Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dreamreport Subscribe
Filtered by product Dream Report
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13534 1 Dreamreport 1 Dream Report 2022-07-29 6.8 MEDIUM 7.8 HIGH
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-13533 1 Dreamreport 1 Dream Report 2022-07-29 4.4 MEDIUM 7.8 HIGH
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application.
CVE-2020-13532 1 Dreamreport 1 Dream Report 2022-07-29 7.2 HIGH 7.8 HIGH
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2011-4039 2 Dreamreport, Invensys 2 Dream Report, Wonderware Hmi Reports 2012-02-13 9.3 HIGH N/A
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
CVE-2011-4038 2 Dreamreport, Invensys 2 Dream Report, Wonderware Hmi Reports 2012-02-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.