15 matches found
EUVD-2019-2917
Malware in sbrugna...
EUVD-2019-1892
Malware in sbrugna...
CVE-2019-11216
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...
CVE-2019-1010147
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...
CVE-2019-11216
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...
Design/Logic Flaw
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...
CVE-2019-11216
CVE-2019-11216 affects BMC Smart Reporting 7.3 (20180418). The issue is an XML External Entity (XXE) vulnerability in the import functionality, enabling an authenticated attacker to import a malicious XML file to perform XXE attacks, potentially downloading local server files or triggering DoS vi...
CVE-2019-11216
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...
BMC Smart Reporting 7.3 20180418 XML Injection
4 43 7.3 20180418 2019-01-18 10:14 UTC +0000 66717 sour...
BMC Smart Reporting XML External Entity Injection Vulnerability
BMC Smart Reporting is a smart reporting system. BMC Smart Reporting suffers from an XML External Entity Injection vulnerability that allows an authenticated attacker with administrator privileges to import a malicious XML file and perform an XXE attack to download a local file from a server, or...
BMC Remedy Smart Reporting CVE-2019-11216 XML External Entity Injection Vulnerability
Description BMC Remedy Smart Reporting is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks. BMC Remedy Smart Reporting versions 9.1.03.001,...
CVE-2019-1010147
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...
Cross site scripting
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...
CVE-2019-1010147
Summary: CVE-2019-1010147 affects Yellowfin Smart Reporting all versions prior to 7.3, with the vulnerable component identified as MIAdminStyles.i4. The issue is Incorrect Access Control – Privileges Escalation that, via an XSS vulnerability exploited on a site under the attacker’s control, can a...
CVE-2019-1010147
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...