Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Actuate e.Reporting possible vulnerabilities

Actuate e.Reporting possible vulnerabilities

From: Information Security <InformationSecurity_at_federatedinv.com>
Date: Wed, 8 May 2002 10:37:19 -0400

I've run across two potential vulnerabilites with Actuate's e.Reporting
software. The application is used to publish reports from a variety of data
sources and implements very granular security levels. The first
vulnerability seems to reveal Actuate's physical directory structure. The
second vulnerability may reveal source code.

Unfortunately, I'm doing this as part of a penetration test and don't have
direct access to the Actuate server. I believe what I'm looking at is an
Actuate e.Reporting server using the Actuate web agent 3.0, running on a
Netscape Enterprise Server v4.1. If anyone monitoring the list has access
to an Actuate server & web agent and a bit of time to help, please drop me
an e-mail.

Thanks!
Received on May 08 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos