CVE-2015-6507

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service memory corruption and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700...

CVE-2015-6507

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service memory corruption and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700...

CVE-2015-7726

Cross-site scripting XSS vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898...

CVE-2015-7727

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the 1 trace configuration page or 2 getSqlTraceConfiguration function, aka SAP...

CVE-2015-7729

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

CVE-2015-7730

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI BOXI 3.1 R3 allow remote attackers to cause a denial of service out-of-bounds read and listener crash via a crafted GIOP packet, aka SAP Security Note 2001108...

CVE-2015-7728

Cross-site scripting XSS vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898...

CakePHP 3.0.5 XML Class SSRF

============================================================================= Title : CakePHP Xml class SSRF Vulnerability CVE Number : N/A not assigned Affected Software : Confirmed on CakePHP v3.0.5 prior versions may also be affected Credit : Takeshi Terada of Mitsui Bussan Secure Directions,...

SAP NetWeaver 7.4 (ProxyServer servlet) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: Cross Site Scripting XSS Reported: 10.08.2015 Vendor response: 11.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2220571 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class...

CVE-2015-5652

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really ...

Threat Outbreak Alert RuleID18385: Email Messages Distributing Malicious Software on September 30, 2015

Medium Alert ID: 41292 First Published: 2015 September 30 14:02 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18385 may contain the following files: Name ...

SAP NetWeaver Java AS - multiple XSS vulnerabilities

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: leakage...

SAP HANA hdbxsengine JSON - DoS

Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: DoS Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: DoS Impact:...

SAP HANA - log injection and no size restriction

Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://www.sap.com Bugs: Log injection Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Log injectio...

SAP Netweaver XML External Entity Injection

Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : =================== SAP Netwear : XML Content and Actions - Import section. Vulnerabilities : XML External Entity Injection ...

SAP NetWeaver AS JAVA - information disclosure vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2256846 Author: Vahagn Vardanyan ERPScan VULNERABILI...

[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials

ERPSCAN Research Advisory ERPSCAN-15-015 SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date ...

[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

ERPSCAN Research Advisory ERPSCAN-15-014 SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015...

Threat Outbreak Alert RuleID17898: Email Messages Distributing Malicious Software on September 11, 2015

Medium Alert ID: 40947 First Published: 2015 September 11 14:10 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17898 may contain the following files: Name ...

SAP Mobile Platform 3 XXE Injection

ERPSCAN Research Advisory ERPSCAN-15-014 SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015...