CVE-2004-0533

CVE-2004-0533 describes a vulnerability in Business Objects WebIntelligence 2.7.0–2.7.4 where client-side access controls allow an authenticated user to bypass restrictions and delete arbitrary server documents via a crafted InfoView delete request. The root cause is the lack of server-side enfor...

CVE-2004-0534

Cross-site scripting XSS vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document...

CVE-2004-0534

CVE-2004-0534 is a documented XSS in Business Objects InfoView 5.1.4–5.1.8 / WebIntelligence 2.7.0–2.7.4. The root cause is incomplete server‑side validation for the document name during upload, allowing arbitrary script/HTML via the filename. Impact: remote attacker can inject script, potentiall...

Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability

Description A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the...

Microsoft Internet Explorer 5.0.1 - DHTML Object Race Condition Memory Corruption

Microsoft Internet Explorer 5.0.1 - DHTML Object Race Condition Memory Corruption source: https://www.securityfocus.com/bid/13120/info A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This iss...

Microsoft Internet Explorer 5.0.1 - DHTML Object Race Condition Memory Corruption

source: https://www.securityfocus.com/bid/13120/info A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This issue presents itself the affected application attempts to process certain script...

Microsoft Internet Explorer DHTML objects contain a race condition

Overview A race condition in the way that Internet Explorer handles DHTML objects may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft:Dynamic HTML DHTML is built on an object model that extends the traditional static HTML document which...

OutStart Participate Enterprise 3 - Multiple Access Validation Vulnerabilities

source: https://www.securityfocus.com/bid/12752/info Participate Enterprise is reported prone to multiple access validation vulnerabilities. These issues may allow remote attackers to disclose sensitive information and corrupt and delete data that can ultimately lead to a denial of service...

security flaw

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

CVE-2005-0298

The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information...

CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

Python SimpleXMLRPCServer.py library unauthorized access

It's possible to access internal objects...

PeteFinnigan.com - Oracle security advisory

Hi I have just created a security advisory for the issue I found that is fixed in Oracle latest security patch. The issue is with abuse of DIRECTORY objects and can be found here http://www.petefinnigan.com/directorytraversal.pdf - I have also updated my Oracle security alerts page to link to thi...

CVE-2004-2291

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut link to execute the target script...

CVE-2004-0533

Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client...

PT-2004-3225 · Adobe · Coldfusion Mx

Name of the Vulnerable Software and Affected Versions: ColdFusion MX versions 6.1 and 6.1 J2EE Description: The issue allows local users to bypass sandbox security restrictions and obtain sensitive information. This is achieved by using Java reflection methods to access trusted Java objects witho...

Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)

Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code MS04-038 source: https://www.securityfocus.com/bid/11466/info The Microsoft cumulative Internet Explorer patch MS04-038 attempted to limit what files may be dragged and dropped onto the local computer from the Internet Zone ...

CVE-2004-0534

Cross-site scripting XSS vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document...

[Full-Disclosure] Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue

-- Corsaire Security Advisory -- Title: Business Objects WebIntelligence arbitrary document deletion issue Date: 27.05.04 Application: WebIntelligence 2.7, Business Objects 5.1 Environment: Various Author: Stephen de Vries [email protected] Audience: General distribution Reference: c040527-001...