>> CATEGORY: exploit

Pentaho allows users to create and run Pentaho Report Bundles (.prpt). Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease…

Payment Terminal versions 2.x and 3.x suffer from multiple cross site scripting vulnerabilities.

Pentaho allows users to upload various files of different file types. The upload service is implemented under the /pentaho/UploadService endpoint. The file types allowed by the application are csv, dat,…

Backdoor.Win32.Ncx.b malware suffers from a buffer overflow vulnerability.

PHP Event Calendar Lite Edition suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source…

ImportExportTools NG version 10.0.4 suffers from an html injection vulnerability.

Backdoor.Win32.Ncx.b malware suffers from a code execution vulnerability.

IBM Sterling B2B Integrator suffers from a cross site scripting vulnerability. Versions affected include 5.2.0.0 through 5.2.6.5_3, 6.0.0.0 through 6.0.3.4, and 6.1.0.0 through 6.1.0.2.

Pentaho Business Analytics and Pentaho Business Server versions 9.1 and below suffer from an authentication bypass vulnerability related to Spring APIs.