8 matches found
CVE-2002-0487
CVE-2002-0487 affects Intellisol Xpede 4.1, where passwords are stored in plaintext within a Javascript “session timeout” re-authentication capability. The underlying issue is plaintext password storage in a source file/cache accessible to the local user, enabling a local attacker to read credent...
CVE-2002-0579
The CVE covers WorkforceROI Xpede 4.1, where the /admin/adminproc.asp script allows remote attackers to gain Xpede administrator privileges without prompting for a password. The underlying issue is an authentication bypass in that admin endpoint, enabling privilege escalation. The sources confirm...
CVE-2002-0581
The CVE-2002-0581 entry concerns WorkforceROI Xpede 4.1. The vulnerability is a SQL injection in the sprc.asp script, exploited via the Qry parameter, allowing remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database. Root cause: unsafely concate...
CVE-2002-0580
The CVE-2002-0580 entry concerns WorkforceROI Xpede 4.1. The provided materials indicate that remote attackers can obtain the database username by requesting datasource.asp, which leaks the username in a form. This exposure can facilitate easier brute-force password guessing attacks against the d...
CVE-2002-0582
CVE-2002-0582 affects WorkforceROI Xpede 4.1. The vulnerability stems from storing temporary expense claim reports in a world-readable and indexable /reports/temp directory, enabling remote readers to access the reports. The NVD entry lists a CVSS v2 base score of 5.0 (Medium) with network attack...
CVE-2002-0583
CVE-2002-0583 affects WorkforceROI Xpede 4.1. The vulnerability stems from using a small random namespace (5 alphanumeric chars) for temporary expense claim reports stored under /reports/temp, enabling remote attackers to read these reports through brute-force access. Impact described as confiden...
CVE-2002-0584
The CVE-2002-0584 entry concerns WorkforceROI Xpede 4.1. The vulnerability allows remote attackers to read user timesheets by tampering with the TSN ID parameter in the ts_app_process.asp script. The TSN ID is easily guessable because it is incremented by 1 for each new timesheet, enabling an att...
CVE-2002-0486
Affected: Intellisol Xpede 4.1. The CVE-2002-0486 entry describes that the product stores authentication information in cookies using weak encryption, enabling local access to cookies to escalate privileges. Root cause: weak encryption used for cookie-stored credentials. Impact: according to NVD ...