exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files

SAP BusinessObjects Cross Site Scripting
Posted Jan 27, 2010
Authored by Richard Brain | Site procheckup.com

SAP BusinessObjects version 12 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 085ac75868915cdcd505723a58a8951419e5f53a87bd76e3d537fde452b51eec

Related Files

SAP BusinessObjects Web User Bruteforcer
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp.

tags | exploit
SHA-256 | c7f2ccace6acca766972107fabec89a53c6bf09187f4ebd994b454f51654f936
SAP BusinessObjects User Bruteforcer
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is only used to verify valid credentials for CmcApp. Therefore, any valid credentials that have been identified can be leveraged by logging into CmcApp.

tags | exploit
SHA-256 | 5372edf67d1cb80a59332f2c751921d87682174c674cfe0c077795a451f61dce
SAP BusinessObjects User Enumeration
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module simply attempts to enumerate SAP BusinessObjects users. The dswsbobje interface is only used to verify valid users for CmcApp. Therefore, any valid users that have been identified can be leveraged by logging into CmcApp.

tags | exploit
SHA-256 | e1bf994ca850f6a313db09140c97bef59a3a83e425503e455ae6e327c1516ddf
SAP BusinessObjects Intelligence 4.3 XML Injection
Posted May 11, 2022
Authored by West Shepherd

SAP BusinessObjects Intelligence version 4.3 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2022-28213
SHA-256 | 56c01844910c634b5ec0e547a629647a5c63894084dfb84fd74cbdf5862a73cf
SAP BusinessObjects Financial Consolidation 10.0.0.1933 Cross Site Scripting
Posted Feb 27, 2017
Authored by Dima van de Wouw, Sander Maas

SAP BusinessObjects Financial Consolidation version 10.0.0.1933 suffers from a cross site scripting vulnerability in the help component.

tags | exploit, xss
advisories | CVE-2017-6061
SHA-256 | e1c3b280b616f49203e631b097d8452366c1bc1d167923df6eaec5b44d8621da
SAP Business Objects Unauthorized Audit Information Access
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.

tags | advisory, remote
advisories | CVE-2015-2076
SHA-256 | 92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecd
SAP Business Objects Unauthorized Audit Information Delete
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.

tags | advisory, remote
advisories | CVE-2015-2075
SHA-256 | 525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0
SAP Business Objects Unauthorized File Repository Server Write
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2074
SHA-256 | 6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
SAP Business Objects Unauthorized File Repository Server Read
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2073
SHA-256 | b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
SAP Business Objects Search Token Privilege Escalation
Posted Dec 16, 2014
Authored by Will Vandevanter, Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.

tags | advisory, remote
advisories | CVE-2014-9320
SHA-256 | 572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6b
SAP BusinessObjects Explorer 14.0.5 XXE Injection
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer version 14.0.5 is vulnerable to XML External Entity (XXE) attacks. This vulnerability could be triggered by an unauthenticated user, as the login request uses vulnerable XML processing as well.

tags | exploit, xxe
SHA-256 | 194d0ab6b1771e690644f55e1384ffcd80f5cdd83e9e34d23361c839f047ad44
SAP BusinessObjects Explorer 14.0.5 Information Disclosure
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer version 14.0.5 does not validate the user defined inputs of parameter CMS name, which consists of a host name and port number. This can be used to perform a port scan within the network range where the BusinessObject Explorer server is located. This vulnerability could be triggered as unauthenticated user.

tags | exploit, info disclosure
SHA-256 | da3b141d39bd4e752dc80ab85d3821ea612ba63b8b712c967c735c9bd4c7e6dc
SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing
Posted Oct 10, 2014
Authored by Stefan Horlacher

SAP BusinessObjects Explorer 14.0.5 suffers from a cross site flashing vulnerability. It is possible to directly load and display the com_businessobjects_polestar_bootstrap.swf Flash file and specify a configUrl. This requires the victim to be logged and the attacker needs to know the /webres/ URL, which is known as soon as the attacker is in possession of valid credentials. The configuration file specified in the configURL parameter may reside on a foreign host. The configuration file itself may contain URLs of further Flash files residing on a foreign domain. If successful, the victim loads foreign Flash files, which leads to Cross Site Flashing.

tags | exploit
SHA-256 | 0aef611f8c015cff5ee67abcc68c426c2945005a8e245828e06d099362e16d2f
SAP BusinessObjects Persistent Cross Site Scripting
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - BusinessObjects BI "Send to Inbox" functionality can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
SHA-256 | fc6e3481d6a10b46f5b352e541dfd8aec324cca7559e359688ccf436f187c5b0
SAP BusinessObjects InfoView Cross Site Scripting
Posted Apr 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 4d161054fd847d69430573900f5115a49e4c02cca4ed535d5cd5fc6a1576f55b
Secunia Security Advisory 50306
Posted Aug 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SAP BusinessObjects Financial Consolidation, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 52f71b721b43f18656464a34bb96166f73c083ea199f6e2cfe65ccc507d365ef
Secunia Security Advisory 41894
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.

tags | advisory, denial of service, local, vulnerability, xss
SHA-256 | de1b1fc493d72b8d749d034af4652da2a40f10c2c8de8ff0e32b3b9bc71760ab
Rapid7 Security Advisory 37
Posted Oct 15, 2010
Authored by H D Moore, Rapid7, Joshua D. Abraham, Will Vandevanter | Site rapid7.com

Rapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2010-0219
SHA-256 | 226db62066f2c56c87818ee78e4d00164861cd9e8d34858c75dc772b294bbff8
Secunia Security Advisory 41799
Posted Oct 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in SAP BusinessObjects, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory
SHA-256 | b91afbdb4bafead904541d8773f672861ad4b6be911152ff50699a627551a19f
Secunia Security Advisory 38278
Posted Jan 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some security issues have been reported in SAP BusinessObjects, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 8a9c54ebac27afdbc622b83362cc83e2a29cf0714da2fca7839d9321e26c9453
Secunia Security Advisory 38217
Posted Jan 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some weaknesses and vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious people to disclose system information or conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | e479aad7c0b8fb5d03c3fea9f4f826289d4ce702def60fdfca291429932ec571
Secunia Security Advisory 38271
Posted Jan 21, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some weaknesses and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious people to disclose system information and conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | d418322010dce757c063576a2a942db3a6b678f69b761025c3c1b25fa6b4ec75
Crystal Reports Cross Site Scripting
Posted Apr 2, 2009
Authored by BugsNotHugs

SAP BusinessObjects Crystal Reports suffers from multiple cross site scripting vulnerabilities in viewreport.asp.

tags | exploit, vulnerability, xss, asp
SHA-256 | fce3185bc71a241e9920ff0d2d40f556e07582a6a9c248380cf2b345f436b30e
Secunia Security Advisory 29804
Posted Apr 17, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sebastien gioria has reported a vulnerability in BusinessObjects XI, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 1818d5146b2c2970f2540fd6677b2d57c9222a88cf3fe6215390d2b7ec92dee8
Secunia Security Advisory 29437
Posted Mar 19, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Will Dormann has reported a vulnerability in BusinessObjects, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 6cd8bd09006cf3e7e8e35b9d5cd89f8fa2a1477d01f9802ecee99297839bf966
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close