Piwik <= 2.16.0 (saveLayout) PHP object injection vulnerability

The vulnerability can be triggered through the saveLayout method defined in /plugins/Dashboard/Controller.php: 210. public function saveLayout 211. 212. $this-checkTokenInUrl; 213. 214. $layout = Common::unsanitizeInputValueCommon::getRequestVar'layout'; 215. $layout = striptags$layout; 216...

Oracle WebCenter Forms Recognition Sssplt30.ocx ActiveX Control Remote Code Execution Vulnerabilty

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Forms Recognition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Path traversal

Absolute path traversal vulnerability in the Data Dynamics ActiveReport ActiveReports ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method...

Path traversal

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 ActiveReports ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 SP5 RC allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to t...

CVE-2007-3983

CVE-2007-3983 describes an absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control contained in arpro2.dll, part of ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC). The flaw allows a remote attacker to create or overwri...

CVE-2007-3982

Absolute path traversal vulnerability in the Data Dynamics ActiveReport ActiveReports ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method...

CVE-2007-3982

The CVE-2007-3982 entry concerns the Data Dynamics ActiveReport (ActiveReports) ActiveX control (actrpt2.dll) version 2.5 and earlier. The vulnerability is an absolute path traversal in which a full pathname passed as the first argument to the SaveLayout method can be used to create or overwrite ...

CVE-2007-3983

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 ActiveReports ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 SP5 RC allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to t...

Data Dynamics ActiveReport - ActiveX &#039;actrpt2.dll 2.5&#039; Insecure Method

----------------------------------------------------------------------------------------------- Data Dynamics ActiveReport ActiveX Control actrpt2.dll url: http://www.datadynamics.com/default.aspx author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was written...