66 matches found
EUVD-2020-11490
Malware in sbrugna...
EUVD-2019-1892
Malware in sbrugna...
EUVD-2020-11491
Malware in sbrugna...
EUVD-2021-23004
Malware in sbrugna...
EUVD-2021-23003
Malware in sbrugna...
EUVD-2021-23002
Malware in sbrugna...
CVE-2021-36389
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4"...
CVE-2021-36387
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4"...
CVE-2021-36388
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4"...
CVE-2020-19586
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI...
CVE-2020-19587
Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...
CVE-2019-1010147
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...
PT-2023-15515 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
PT-2023-15516 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
PT-2023-15514 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
PT-2023-15517 · Undefined · Undefined
exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...
CVE-2020-19586
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI...
CVE-2020-19587
Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...
CVE-2020-19587
Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...
CVE-2020-19586
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI...