I've run across two potential vulnerabilites with Actuate's e.Reporting
software. The application is used to publish reports from a variety of data
sources and implements very granular security levels. The first
vulnerability seems to reveal Actuate's physical directory structure. The
second vulnerability may reveal source code.

Unfortunately, I'm doing this as part of a penetration test and don't have
direct access to the Actuate server. I believe what I'm looking at is an
Actuate e.Reporting server using the Actuate web agent 3.0, running on a
Netscape Enterprise Server v4.1. If anyone monitoring the list has access
to an Actuate server & web agent and a bit of time to help, please drop me
an e-mail.

Thanks!

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]