Full Disclosure

SAP Security Note 1908647 – Cross Site Flashing in BusinessObjects Explorer

Posted by Alexandre Herzog on Oct 10

#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product: BusinessObjects Explorer
# Vendor: SAP AG
# Subject: Cross Site Flashing
# Risk: High
# Effect: Remotely exploitable
# Author: Stefan Horlacher
#…

Full Disclosure

SAP Security Note 1908531 – XXE in BusinessObjects Explorer

Posted by Alexandre Herzog on Oct 10

#######################################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#######################################################################
#
# Product: BusinessObjects Explorer
# Vendor: SAP AG
# Subject: Untrusted XML input parsing possible in SBOP Explorer
# Risk: High
# Effect: Remotely exploitable
#…

Full Disclosure

CSNC-2014-004 neuroML – Multiple Vulnerabilities

Posted by Alexandre Herzog on Oct 10

#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: neuroML
# Version: <=v1.8.1 (Confirmed: v1.8.1)
# Vendor: neuroML.org
# CSNC ID: CSNC-2014-004
# CVD ID: <none>
# Subject: Multiple Vulnerabilities
# Risk: High
# Effect: Remotely exploitable
# Author:…

NVD

CVE-2014-3147 (splunk)

Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.

Software and Security Information