EUVD-2018-14261

Malware in sbrugna...

SAP Crystal Reports Server OEM Edition Local Elevation of Privilege Vulnerability

SAP Crystal Reports Server OEM Edition CRSE is a reporting solution from SAP. It enables the creation of richly formatted reports using what-if scenario models, interactive business dashboards, and charts, which can be delivered via the Web, e-mail, Microsoft Office, Adobe PDF, or embedded in...

CVE-2018-2406

Unquoted windows search path directory/path traversal vulnerability in Crystal Reports Server, OEM Edition CRSE, 4.0, 4.10, 4.20, 4.30, startup path...

CVE-2018-2406

Unquoted windows search path directory/path traversal vulnerability in Crystal Reports Server, OEM Edition CRSE, 4.0, 4.10, 4.20, 4.30, startup path...

Path traversal

Unquoted windows search path directory/path traversal vulnerability in Crystal Reports Server, OEM Edition CRSE, 4.0, 4.10, 4.20, 4.30, startup path...

CVE-2018-2406

Unquoted windows search path directory/path traversal vulnerability in Crystal Reports Server, OEM Edition CRSE, 4.0, 4.10, 4.20, 4.30, startup path...

CVE-2018-2406

CVE-2018-2406 affects SAP Crystal Reports Server OEM Edition (CRSE) startup path: unquoted Windows search path leads to local directory/path traversal. Versions 4.0, 4.10, 4.20, 4.30 are affected; local privilege elevation is indicated in connected CNVD entry. The vulnerability’s CVSS notes local...

Crystal Reports Server InfoView logonAction Parameter XSS

The InfoView component included with the Crystal Reports Server install on the remote host contains a JSP script fails to sanitize user input to the 'logonAction' parameter of its 'logon.jsp' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to...

CVE-2009-3344

Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service infinite loop via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable...

CVE-2009-3346

Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However,...

CVE-2009-3346

The CVE-2009-3346 entry concerns SAP Crystal Reports Server 2008 with an unspecified vulnerability that could allow remote code execution via unknown vectors, as demonstrated by VulnDisco Pack Professional versions 8.3–8.11. The description notes that, as of 2009-09-17, there is no actionable inf...