2 matches found
CVE-2007-0853
CVE-2007-0853 is a SQL injection in DevTrack 6.0.3. The vulnerability resides in the Web Services component’s handling of the 'UserName' parameter, where unsanitized input is used in a database query. An unauthenticated, remote attacker could manipulate SQL queries via the Username form field, po...
CVE-2007-0852
DevTrack 6.x is affected by CVE-2007-0852, a cross-site scripting (XSS) vulnerability. The flaw allows remote attackers to inject arbitrary web script or HTML via the Keyword search form field and other inputs that populate a public saved query. Descriptions in CVE/NVD records confirm unsafe hand...