Lucene search
K

3118 matches found

CVE
CVE
added 2017/05/29 5:0 p.m.43 views

CVE-2017-9289

CVE-2017-9289 affects Bram Korsten Note up to version 1.2.0, with a reflected XSS in the file note-source/ui/editor.php (edit parameter). The connected documents corroborate a cross-site scripting vulnerability in Bram Korsten Note 1.2.0 and earlier. The description does not provide concrete reme...

6.1CVSS5.9AI score0.00683EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/05/29 5:0 p.m.19 views

CVE-2017-9289

Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php edit parameter...

6AI score0.00683EPSS
Exploits1References1
Prion
Prion
added 2017/05/26 1:29 a.m.18 views

Xxe

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

6.8CVSS7.1AI score0.0788EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2017/05/26 1:29 a.m.20 views

CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

9.6CVSS8.9AI score0.0788EPSS
Exploits5References3
Cvelist
Cvelist
added 2017/05/25 7:0 p.m.26 views

CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

9.1AI score0.0788EPSS
Exploits5References3
NVD
NVD
added 2017/05/23 4:29 a.m.23 views

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...

8.8CVSS8.2AI score0.01393EPSS
Exploits0References2
OSV
OSV
added 2017/05/23 4:29 a.m.3 views

CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

8.3CVSS5.9AI score0.01489EPSS
Exploits0References3
OSV
OSV
added 2017/05/23 4:29 a.m.4 views

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...

8.8CVSS5.8AI score0.01393EPSS
Exploits0References2
NVD
NVD
added 2017/05/23 4:29 a.m.24 views

CVE-2017-8915

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...

7.5CVSS7.5AI score0.02559EPSS
Exploits0References3
Prion
Prion
added 2017/05/23 4:29 a.m.17 views

Code injection

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...

5CVSS7.4AI score0.02559EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/05/23 4:29 a.m.16 views

Code injection

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

7.5CVSS8.2AI score0.01489EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/05/23 4:29 a.m.21 views

Xxe

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...

6.5CVSS8.1AI score0.01393EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/05/23 3:56 a.m.44 views

CVE-2017-8914

CVE-2017-8914 affects SAP HANA XS Sinopia (HDB 1.00 and 2.00). The root cause is an insecure default user-creation policy in Sinopia, enabling remote attackers to hijack npm packages or host arbitrary files. Public disclosures reference ERPScan and SAP Security Note 2407694; the advisory describe...

8.3CVSS8.2AI score0.01489EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/05/23 3:56 a.m.45 views

CVE-2017-8915

CVE-2017-8915 affects SAP HANA XS sinopia npm registry (HDB 1.00 and 2.00). The issue arises when a package is pushed with a filename containing a '$' or '%' character, triggering an assertion failure in storage logic and causing a denial-of-service (service crash). Exploitation details are docum...

7.5CVSS7.4AI score0.02559EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/05/23 3:56 a.m.18 views

CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

8.3AI score0.01489EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/05/23 3:56 a.m.28 views

CVE-2017-8915

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...

7.5AI score0.02559EPSS
Exploits0References3
CVE
CVE
added 2017/05/23 3:56 a.m.58 views

CVE-2017-8913

The CVE-2017-8913 vulnerability affects SAP NetWeaver AS JAVA 7.5, specifically the Visual Composer VC70RUNTIME component. Affected files/components include VC70RUNTIME (7.30–7.50) and VCFRAMEWORK/VCFLEX7.00 as listed in public advisories. The issue is an XML External Entity (XXE) vulnerability t...

8.8CVSS8.1AI score0.01393EPSS
Exploits0References2Affected Software1
erpscan
erpscan
added 2017/05/17 12:0 a.m.501 views

XSS in SAP NetWeaver AS Java SRM

Application: SAP SRM Versions Affected: SAP SRM 701 – 714 Vendor URL: SAP Bug: XSS Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 08.08.2017 Reference: SAP Security Note 2493099 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium Impact:...

Exploits0
exploitpack
exploitpack
added 2017/05/17 12:0 a.m.49 views

Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution (MS17-010)

Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb from struct import pack import sys import socket ''' EternalBlue exploit for Windows 7/2008 by sleepya The exploit might FAIL and CRASH a target system depended on what is...

Exploits0
erpscan
erpscan
added 2017/05/17 12:0 a.m.513 views

Log injection in SAP NetWeaver AS Java using basic auth

Application: SAP NetWeaver AS Java Versions Affected: ENGINEAPI 7.10-7.50 Vendor URL: SAP Bug: Log Injection Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2485208 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

1.1AI score
Exploits0
Rows per page
Query Builder