Acunetix WVS Reporter version 10.0 suffers from a denial of service vulnerability.
f99437e7dbb525c610fa5d7015e4693fadd0e49fcca2b81f85c551bec17fb8e8SAP Enterprise Portal with EP-RUNTIME component versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 suffer from a NavigationReporter cross site scripting vulnerability.
ee2d0a75bef9c35261f7c80c337b71a54f659bac383ea7ae746759f207a06a8cThis Metasploit module exploits a command injection vulnerability on login that affects Micro Focus Operations Bridge Reporter on Linux, versions 10.40 and below. It is a straight up command injection, with little escaping required, and it works before authentication. This module has been tested on the Linux 10.40 version.
86c50279de70c09dd3d6cb11b4b245b4e8b6b272a33434965e6bc86812dced42This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations Bridge Manager 10.40. Earlier versions are most likely affected too. Note that this is only exploitable in Linux installations.
f916dce1d07e07e927e2802d2dca83cb6a07b9d397ca34c5d01f9b2245b2667bVeeam ONE Reporter version 9.5.0.3201 suffers from multiple persistent cross site scripting vulnerabilities.
f0325caeea7dbc072644dabcd22ddf217b800b7ca72a2a213022df33830844cdVeeam ONE Reporter version 9.5.0.3201 suffers from multiple cross site request forgery vulnerabilities.
7935f970ef5b73c6b987406afcc2e78937136d079446ccf0a9a736f8bc769a00Chrome OS suffers from a /sbin/crash_reporter symlink traversal vulnerability.
41e32bd294ce06037cae654ccff52add6f9d2e7cd27c6acfc1cf1da49939a2e6This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet
3d8c5a206e655ffc1020ae9dc72f79a8470fd65b1714a8754570a275ba8cf2adManageEngine Exchange Reporter Plus versions 5310 and below suffer from a remote code execution vulnerability.
aaf220225312288ebbab182773feec9a1d00a8bb7d1f6bbb88d336cecfe3291cRed Hat Security Advisory 2016-1385-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.
6e2f1a64426a3441db19a3f627ac1a2e6c54b062acf80e1faf2263a2ed0aa796Red Hat Security Advisory 2016-1384-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.
f30178f82aa154cadd872f88c326882a07f2396b67d8d10c20059c3b84008dbfHP Security Bulletin HPSBGN03404 1 - A potential security vulnerability has been identified in HP Service Health Reporter. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
81df34bec39d89b1c0a6979bd60403319676351b9237601064e3bfd18d74561fHP Security Bulletin HPSBGN03305 1 - A potential security vulnerability has been identified with HP Business Service Management (BSM), SiteScope, Business Service Management (BSM) Integration Adaptor, Operations Manager for Windows, Unix and Linux, Reporter, Operation Agent Virtual Appliance, Performance Manager, Virtualization Performance Viewer, Operations Agent, BSM Connector and Service Health Reporter running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
5fb16d90b23b1ad2f3685f6f2de7e6587f649473276261eb9d829f2bebb968f5Avaya IP Office Customer Call Reporter version 8.0.9.13 allows for third party html injection that can lead to cross site scripting.
941dfcae32d82622541f93757b28d47d3dbfcc316809e02f533d9590492b6f78Secunia Security Advisory - Some vulnerabilities have been reported in BlueCoat Reporter, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
b2668655cc1eda1bcc660f40c6ecd0d5722efdea22b60f71602e0b0ba50fede6Novell File Reporter agent XML parsing remote code execution exploit.
d97019b8d30cf82a531d15b67988c264ae384da68ddc63da71ca44d3e9fc1cd0Secunia Security Advisory - Multiple vulnerabilities have been reported in Novell File Reporter, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system.
99970fc06e902f01a81321a24ba27c6da6e0bfc43d3f0e50f848bcbaaff0b977Manage Engine Exchange Reporter version 4.1 suffers from multiple cross site scripting vulnerabilities.
88a98e8af73fd137f6bbd014be80a042c4c83acb3c1d6f43255c2ccbf4407a8eNFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).
6e8968d0aa343e5878b656cc49cedf13effdc0839611e2fbdacf11ca679628dfSecunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in ManageEngine Exchange Reporter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.
bbb45041e019a4a80ac77bd3f6687a244563ede9627c579f935e4275d5abf94aThis Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.
38fdec2a063f86b17c2227e7876f3caa2eb9ea10ec338d6f0a5b2d15773ee645Zero Day Initiative Advisory 12-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFRAgent.exe which communicates with the Agent component over HTTPS on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. This vulnerability can result in remote code execution under the context of the SYSTEM account.
69ef2ff5d98292fa291bf2211351fecf6a6b0eb8a1a5ff2d20882a59592c9bb3Red Hat Security Advisory 2012-1140-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue.
8b07e2dc453135e1290fae4b34fd3618aeea3cedff85d00f592a71055720c29bSecunia Security Advisory - A security issue has been reported in Avaya IP Office Customer Call Reporter, which can be exploited by malicious people to compromise a vulnerable system.
ebe6c2ceb1275dc2811f5802b7baa5ce2cb55fd58ed250abb9a6be6edd1f1b2bZero Day Initiative Advisory 12-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.
c9875f083e981a649b82cd3fc96e172a5e7ead7522bb0fcbbb19128b2cc1d8b9HP Security Bulletin HPSBGN02740 SSRT100741 - A potential security vulnerability has been identified with HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, and Performance Manager. The vulnerability can be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
7418d0451f1e1ba87babd8bf10bf3d28de3cfec8b7511fa6ad1c92a85606ed86
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed