SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P11 / 4.3 < 4.3 SP2 P8 Multiple Vulnerabilities

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P11, 4.3 SP2 P8 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities: - A server-side request forgery vulnerability SSRF where an attacker with normal BI user...

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

SAP Business Objects Business Intelligence Platform 跨站请求伪造漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site request forgery vulnerability exists in SAP Business...

grafana: arbitrary file read via MySQL data source

Grafana has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations...

CVE-2018-7688

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions...

Linux Kernel - &#039;mincore()&#039; Heap Page Disclosure (PoC)

/ The source is modified from https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I try to find out infomation useful from the infoleak The kernel address can be easily found out from the uninitialized memory leaked from kernel, which can help bypass kaslr / define GNUSOURCE include...

numerous format string attacks in Nap &#40; Napster for linux &#41;

hi to everyone here, nap ver 1.4.4 is a little and good term based napster client for linux tested on my linux 2.2.17 and others nix like. to simplify the pb just consider two parts, one for outgoing tasks, the other for incomings ones. there are plenty of possible string format attacks and even...