16 matches found
EUVD-2006-5660
Malware in sbrugna...
EUVD-2009-5054
Malware in sbrugna...
EUVD-2009-5055
Malware in sbrugna...
EUVD-2009-5056
Malware in sbrugna...
Pentaho BI 1.x Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/36672/info Pentaho BI is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage these issues to execute...
Pentaho BI Server Multiple Vulnerabilities
The host is running Pentaho BI Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodpentahobiservermultvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ Pentaho BI Server Multiple Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...
CVE-2009-5100
Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password...
CVE-2009-5101
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID JSESSIONID in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic...
CVE-2009-5099
Cross-site scripting XSS vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter...
Session fixation
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID JSESSIONID in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic...
CVE-2009-5099
The Connected documents confirm CVE-2009-5099 affects Pentaho BI Server (1.7.0.1062 and earlier) via a Cross‑Site Scripting vulnerability in the ViewAction component, exploitable through the outputType parameter. Root cause: insufficient input validation/sanitization of the outputType parameter a...
CVE-2009-5101
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID JSESSIONID in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic...
CVE-2009-5099
Cross-site scripting XSS vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter...
Pentaho BI 1.x - Multiple Cross-Site Scripting Information Disclosure Vulnerabilities
Pentaho BI 1.x - Multiple Cross-Site Scripting Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/36672/info Pentaho BI is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly validate user-supplied input. An...
Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/36672/info Pentaho BI is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...
CVE-2006-5675
Multiple unspecified vulnerabilities in Pentaho Business Intelligence BI Suite before 1.2 RC3 1.2.0.470-RC3 have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts...