7491 matches found
CVE-2020-6288
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...
CVE-2020-6257
SAP Business Objects Business Intelligence Platform CMC and BI Launchpad 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...
CVE-2020-6231
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2020-11493
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...
CVE-2020-0607
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'...
CVE-2020-6216
SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...
CVE-2020-6269
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure...
CVE-2020-0986
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269,...
CVE-2020-6281
SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting...
CVE-2020-6276
SAP Business Objects Business Intelligence Platform bipodata, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...
CVE-2020-6223
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content...
CVE-2020-6278
SAP Business Objects Business Intelligence Platform BI Launchpad and CMC, versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting...
CVE-2020-6226
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2020-6220
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...
CVE-2020-6251
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted...
CVE-2020-6195
SAP Business Objects Business Intelligence Platform CMC, version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to...
CVE-2020-6222
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2020-6211
SAP Business Objects Business Intelligence Platform AdminTools, versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability...
CVE-2020-17411
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2020-1435
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'...