Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3093 matches found

securityvulns
securityvulnsadded 2015/06/29 12:0 a.m.55 views

[ERPSCAN-15-005] SAP Mobile Platform - XXE

ERPSCAN Research Advisory ERPSCAN-15-005 SAP Mobile Platform - XXE Application: SAP Mobile Platform 2.3 Versions Affected: SAP Mobile Platform 2.3, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 06.11.14 Reported: 06.11.14 Vendor response: 07.11.14 Date of Public...

5CVSS7.1AI score0.01642EPSS
Exploits0
securityvulns
securityvulnsadded 2015/06/29 12:0 a.m.73 views

[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS

ERPSCAN Research Advisory ERPSCAN-15-003 SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS Application: SAP NetWeaver Dispatcher Versions Affected: SAP NetWeaver Dispatcher, probably others Vendor URL: http://SAP.com Bugs: RCE Sent: 25.08.14 Reported: 25.08.14 Vendor response: 25.08.14 Date of...

6.5CVSS7.7AI score0.03704EPSS
Exploits0
NVD
NVDadded 2015/06/24 2:59 p.m.15 views

CVE-2015-5068

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601...

7.5CVSS7AI score0.02885EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2015/06/24 2:59 p.m.2 views

CVE-2015-5068

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601...

7.5CVSS6AI score0.02885EPSS
Exploits1References7
CVE
CVEadded 2015/06/24 2:0 p.m.48 views

CVE-2015-5068

CVE-2015-5068 is an XXE vulnerability affecting SAP Mobile Platform 3 (and SAP NetWeaver AS Java 7.4 per ERPScan notes) where the XML parser validates incoming requests with a user-specified DTD. A crafted XML request (via Add Repository) can cause the server to read arbitrary files, enable DoS (...

7.5CVSS7.2AI score0.02885EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2015/06/24 2:0 p.m.19 views

CVE-2015-5068

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601...

7AI score0.02885EPSS
Exploits1References5
Prion
Prionadded 2015/06/08 2:59 p.m.9 views

Design/Logic Flaw

SAP Adaptive Server Enterprise ASE before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995...

7.5CVSS7.2AI score0.01817EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2015/06/02 2:59 p.m.11 views

CVE-2015-4161

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690...

7.5CVSS6.8AI score0.01437EPSS
Exploits1References2
NVD
NVDadded 2015/06/02 2:59 p.m.20 views

CVE-2015-4158

SAP ABAP & Java Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2121661...

5CVSS6.7AI score0.01812EPSS
Exploits1References2
NVD
NVDadded 2015/06/02 2:59 p.m.16 views

CVE-2015-4157

SAP Content Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2127995...

5CVSS6.7AI score0.0128EPSS
Exploits1References2
NVD
NVDadded 2015/06/02 2:59 p.m.25 views

CVE-2015-2278

The LZH decompression implementation CsObjectInt::BuildHufTree function in vpa108csulzh.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers t...

5CVSS6.5AI score0.02131EPSS
Exploits1References6
Prion
Prionadded 2015/06/02 2:59 p.m.17 views

Out-of-bounds

The LZH decompression implementation CsObjectInt::BuildHufTree function in vpa108csulzh.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers t...

5CVSS7AI score0.02131EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2015/06/02 2:59 p.m.21 views

Stack overflow

Stack-based buffer overflow in the LZC decompression implementation CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows...

7.5CVSS8.9AI score0.03518EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2015/06/02 2:59 p.m.14 views

Code injection

SAP Content Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2127995...

5CVSS7.2AI score0.0128EPSS
Exploits1References2
Prion
Prionadded 2015/06/02 2:59 p.m.18 views

Information disclosure

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690...

7.5CVSS7.4AI score0.01437EPSS
Exploits1References2
CVE
CVEadded 2015/06/02 2:0 p.m.52 views

CVE-2015-4161

SAP Afaria is affected by an information-disclosure vulnerability where access to unspecified functionality is not properly restricted (via the Services feature). A remote attacker could obtain sensitive information, and potentially gain privileges, with other unspecified impacts noted in SAP Sec...

7.5CVSS7AI score0.01437EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2015/06/02 2:0 p.m.45 views

CVE-2015-4157

CVE-2015-4157 affects SAP Content Server. The available documents describe a remote denial-of-service risk (service termination) via unspecified vectors, as referenced by SAP Security Note 2127995. The primary sources do not specify the exact vulnerable component, affected versions, root cause, e...

5CVSS6.9AI score0.0128EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2015/06/02 2:0 p.m.24 views

CVE-2015-4158

SAP ABAP & Java Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2121661...

6.7AI score0.01812EPSS
Exploits1References2
Cvelist
Cvelistadded 2015/06/02 2:0 p.m.22 views

CVE-2015-4161

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690...

6.8AI score0.01437EPSS
Exploits1References2
Cvelist
Cvelistadded 2015/06/02 2:0 p.m.24 views

CVE-2015-2282

Stack-based buffer overflow in the LZC decompression implementation CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows...

8.3AI score0.03518EPSS
Exploits1References6
Rows per page
Query Builder