28 matches found
EUVD-2014-5393
Malware in sbrugna...
PT-2024-31499 · Centralsquare · Centralsquare Crywolf
Name of the Vulnerable Software and Affected Versions: CentralSquare CryWolf False Alarm Management versions prior to 2024-08-09 Description: A traversal vulnerability in GeneralDocs.aspx allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter,...
Security Bulletin: Rational Test Workbench bundles Rational Performance Tester which is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary Rational Test Workbench RTW bundles Rational Performance Tester RPT. The Apache Log4j vulnerability impacts RPT Apache JMeter™ Test Extension. This bulletin addresses the vulnerability by removing Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14797 DESCRIPTION: ...
SAP Crystal Reports RPT File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2018-12653
CVE-2018-12653 affects Adrenalin HRMS/Core HCM 5.4.0. A Reflected Cross-Site Scripting (XSS) exists on the page at RPT/SSRSDynamicEditReports.aspx via the ReportId parameter, where user-supplied input is echoed back in the HTML response. The vulnerability allows an attacker to submit malicious Ja...
Determining which CVE fixes are included in a JRE
Question IBM Security Bulletins list CVEs that must be applied to the JRE that RPT scripts use to run tests. How can you determine whether a specific JRE version includes a particular CVE? Answer IBM Security Bulletins list Common Vulnerabilities and Exposures CVE that must be fixed in the T6...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-5597)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and Version 8. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVEID: CVE-2016-5597 DESCRIPTION: An unspecified vulnerability related to the Networking...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-3485)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and Version 8. These issues were disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details CVEID: CVE-2016-3485 DESCRIPTION: An unspecified vulnerability related to the Networking...
CVE-2014-5506
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file...
Stack overflow
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file...
Double free
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file...
CVE-2014-5505
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file...
CVE-2014-5505
CVE-2014-5505 affects SAP Crystal Reports, where a stack-based buffer overflow occurs in the handling of data source strings within RPT files. The root cause is an overflow in processing the DataSource string, enabling remote code execution. The vulnerability is exploitable on vulnerable installa...
CVE-2014-5506
CVE-2014-5506 describes a double free vulnerability in SAP Crystal Reports, specifically in the handling of a connection string record within an RPT file. The flaw allows remote code execution and requires user interaction (the target must visit a malicious page or open a malicious file) to explo...
CVE-2014-5506
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file...
SAP Crystal Reports Datasource Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling...
SAP Crystal Reports Connection String Processing Double Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling...