New User, Welcome!     Login

Business Intelligence

SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1

1.      Affected software
IBM Cognos 8 Business Intelligence 8.4.1

Prior versions may also be affected.

"IBM Cognos 8 Business Intelligence delivers the complete range of BI
capabilities: Reporting, Analysis, Dashboarding and Scorecards on a single,
service-oriented architecture (SOA). Author, share and use reports that draw
on data across all enterprise sources for better business decisions."

RE: [Full-disclosure] ZDI-08-088: Oracle E-Business Suite Self-Service Web Applications SQL Injection Vulnerability

[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of
zdi-disclosures@3com.com
Sent: Tuesday, December 16, 2008 2:14 PM
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: [Full-disclosure] ZDI-08-088: Oracle E-Business Suite Business
Intelligence SQL Injection Vulnerability

ZDI-08-088: Oracle E-Business Suite Business Intelligence SQL Injection 
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-088
December 16, 2008

[DSECRG-09-029] Oracle BI Publisher Enterprise 10 - Response Splitting

Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-029


Application:                    Oracle Business Intelligence Enterprise Edition (10.1.3.4.0) 
Versions Affected:              Oracle Business Intelligence Enterprise Edition (10.1.3.4.0) 
Vendor URL:                     http://oracle.com
Bugs:                           Response Splitting/XSS/phishing credentials
Exploits:                       YES
Reported:                       03.03.2009
Vendor response:                04.03.2009

Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method

====================================================================== 
3) Vendor's Description of Software 

"SAP GUI is SAP's universal client for accessing SAP functionality in
SAP applications such as - SAP ERP, SAP Business Suite (SAP CRM, SAP
SCM and SAP PLM), SAP Business Intelligence and so on. SAP GUI
functions like a browser. It gets information from the SAP server like
what, where, when and how, to display contents in its window.".

Product Link:
https://www.sdn.sap.com/irj/sdn/sap-gui

ZDI-08-088: Oracle E-Business Suite Business Intelligence SQL Injection Vulnerability

ZDI-08-088: Oracle E-Business Suite Business Intelligence SQL Injection 
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-088
December 16, 2008

-- Affected Vendors:
Oracle

-- Affected Products:
Oracle Database Server

Eshbel Priority MarketGate module Cross Site Scripting Vulnerability

=====================
Priority’s ERP

The features listed below are a selection of some of the functionality
available in a selection of the Priority modules.
BI (Business Intelligence), Purchasing, BPM (Business Process Management),
Manufacturing/Production, GL + Financials, Human Resources,
CRM (Customer Relations Management), Project Management,
Order Processing, System Administration, Service and Customer Support,
SDK (Generators), Inventory Control, User Configuration, WMS


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!