CVE-2015-2814

SAP EMR Unwired com.sap.mobile.healthcare.emr.v2 and Clinical Task Tracker com.sap.mobile.healthcare.ctt does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079...

CVE-2015-2815

Buffer overflow in the CSAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 7000.52.12.34966 and 7.40 7400.12.21.30308 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369...

CVE-2015-2816

The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905...

CVE-2015-2817

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768...

CVE-2015-2819

SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service crash via a crafted request, aka SAP Security Note 2108161...

CVE-2015-2818

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513...

Threat Outbreak Alert RuleID14395: Email Messages Distributing Malicious Software on March 31, 2015

Medium Alert ID: 38140 First Published: 2015 March 31 19:00 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID14395 may contain the following files: Name | Si...

SAP Mobile Platform 3 - XXE Vulnerability in Add Repository

Application: SAP Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 13.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2159601 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External...

KENT-WEB Joyful Note Arbitrary Code Execution Vulnerability

KENT-WEB Joyful Note is a suite of message board applications from the Japanese company KENT-WEB. A security vulnerability exists in KENT-WEB Joyful Note versions prior to 5.3. A remote attacker can exploit the vulnerability to delete or write arbitrary files and execute arbitrary code...

CVE-2015-0889

KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article...

CVE-2015-0889

KENT-WEB Joyful Note is affected by a vulnerability in how it handles uploaded files, allowing remote attackers to create or delete arbitrary files and, consequently, execute arbitrary code. The flaw exists in Joyful Note versions prior to a released fix (reported as affected up to 5.3 in CVE con...

CVE-2015-2076

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

CVE-2015-2076

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

Design/Logic Flaw

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...

Design/Logic Flaw

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...

CVE-2015-2075

SAP BusinessObjects Edge 4.0 is vulnerable to an unauthenticated remote attack that can delete audit events from the auditee queue via the clearData CORBA operation. The root cause is improper authorization (CWE-285) in the CORBA interface, allowing an attacker to instruct the remote auditee to c...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...