Searching reports software vulnerabilities

Crystal Reports, when displaying data for a pas

displaying | attackers | protected | passwords | cleartext | username | database | password | Reports | Crystal | allows | obtain | remote | embeds | pages | using | which | data | HTML | page | URL |

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.


Anthill allows remote attackers to bypass authe

authentication | enterbugphp | postbugphp | attackers | accessing | directly | program | reports | Anthill | instead | allows | bypass | remote | file | bug |

Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php.


WorkforceROI Xpede 4.1 uses a small random name

WorkforceROI | namespace | random | small | Xpede | uses |

WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.


Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL)

WTRS_UIEXE | overflow | Buffer |

Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory.


The Web Reports Server for SurfControl SuperSco

web-accessible | "scwebusers" | SurfControl | SuperScout | usernames | passwords | directory | attackers | WebFilter | password | username | Reports | remote | Server | obtain | stores | allows | crack | valid | which | file | Web |

The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords.


UserManager.js in the Web Reports Server for Su

administrative | administrator | UserManagerjs | SurfControl | encryption | Javascript | hard-coded | SuperScout | attackers | functions | WebFilter | password | function | decrypt | Reports | Server | allows | remote | using | which | weak | uses | Web | key |

UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function.


The Web Reports Server for SurfControl SuperSco

SurfControl | SuperScout | attackers | WebFilter | Reports | service | denial | remote | allows | Server | cause | Web |

The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow.


Directory traversal vulnerability in the Web Re

vulnerability | SurfControl | containing | SuperScout | WebFilter | arbitrary | Directory | traversal | attackers | Reports | request | allows | Server | remote | files | read | HTTP | Web | via |

Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences.


SQL injection vulnerabilities in the Web Report

vulnerabilities | SimpleBardll | SurfControl | SuperScout | WebFilter | RunReport | arbitrary | attackers | injection | possibly | execute | Reports | queries | option | Server | remote | other | allow | DLLs | SQL | via | Web |

SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs.


The library feature for Adobe Content Server 3.

available | accessing | attacker | bookbag" | exceeded | library | feature | reports | maximum | Content | number | allows | remote | Server | copies | Adobe | check | loans | eBook | more | even | "Add | out |

The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available.


NetInfo Manager on Mac OS X 10.3.x through 10.3

through | Manager | NetInfo | 103x | Mac |

NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.


The web interface for Crystal Reports allows re

interface | attackers | Reports | service | Crystal | denial | allows | remote | cause | web |

The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.


reportbug 3.2 includes settings from .reportbug

reportbugrc | information | smtppasswd | sensitive | reportbug | smtpuser | includes | settings | reports | exposes | which | such | bug |

reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.


McAfee IntruShield Security Management System a

authenticated | demonstrated | IntruShield | Management | "Generate | Security | Reports" | feature | setting | option | modify | alerts | allows | System | McAfee | access | remote | using | users | true |

McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp.


Multiple SQL injection vulnerabilities in Churc

vulnerabilities | ChurchInfo | arbitrary | attackers | injection | parameter | commands | Multiple | PersonID | execute | remote | allow | SQL | via |

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.


ChurchInfo allows remote attackers to execute o

information | ChurchInfo | sensitive | attackers | parameter | PersonID | execute | remote | allows | obtain | via |

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.


Unspecified vulnerability in Report Application

vulnerability | Application | Unspecified | Server | Report |

Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.


Unspecified vulnerability in the Oracle Reports

vulnerability | Application | Unspecified | Developer | component | Reports | Server | Oracle |

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03.


SQL injection vulnerability in the reports syst

vulnerability | OpenBiblio | injection | reports | before | system | SQL |

SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.


Unspecified vulnerability in the reports system

vulnerability | Unspecified | OpenBiblio | reports | before | system |

Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.


Software vulnerabilities results 1 to 20 of 83     
Page: 12345