8 matches found
CVE-2003-0401
Affected software/impact (summary). CVE-2003-0401 affects Vignette StoryServer and Vignette V/5. The vulnerability is describ ed as allowing remote attackers to obtain sensitive information by requesting the /vgn/style template. The NVD entry provides a network-accessible impact with partial conf...
CVE-2003-0399
CVE-2003-0399 affects Vignette StoryServer 4/5 and V/5 (and possibly other versions). The vulnerability allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template, indicating abuse of session/authen...
CVE-2003-0400
CVE-2003-0400 affects Vignette StoryServer and Vignette V/5; the vulnerability arises from miscalculating the size of text variables, causing Vignette to return unauthorized portions of memory. The issue is demonstrated via a CookieName argument to the login template using the "-->" string, de...
CVE-2003-0405
CVE-2003-0405 affects Vignette StoryServer 5 and Vignette V/6. A flaw allows remote attackers to execute arbitrary TCL code by supplying crafted input: (1) an HTTP query or cookie processed in the NEEDS command, or (2) an HTTP Referrer processed in the VALID_PATHS command. Root cause: improper ha...
CVE-2003-0398
Affected products: Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled. Vulnerability: remote attackers could execute arbitrary code by providing a crafted text variable to a Vignette Application that is later displayed. Underlying cause/details are not expli...
CVE-2003-0402
CVE-2003-0402 affects Vignette StoryServer 5 and Vignette V/5, where the default login template (/vgn/login) returns different responses depending on whether a user exists. This behavior allows remote attackers to identify valid usernames via brute force, enabling username enumeration. The NVD en...
CVE-2003-0404
CVE-2003-0404 affects Vignette StoryServer 4/5 and Vignette V/5 and V/6. Vulnerability: multiple Cross Site Scripting (XSS) via text variables, demonstrated through the errInfo parameter in the default login template. Impact: remote attackers can inject arbitrary HTML and script. Exploitation det...
CVE-2003-0403
CVE-2003-0403 affects Vignette StoryServer 5 and Vignette V/5. Remote attackers can read and modify license information and cause a denial of service by directly accessing the /vgn/license template. The provided documents do not include root-cause analysis, affected versions beyond the products n...