EUVD-2019-1060

Malware in sbrugna...

EUVD-2020-27397

Malware in sbrugna...

CVE-2020-6247

SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability...

CVE-2019-0287

Under certain conditions SAP BusinessObjects Business Intelligence platform Central Management Server, versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted...

File Upload Vulnerability in the Center Management Server System of Guangdong Paulan Electronics Co.

Guangzhou Paulun Electronic Co., Ltd. is a company mainly engaged in public broadcasting, campus broadcasting, conference system, paperless system, recording and broadcasting system, intelligent campus, stage lighting, LED big screen, landscape lighting and other projects. A file upload...

Nuuo Central Management Server Authenticated Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...

CVE-2022-28214

During an update of SAP BusinessObjects Enterprise, Central Management Server CMS - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability...

Command Execution Vulnerability in the Center Management Server System of Guangzhou Paulan Electronics Co.

Guangzhou Paulun Electronic Co., Ltd. is a company mainly engaged in public broadcasting, campus broadcasting, conference system, paperless system, recording and broadcasting system, intelligent campus, stage lighting, LED big screen, landscape lighting and other projects. A command execution...

CVE-2020-6247

SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability...

CVE-2020-6247

SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability...

CVE-2019-0287

Under certain conditions SAP BusinessObjects Business Intelligence platform Central Management Server, versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted...

Nuuo Central Management Server Authenticated Arbitrary File Download

The Nuuo Central Management Server allows an authenticated user to download files from the installation folder. This functionality can be abused to obtain administrative credentials, the SQL Server database password and arbitrary files off the system with directory traversal. The module will...

Nuuo Central Management Server Authenticated Arbitrary File Upload

The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the "FileName" parameter, which accepts directory traversal ..\..\ characters. Therefore, this function can be abused to overwrite any files in the installation drive of...

Nuuo Central Management Server Authenticated Arbitrary File Download

Nuuo Central Management Server allows authenticated users to download files. A directory traversal flaw in the FileType header allows the user to specify a file outside of the intended directories to download. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details Details fro...

Nuuo Central Management Server Authenticated SQL Server SQLi

Nuuo Central Management Server v3.3 and prior are vulnerable to an authenticated SQL injection vulnerability. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details Details from module documentation in Metasploit. The GETOPENALARM verb is used to obtain information about alar...

Symantec Endpoint Protection 12.1.4013 Service Disabling Vulnerability

Exploit for windows platform in category dos / poc Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection Version:12.1.401...

Crystal Reports Central Management Server Detection

The remote service is a Central Management Server also known as Crystal Management Server and Automated Process Scheduler, a key component of Crystal Reports Server that centralizes information about users, security levels, published objects, and servers. %NASLMINLEVEL 70300 C Tenable Network...