11 matches found
EUVD-2009-5055
Malware in sbrugna...
EUVD-2009-5054
Malware in sbrugna...
EUVD-2009-5056
Malware in sbrugna...
Pentaho BI Server Multiple Vulnerabilities
The host is running Pentaho BI Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodpentahobiservermultvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ Pentaho BI Server Multiple Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...
CVE-2009-5099
Cross-site scripting XSS vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter...
CVE-2009-5101
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID JSESSIONID in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic...
CVE-2009-5100
Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password...
Session fixation
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID JSESSIONID in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic...
CVE-2009-5099
Cross-site scripting XSS vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter...
CVE-2009-5099
The Connected documents confirm CVE-2009-5099 affects Pentaho BI Server (1.7.0.1062 and earlier) via a Cross‑Site Scripting vulnerability in the ViewAction component, exploitable through the outputType parameter. Root cause: insufficient input validation/sanitization of the outputType parameter a...
CVE-2009-5101
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID JSESSIONID in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic...