239 matches found
CVE-2012-3473
The 1 reports API and 2 administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions...
IBM Jazz Reporting Service Code Issue Vulnerability
IBM Jazz Reporting Service is a suite of ready-to-use reporting components from International Business Machines IBM. The product includes features such as report generation, data collection and lifecycle queries. A code issue vulnerability exists in IBM Jazz Reporting Service that stems from a...
CVE-2024-9150
Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a...
CVE-2024-9150 Code Injection in Wyn Enterprise
Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a...
CVE-2024-9150
CVE-2024-9150 affects Wyn Enterprise: the report generation feature allows code inclusion beyond safe bounds, enabling a low-privilege user to abuse the functionality to execute malicious code, load DLLs, and run OS commands on a high-privilege host. The vulnerability arises from insufficient inp...
Wyn Enterprise 安全漏洞
Wyn Enterprise is an embedded business intelligence and analytics tool from Wyn Enterprise, Inc. A security vulnerability exists in Wyn Enterprise prior to version 8.0.00204.0, which stems from a report generation feature that allows code to be included, but does not adequately restrict the code...
PT-2025-7455 · Unknown · Wyn Enterprise
Name of the Vulnerable Software and Affected Versions: Wyn Enterprise versions prior to 8.0.00204.0 Description: The report generation functionality in Wyn Enterprise allows for code inclusion but does not sufficiently limit what code might be included. An attacker can use a low-privileges accoun...
CVE-2022-33273
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation...
The vulnerability of the module that summarizes the Workflow framework for scanning vulnerabilities in Osmedeus, allowing attackers to perform cross-site scripting attacks
The vulnerability of the Workflow framework’s module summary component is related to the failure to remove specific elements from web pages when generating reports based on the general-template.md template. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...
Cross-Site Scripting (XSS)
github.com/j3ssie/osmedeus is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper filtering of file contents when generating reports. The contents of the report files HTML and Markdown are read and used to generate the report, but they are not adequately sanitized, allowi...
MAL-2024-10153 Malicious code in reportgenpub (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Lansweeper Credential Collector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lansweeper Credential Collector', 'Description' = %q Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL databas...
Report Generation Fails with "lookup prometheus-server-exp: no such host"
Challenge After enabling Veeam Kasten for Kubernetes reports, reports are not generated. When running an on-demand report policy, the following error message is observed within the executor logs: "message":"Post "http://prometheus-server-exp:80/k10/prometheus/api/v1/query": dial tcp: lookup...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
CVE-2021-22142
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to condu...
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...
Design/Logic Flaw
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...