RSS   Vulnerabilities for 'Dream report'   RSS

2021-04-09
 
CVE-2020-13534

CWE-269
 

 
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability.

 
 
CVE-2020-13533

CWE-276
 

 

 
 
CVE-2020-13532

CWE-276
 

 
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.

 
2012-02-10
 
CVE-2011-4039

CWE-264
 

 
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."

 
 
CVE-2011-4038

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

 

 >>> Vendor: Dreamreport 2 Products
Dream report
Remote connector


Copyright 2022, cxsecurity.com

 

Back to Top