Lucene search
K

31 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2002-0576

Malware in sbrugna...

7.5CVSS6.4AI score0.01571EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-0483

Malware in sbrugna...

7.2CVSS6.4AI score0.00792EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2002-0574

Malware in sbrugna...

7.5CVSS6.4AI score0.01571EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2002-0579

Malware in sbrugna...

5CVSS6.4AI score0.01772EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

WorkforceROI Xpede 4.1/7.0 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4344/info An issue has been reported in Xpede, which could lead to a compromise of user authentication information. Reportedly, Xpede cookies containing username and password data is stored using a weak encryption method...

7.1AI score
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.7 views

CVE-2002-0486

Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges...

7.2CVSS6.5AI score0.00792EPSS
Exploits1References3
NVD
NVD
added 2002/08/12 4:0 a.m.10 views

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache...

4.6CVSS6.7AI score0.00439EPSS
Exploits1References3
NVD
NVD
added 2002/06/18 4:0 a.m.12 views

CVE-2002-0581

WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script...

7.5CVSS8.1AI score0.01571EPSS
Exploits0References3
NVD
NVD
added 2002/06/18 4:0 a.m.6 views

CVE-2002-0580

WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks...

7.5CVSS6.7AI score0.01571EPSS
Exploits0References3
NVD
NVD
added 2002/06/18 4:0 a.m.9 views

CVE-2002-0579

WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password...

7.5CVSS6.9AI score0.01571EPSS
Exploits0References3
NVD
NVD
added 2002/06/18 4:0 a.m.9 views

CVE-2002-0584

WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the tsappprocess.asp script, which is easily guessable because it is incremented by 1 for each new timesheet...

5CVSS6.6AI score0.01772EPSS
Exploits0References3
NVD
NVD
added 2002/06/18 4:0 a.m.10 views

CVE-2002-0582

WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory...

5CVSS6.5AI score0.01601EPSS
Exploits0References3
NVD
NVD
added 2002/06/18 4:0 a.m.11 views

CVE-2002-0583

WorkforceROI Xpede 4.1 uses a small random namespace 5 alphanumeric characters for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack...

5CVSS6.5AI score0.01601EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.15 views

CVE-2002-0581

WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script...

8.1AI score0.01571EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.15 views

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache...

6.7AI score0.00439EPSS
Exploits1References3
CVE
CVE
added 2002/06/11 4:0 a.m.49 views

CVE-2002-0581

The CVE-2002-0581 entry concerns WorkforceROI Xpede 4.1. The vulnerability is a SQL injection in the sprc.asp script, exploited via the Qry parameter, allowing remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database. Root cause: unsafely concate...

7.5CVSS8.5AI score0.01571EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.16 views

CVE-2002-0582

WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory...

6.5AI score0.01601EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.13 views

CVE-2002-0584

WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the tsappprocess.asp script, which is easily guessable because it is incremented by 1 for each new timesheet...

6.6AI score0.01772EPSS
Exploits0References3
CVE
CVE
added 2002/06/11 4:0 a.m.37 views

CVE-2002-0486

Affected: Intellisol Xpede 4.1. The CVE-2002-0486 entry describes that the product stores authentication information in cookies using weak encryption, enabling local access to cookies to escalate privileges. Root cause: weak encryption used for cookie-stored credentials. Impact: according to NVD ...

7.2CVSS6.9AI score0.00792EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.13 views

CVE-2002-0486

Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges...

6.5AI score0.00792EPSS
Exploits1References3
Rows per page
Query Builder