CVE-2015-8330

The PCo agent in SAP Plant Connectivity PCo allows remote attackers to cause a denial of service memory corruption and agent crash via crafted xMII requests, aka SAP Security Note 2238619...

CVE-2015-8329

SAP Manufacturing Integration and Intelligence aka MII, formerly xMII uses weak encryption Base64 and DES, which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274...

Memory corruption

The PCo agent in SAP Plant Connectivity PCo allows remote attackers to cause a denial of service memory corruption and agent crash via crafted xMII requests, aka SAP Security Note 2238619...

Information disclosure

SAP Manufacturing Integration and Intelligence aka MII, formerly xMII uses weak encryption Base64 and DES, which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274...

CVE-2015-8329

SAP Manufacturing Integration and Intelligence aka MII, formerly xMII uses weak encryption Base64 and DES, which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274...

SAP Afaria 7 Cross Site Scripting Vulnerability

SAP Afaria version 7 suffers from a stored cross site scripting vulnerability. Application: SAP Afaria Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Stored XSS Send: 18.02.2015 Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015...

SAP NetWeaver 7.4 XXE Injection Vulnerability

SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability. Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Send: 16.04.2015 Reported: 16.04.2015 Vendor response: 16.04.2015 Date of...

SAP NetWeaver 7.4 XXE Injection

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Send: 16.04.2015 Reported: 16.04.2015 Vendor response: 16.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Author: Roman Bezhan...

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428...

CVE-2015-7993

The Extended Application Services aka XS or XS Engine in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397...

CVE-2015-7992

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to cause a denial of service memory corruption and indexserver crash via unspecified vectors to the EXECUTESEARCHRULESET stored procedure, aka SAP Security Note 2175928...

CVE-2015-7991

The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854...

CVE-2015-7828

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the 1 fcopydir, 2 fmkdir, 3 frmdir, 4 getenv, 5 dumpenv, 6 fcopy, 7 fput, 8 fdel, 9 fmove, 10 fget, 11 fappend, ...

Authentication flaw

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the 1 fcopydir, 2 fmkdir, 3 frmdir, 4 getenv, 5 dumpenv, 6 fcopy, 7 fput, 8 fdel, 9 fmove, 10 fget, 11 fappend, ...

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428...

Design/Logic Flaw

The Extended Application Services aka XS or XS Engine in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397...

Design/Logic Flaw

The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854...

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428...

CVE-2015-7992

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to cause a denial of service memory corruption and indexserver crash via unspecified vectors to the EXECUTESEARCHRULESET stored procedure, aka SAP Security Note 2175928...

CVE-2015-7992

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) is affected by CVE-2015-7992. Remote authenticated users can trigger a denial of service (memory corruption and indexserver crash) by calling the EXECUTE_SEARCH_RULE_SET stored procedure, per SAP Security Note 2175928. Exploitation details and exact ve...