EUVD-2014-8157

Malware in sbrugna...

CVE-2014-8316

XML External Entity XXE vulnerability in polestarxml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request...

CVE-2014-8316

CVE-2014-8316 is an XML External Entity (XXE) vulnerability in SAP BusinessObjects Explorer 14.0.5 build 882, affecting polestar_xml.jsp. The issue enables remote attackers to read arbitrary files through the xmlParameter parameter in an explorationSpaceUpdate request, implying potential partial ...

CVE-2014-8315

CVE-2014-8315 affects polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882. The issue is a timing-based side-channel that allows remote attackers to perform port scanning via a host name and port provided in the cms parameter. Connected records confirm the product/version and the des...

SAP Security Note 1908531 - XXE in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Untrusted XML input parsing possible in SBOP Explorer Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908531 0...

SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...