Design/Logic Flaw

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

CVE-2007-3256

CVE-2007-3256 affects Xythos Enterprise Document Manager (XEDM), Xythos Digital Locker (XDL), and possibly WebFile Server prior to 6.0.46.1. The root issue is insufficient server-side validation of the Content-Type value set by remote authenticated users, allowing them to associate arbitrary Cont...

CVE-2007-3255

CVE-2007-3255 affects Xythos Enterprise Document Manager (XEDM) and related products. Vulnerabilities allow remote authenticated users to perform actions as other users via CSRF: (1) a saved Workflow name and (2) Content-Type header manipulation. Affects XEDM <5.0.25.8 and 6.x

SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-004 Advisory Title: Multiple Vulnerabilities in Xythos Server Products Author: Brian Reilly / [email protected] Release Date: 26-06-2007...