CVE-2023-25614

SAP NetWeaver AS ABAP BSP Framework application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive...

MAL-2025-192500 Malicious code in elf-stats-frostbitten-cookie-757 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1a9b7338ba70da7f1a645de597bc81a0f98b5aae3c66f26fc2a19eca14839d6 The package elf-stats-frostbitten-cookie-757 was found to contain malicious code...

CVE-2023-28763

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the...

CVE-2023-49584

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

Design/Logic Flaw

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

CVE-2023-49580

SAP GUI for Windows and SAP GUI for Java — affected: SAP_BASIS 755, 756, 757, 758. Unauthenticated attacker can access restricted/confidential information and can create Layout configurations in the ABAP List Viewer, causing mild impacts to integrity and availability (e.g., increased ABAP respons...

Directory traversal

An attacker with non-administrative authorizations in SAP NetWeaver BI CONT ADD ON - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system...

CVE-2023-33989 Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

An attacker with non-administrative authorizations in SAP NetWeaver BI CONT ADD ON - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system...

CVE-2023-33991 Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

PT-2023-3748 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Change and Transport System versions 702 through 757 Description: The issue is related to a lack of resource control mechanism in the Change and Transport System component of SAP NetWeaver. This allows an authenticated user with...

SAP Variant Management 跨站脚本漏洞

SAP Variant Management is a platform from SAP, Germany, for storing user-created settings for Smart Filter Fields and settings created for Smart Forms. A cross-site scripting vulnerability exists in SAP Variant Management that stems from the presence of a stored cross-site scripting XSS...

PT-2023-3746 · Sap · Sap Ui5 Variant Management

Name of the Vulnerable Software and Affected Versions: SAP UI5 Variant Management versions SAP UI 750 through SAP UI 757, UI 700 200 Description: The issue is related to insufficient encoding of user-controlled inputs when reading data from the server, resulting in a Stored Cross-Site Scripting...

CVE-2023-30743

Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...

Input validation

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to ...

CVE-2023-26459 Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to ...

SAP NetWeaver Application Server 资源管理错误漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A resource management error vulnerability exists in SAP NetWeaver Application Server, which stems from the presence of an error handling class, and can be exploited by an attacker to consume the server's resources to mak...

openSUSE: Security Advisory for nagios (openSUSE-SU-2021:0715-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers. An attacker can impersonate the remote QuickConnect servers in order to impersonate the remote device and in turn steal the device’s credentials. An attacker...

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...

Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping Vulnerability

Exploit for multiple platform in category local exploits VuNote ============ Author: Version: 0.2 Date: Nov 25th, 2015 Tag: python smtplib starttls stripping mitm Overview -------- Name: python Vendor: python software foundation References: https://www.python.org/ 1 Version: 2.7.11, 3.4.4, 3.5.1...