768 matches found
SAP MII 15.0 Directory Traversal
Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin ERPScan Description 1...
SAP NetWeaver AS ABAP - Directory traversal using READ DATASET
Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina ERPScan VULNERABILITY...
SAP NetWeaver 7.5 Information disclosure + port scan in SLD test application
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver SLD Vendor URL: SAP Bugs: Information disclosure Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2342940 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION...
CVE-2016-4017
The Data Provisioning Agent aka DP Agent in SAP HANA allows remote attackers to cause a denial of service process crash via unspecified vectors, aka SAP Security Note 2262710...
CVE-2016-4016
Cross-site scripting XSS vulnerability in SAP Manufacturing Integration and Intelligence aka MII, formerly xMII 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication, aka SAP Securi...
CVE-2016-4016
Cross-site scripting XSS vulnerability in SAP Manufacturing Integration and Intelligence aka MII, formerly xMII 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication, aka SAP Securi...
CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted request, aka SAP Security Note 2258784...
CVE-2016-4014
XML external entity XXE vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service system hang via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389...
Xxe
XML external entity XXE vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service system hang via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389...
Information disclosure
The Data Provisioning Agent aka DP Agent in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742...
Code injection
The Data Provisioning Agent aka DP Agent in SAP HANA allows remote attackers to cause a denial of service process crash via unspecified vectors, aka SAP Security Note 2262710...
CVE-2016-4015
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted request, aka SAP Security Note 2258784...
CVE-2016-4016
Cross-site scripting XSS vulnerability in SAP Manufacturing Integration and Intelligence aka MII, formerly xMII 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication, aka SAP Securi...
CVE-2016-4017
CVE-2016-4017 concerns SAP HANA’s Data Provisioning Agent (DP Agent). The vulnerability enables remote attackers to cause a denial of service (process crash) via unspecified vectors, as referenced by SAP Security Note 2262710. The Connected documents corroborate this description across multiple c...
CVE-2016-4016
CVE-2016-4016: SAP Manufacturing Integration Intelligence (MII / xMII) 15 is affected by a reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the title parameter of the NavigationApplication URL (webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigati...
Design/Logic Flaw
The Java Startup Framework aka jstart in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted HTTP request, aka SAP Security Note 2259547...
Memory corruption
Internet Communication Manager aka ICMAN or ICM in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service heap memory corruption and process crash via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185...
CVE-2016-3980
The Java Startup Framework aka jstart in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted HTTP request, aka SAP Security Note 2259547...
CVE-2016-3979
Internet Communication Manager aka ICMAN or ICM in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service heap memory corruption and process crash via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185...
CVE-2015-8840
The XML Data Archiving Service XML DAS in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to 1 webcontent/cas/casenter.jsp, 2...