15 matches found
EUVD-2014-5393
Malware in sbrugna...
SAP Crystal Reports RPT File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2014-5506
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file...
Stack overflow
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file...
Double free
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file...
CVE-2014-5505
CVE-2014-5505 affects SAP Crystal Reports, where a stack-based buffer overflow occurs in the handling of data source strings within RPT files. The root cause is an overflow in processing the DataSource string, enabling remote code execution. The vulnerability is exploitable on vulnerable installa...
CVE-2014-5505
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file...
CVE-2014-5506
CVE-2014-5506 describes a double free vulnerability in SAP Crystal Reports, specifically in the handling of a connection string record within an RPT file. The flaw allows remote code execution and requires user interaction (the target must visit a malicious page or open a malicious file) to explo...
CVE-2014-5506
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file...
CVE-2004-2742
Cross-site scripting (XSS) vulnerability in the Crystal Enterprise report viewer affects versions 8.5, 9, and 10. The issue allows remote attackers to inject arbitrary web script or HTML by crafting a script in the URL to a report (RPT) file, leveraging unsanitized input in the report viewer. The...
Microsoft Security Bulletin MS07-052 - Important
Microsoft Security Bulletin MS07-052 - Important Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution 941522 Published: September 11, 2007 Version: 1.0 General Information Executive Summary This important security update resolves a publicly disclosed vulnerability...
LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability
LS-20061102 LSsec has discovered a vulnerability in Business Objects Crystal Reports XI Professional, which could be exploited by an attacker in order to execute arbitrary code on an affected system. Exploitation requires that the attacker coerce the target user into opening a malicious .RPT file...
CVE-2006-6133
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 formerly Business Objects Crystal Reports XI Professional allows user-assisted remote attackers to execute arbitrary code via a crafted RP...
CVE-2006-6133
CVE-2006-6133 is a remote-code-execution flaw in Crystal Reports for Visual Studio, affecting Visual Studio 2002/2003/2005 variants that bundle Crystal Reports. The vulnerability lies in how RPT files are parsed, allowing a crafted RPT file to execute arbitrary code with the caller’s privileges w...
Default credentials
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrat...