Vulnerabilities > Peoplesoft > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2435 | Cross-Site Scripting vulnerability in Peoplesoft Hrms 7.0 Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts. network peoplesoft | 4.3 |
2003-12-31 | CVE-2003-0627 | Denial of Service vulnerability in PeopleSoft PeopleBooks psdoccgi.exe psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments. | 5.0 |
2003-12-15 | CVE-2003-0629 | Unspecified vulnerability in Peoplesoft Peopletools Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. network peoplesoft | 4.3 |
2003-12-15 | CVE-2003-0628 | Unspecified vulnerability in Peoplesoft Peopletools PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. | 5.0 |
2003-11-13 | CVE-2003-0626 | Directory Traversal vulnerability in PeopleSoft PeopleBooks psdoccgi.exe psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments. | 5.0 |
2003-03-18 | CVE-2003-0104 | Remote Command Execution vulnerability in PeopleSoft PeopleTools SchedulerTransfer Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet. | 5.0 |
2003-02-07 | CVE-2002-1252 | Remote File Disclosure vulnerability in PeopleSoft XML External Entity The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. | 5.0 |