Lucene search
+L

71 matches found

Prion
Prion
added 2014/04/10 11:55 p.m.17 views

Code injection

IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors...

4CVSS6AI score0.0162EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/04/10 11:0 p.m.27 views

CVE-2014-0920

IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors...

5.6AI score0.0162EPSS
Exploits1References3
CVE
CVE
added 2014/04/10 11:0 p.m.51 views

CVE-2014-0920

IBM SPSS Analytic Server versions 1.0.0.0 (before IF002) and 1.0.1.0 (before IF004) are affected by CVE-2014-0920, which causes logs to contain passwords in plaintext, allowing authenticated remote users to obtain sensitive information via unspecified vectors. The vulnerability is addressed by IB...

4CVSS5.7AI score0.0162EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2013/11/28 4:37 a.m.19 views

CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

10CVSS7.6AI score0.31428EPSS
Exploits0References1
Prion
Prion
added 2013/11/28 4:37 a.m.9 views

Deserialization of untrusted data

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

10CVSS8.1AI score0.31428EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/11/28 2:0 a.m.41 views

CVE-2013-5912

Vuln CVE-2013-5912 affects Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995. The VhttpdMgr importFile function accepts a fileName parameter in a URL to trigger remote code execution of arbitrary code with system privileges. Exploitation remotely via crafted importFile URL ...

10CVSS7.8AI score0.31428EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/11/28 2:0 a.m.19 views

CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

7.6AI score0.31428EPSS
Exploits0References1
CERT
CERT
added 2013/11/22 12:0 a.m.51 views

Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerability

Overview Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995 and possibly earlier versions contain a code injection vulnerability CWE-94. Description CWE-94:Improper Control of Generation of Code 'Code Injection' Thomson Reuters Velocity Analytics Vhayu Analytic Serve...

10CVSS7.8AI score0.31428EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2013/01/08 12:0 a.m.34 views

IBM Cognos tm1admsd.exe Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'IBM Cognos...

10CVSS0.5AI score0.5485EPSS
Exploits8
Exploit DB
Exploit DB
added 2013/01/08 12:0 a.m.209 views

IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'IBM Cognos...

10CVSS7AI score0.5485EPSS
Exploits8
Metasploit
Metasploit
added 2013/01/05 6:40 a.m.45 views

IBM Cognos tm1admsd.exe Overflow

This module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested...

10CVSS1.3AI score0.5485EPSS
Exploits8
Rows per page
Query Builder