6 matches found
CVE-2002-0582
WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory...
CVE-2002-0583
WorkforceROI Xpede 4.1 uses a small random namespace 5 alphanumeric characters for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack...
CVE-2002-0582
CVE-2002-0582 affects WorkforceROI Xpede 4.1. The vulnerability stems from storing temporary expense claim reports in a world-readable and indexable /reports/temp directory, enabling remote readers to access the reports. The NVD entry lists a CVSS v2 base score of 5.0 (Medium) with network attack...
CVE-2002-0584
The CVE-2002-0584 entry concerns WorkforceROI Xpede 4.1. The vulnerability allows remote attackers to read user timesheets by tampering with the TSN ID parameter in the ts_app_process.asp script. The TSN ID is easily guessable because it is incremented by 1 for each new timesheet, enabling an att...
CVE-2002-0486
Affected: Intellisol Xpede 4.1. The CVE-2002-0486 entry describes that the product stores authentication information in cookies using weak encryption, enabling local access to cookies to escalate privileges. Root cause: weak encryption used for cookie-stored credentials. Impact: according to NVD ...
CVE-2002-0583
CVE-2002-0583 affects WorkforceROI Xpede 4.1. The vulnerability stems from using a small random namespace (5 alphanumeric chars) for temporary expense claim reports stored under /reports/temp, enabling remote attackers to read these reports through brute-force access. Impact described as confiden...