soumu Workflow 1.0 用户可以联系供应商，参考如下公告获得补丁信息：...

CVE-2006-6705

Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors...

CVE-2006-6706

SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages...

CVE-2006-6705

Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors...

CVE-2006-6706

SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages...

CVE-2006-6706

Technical details about CVE-2006-6706 are not publicly available in the provided documents. Please monitor for updates from official advisories.

CVE-2006-6705

The CVE-2006-6705 issue affects Hitachi Soumu Workflow template files (Groupmax 01-00…01-01, Soumu Workflow 02-00…03-03, Koukyoumuke Soumu Workflow 01-00…01-01). The vulnerability enables remote attackers to bypass authentication on web pages via unknown vectors, per JVN and NVD entries. Impact i...

CVE-2006-3716

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln 1 APPS01 for Internet Expenses; 2 APPS02, 3 APPS05, 4 APPS06, 5 APPS07, 6 APPS08, 7 APPS09, and 8 APPS10 for Oracle Application Object Library; 9...

CVE-2006-3716

Technical details about CVE-2006-3716 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are specified here. Monitor for official updates and disclosures.

Authentication flaw

Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system...

CVE-2006-1628

Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system...

CVE-2006-1628

Affected software : Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01. Vulnerability : an authentication flaw where accounts marked as OBSOLETE can still authenticate and perform privileged actions. Root cause : mismatch in account state vs. authentication/authorization in the authen...

Design/Logic Flaw

Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 Oracle9i, and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln WF01 in the Oracle...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 Oracle9i, and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 WF02...

CVE-2006-0290

Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 Oracle9i, and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln WF01 in the Oracle...

CVE-2006-0290

Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 Oracle9i, and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln WF01 in the Oracle...

CVE-2006-0291

Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 Oracle9i, and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 WF02...