1047 matches found
CVE-2017-14941
CVE-2017-14941 affects JasperReports 4.7. The vulnerability stems from passwords stored in clear text for Data Source Connectors, enabling a remote, authenticated user to view stored Data Source passwords by accessing flow.html during an Edit operation for a Data Source. The attack relies on acce...
CVE-2017-14941
Removed by vendor...
JasperSoft JasperReports 4.7 Password Disclosure
Credits: Joshua Platz aka Binary1985 + CVE ID: CVE-2017-14941 + Website: https://github.com/binary1985 + Source: https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941 Vendor: ==========================...
OpenText Document Sciences xPression 4.5SP1 Patch 13 Arbitrary File Read
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - Arbitrary File Read Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14754 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Explo...
5 Red Flags That Tell You Vendors Are Lying About AI
This is the original version of this article: The term Artificial Intelligence has become a buzzword that people use in sales pitches all the time. You will hear about it in the latest ad copy for new gadgets and programs. It also happens to be the most important tool in the cyber security field...
XML External Entity Injection And Information Disclosure
Falcon is vulnerable to XML external entity injection and information disclosure. It is possible to inject an external entity during XML entity parsing, and leak the location of the credential files in log messages during the data source entity parsing...
Director Error "Cannot retrieve data. Data source unresponsive or reported an error".
The following error is seen in the event viewer of the Director server: Log Name: Application Source: Citrix Director Service Date: 1/20/2017 11:05:33 AM Event ID: 5 Task Category: None Level: Error Keywords: Classic User: N/A Computer: CtxDirector.RepLab.Local Description: The description for...
[SECURITY] Fedora 25 Update: mojarra-2.2.13-1.fc25
JvaServerTM Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly bui ld web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring...
Ubiquiti Inc.: JetBrains .idea project directory
Vulnerability description The .idea directory contains a set of configuration files .xml for your project. These configuration files contain information core to the project itself, such as names and locations of its component modules, compiler settings, etc. If you've defined a data source the fi...
The vulnerability of the Firefox ESR browser, which allows a hacker to read data from uninitialized memory areas
The vulnerability of the YCbCrImageDataDeserializer::ToDataSourceSurface function in Firefox ESR browsers is related to code errors. Exploiting this vulnerability may allow an attacker to read data from uninitialized memory areas remotely...
CVE-2015-0002
creationtimestamp| type| source ---|---|--- 2015-01-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35661 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ntapphelpcachecontrol.rb 2025-02-06 03:13:42+00:00...
DEBIAN-CVE-2014-5025
Cross-site scripting XSS vulnerability in datasources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the namecache parameter in a dsedit action...
DEBIAN-CVE-2014-5026
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...
CVE-2014-5026
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...
UBUNTU-CVE-2014-5026
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...
CVE-2014-5026
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...
CVE-2014-5026
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...
Stack overflow
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file...
SAP Crystal Reports Datasource Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling...