CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2008-1894
https://notcve.org/view.php?id=CVE-2008-1894
18 Apr 2008 — Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2, and SP3 Java version before FixPack 3.5 allows remote attackers to inject arbitrary web script or HTML via the cms parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en desktoplaunch/InfoView/logon/logon.object de BusinessObjects InfoView XI R2 SP1, SP2 y SP3 Java version antes de FixPack 3.5 permite a atacantes remotos inyectar secuencias de comandos we... • http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061428.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 2CVE-2008-0379 – Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-0379
22 Jan 2008 — Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. Condición de carrera en el controlador ActiveX(EnterpriseControls.dll 11.5.0.313) en Crystal Reports XI Release 2 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección... • https://www.exploit-db.com/exploits/4931 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-4099
https://notcve.org/view.php?id=CVE-2006-4099
29 Nov 2006 — Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. Business Objects Crystal Enterprise 9 y 10 genera identificadores de sesión previsibles, que permite a atacantes remotos secuestrar sesiones de otros usuarios a través de los valores de la cookie WCSID. • http://secunia.com/advisories/23137 •
CVSS: 7.8EPSS: 72%CPEs: 7EXPL: 1CVE-2006-6133 – Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6133
28 Nov 2006 — Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. Desbordamiento de búfer basado en pila en Visual Studio Crystal Reports para Microsoft Visual Studio .NET 2002 y 2002 SP1; .NET 2003 y 2003 SP1; y 2005 y 2005 SP1 (anteriormente Business Objects Crystal Re... • https://www.exploit-db.com/exploits/29171 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2005-4813
https://notcve.org/view.php?id=CVE-2005-4813
31 Dec 2005 — Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections. • http://secunia.com/advisories/16282 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4274
https://notcve.org/view.php?id=CVE-2005-4274
15 Dec 2005 — Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input." • http://securitytracker.com/id?1015355 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2004-0533
https://notcve.org/view.php?id=CVE-2004-0533
31 Dec 2004 — Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client. • http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2004-2742
https://notcve.org/view.php?id=CVE-2004-2742
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file. • http://secunia.com/advisories/13644 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2004-0534
https://notcve.org/view.php?id=CVE-2004-0534
17 Sep 2004 — Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document. • http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html •
CVSS: 9.1EPSS: 80%CPEs: 19EXPL: 2CVE-2004-0204 – Business Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-0204
11 Jun 2004 — Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9... • https://www.exploit-db.com/exploits/24077 •