3092 matches found
CVE-2015-2076
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...
CVE-2015-2076
The CVE-2015-2076 vulnerability affects SAP BusinessObjects Edge 4.0, where an unauthenticated remote attacker could read auditing information via the Auditing service. The Onapsis advisory and SAP notes identify an unauthorized access risk exposing audit events (e.g., report names, universe quer...
Joyful Note vulnerability in handling files
Overview Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#88862608: Joyful Note vulnerability in handling files
Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Impact A remote attacker may create arbitrary files or delete existing files on the server. As a result, arbitrary code may ...
SAP Mobile Platform 2.3 - XXE vulnerability in application import
Application: SAP Mobile Platform 2.3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 25.02.2015 Vendor response: 25.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152227 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: XML External...
SAP Afaria - Stored XSS
Application: SAP Afaria 7 Vendor URL: http://www.sap.com Bugs: XSS Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152669 Authors: Dmitry Chastukhin ERPScan Vulnerability information Class: XML External Entity CWE-79 Impact: Store...
CVE-2014-8268
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...
CVE-2014-8268
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...
CVE-2015-1311
The Extended Application Services XS in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...
Xxe
XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...
Sql injection
SQL injection vulnerability in SAP Adaptive Server Enterprise Sybase ASE allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2015-1310
SQL injection vulnerability in SAP Adaptive Server Enterprise Sybase ASE allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2015-1040
Multiple cross-site scripting XSS vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lrealname field in the editProfile form to index.php/home/profile; the 2 datatitle or 3 datadescription field in the...
CVE-2014-9595
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271...
CVE-2014-9594
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734...
Buffer overflow
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734...
Buffer overflow
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271...
CVE-2014-9594
The CVE-2014-9594 issue affects the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit. A buffer overflow in the Dispatcher (related to ABAP VM) allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. ERPScan notes that exploits ...
CVE-2014-9595
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271...