CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4805
https://notcve.org/view.php?id=CVE-2011-4805
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en pubDBLogon.jsp en SAP Crystal Report Server 2008, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través del parámetro service. • http://dsecrg.com/pages/vul/show.php?id=333 http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a http://www.securityfocus.com/archive/1/520560/100/0/threaded https://service.sap.com/sap/support/notes/1562292 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 92%CPEs: 1EXPL: 5CVE-2010-2590 – Crystal Reports CrystalPrintControl - ActiveX ServerResourceVersion Property Overflow
https://notcve.org/view.php?id=CVE-2010-2590
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. Desbordamiento de búfer basado en memoria dinámica en el control CrystalReports12.CrystalPrintControl.1 ActiveX en PrintControl.dll v12.3.2.753 en SAP Crystal Reports 2008 SP3 Fix Pack v3.2 permite a atacantes remotos ejecutar código de su elección a través del valor de la propiedad ServerResourceVersion. • https://www.exploit-db.com/exploits/23472 https://www.exploit-db.com/exploits/15733 http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html http://secunia.com/advisories/42305 http://secunia.com/secunia_research/2010-135 http://www.exploit-db.com/exploits/15733 http://www.osvdb.org/69917 http://www.securityfocus.com/archive/1/515369/100/0/threaded http://www.securityfocus.com/bid/45387 http://www.securitytracker.com/id?1024915 https://service& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 0CVE-2010-3032
https://notcve.org/view.php?id=CVE-2010-3032
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función OBGIOPServerWorker::extractHeader en el módulo ebus-3-3-2-6.dll de SAP Crystal Reports 2008 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de un paquete GIOP con un tamaño manipulado, lo cual dispara un desbordamiento de búfer basado en pila. • http://dvlabs.tippingpoint.com/advisory/TPTI-10-07 http://osvdb.org/67080 http://secunia.com/advisories/40960 http://www.securityfocus.com/archive/1/513023/100/0/threaded http://www.securityfocus.com/archive/1/513024/100/0/threaded http://www.securityfocus.com/archive/1/513103/100/0/threaded http://www.securityfocus.com/bid/42374 http://www.securitytracker.com/id?1024334 http://www.vupen.com/english/advisories/2010/2074 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3344
https://notcve.org/view.php?id=CVE-2009-3344
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en SAP Crystal Reports Server 2008 en Windows XP permite a los atacantes causar una denegación de servicio (bucle infinito) a través de vectores desconocidos, como se demuestra en un módulo en VulnDisco Pack Professional v8.3 hasta v8.11. NOTA: como en 20090917, esta información no se tiene información de la acción. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36583 http://www.securityfocus.com/bid/36267 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3345
https://notcve.org/view.php?id=CVE-2009-3345
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en memoria dinámica -heap- en SAP Crystal Reports Server 2008, tiene impacto y vectores de ataque desconocidos, como se ha demostrado en determinado módulo de VulnDisco Pack Professional v8.3 hasta v8.11. NOTA: a fecha de 17/09/2009, este aviso no cuenta con más información. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36583 http://www.securityfocus.com/bid/36267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •