71 matches found
Code injection
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2014-0920
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2014-0920
IBM SPSS Analytic Server versions 1.0.0.0 (before IF002) and 1.0.1.0 (before IF004) are affected by CVE-2014-0920, which causes logs to contain passwords in plaintext, allowing authenticated remote users to obtain sensitive information via unspecified vectors. The vulnerability is addressed by IB...
CVE-2013-5912
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...
Deserialization of untrusted data
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...
CVE-2013-5912
Vuln CVE-2013-5912 affects Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995. The VhttpdMgr importFile function accepts a fileName parameter in a URL to trigger remote code execution of arbitrary code with system privileges. Exploitation remotely via crafted importFile URL ...
CVE-2013-5912
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...
Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerability
Overview Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995 and possibly earlier versions contain a code injection vulnerability CWE-94. Description CWE-94:Improper Control of Generation of Code 'Code Injection' Thomson Reuters Velocity Analytics Vhayu Analytic Serve...
IBM Cognos tm1admsd.exe Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'IBM Cognos...
IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'IBM Cognos...
IBM Cognos tm1admsd.exe Overflow
This module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested...