Xxe

XML external entity XXE vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service system hang via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389...

Information disclosure

The Data Provisioning Agent aka DP Agent in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742...

Code injection

The Data Provisioning Agent aka DP Agent in SAP HANA allows remote attackers to cause a denial of service process crash via unspecified vectors, aka SAP Security Note 2262710...

CVE-2016-4016

Cross-site scripting XSS vulnerability in SAP Manufacturing Integration and Intelligence aka MII, formerly xMII 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication, aka SAP Securi...

CVE-2016-4017

CVE-2016-4017 concerns SAP HANA’s Data Provisioning Agent (DP Agent). The vulnerability enables remote attackers to cause a denial of service (process crash) via unspecified vectors, as referenced by SAP Security Note 2262710. The Connected documents corroborate this description across multiple c...

CVE-2016-4016

CVE-2016-4016: SAP Manufacturing Integration Intelligence (MII / xMII) 15 is affected by a reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the title parameter of the NavigationApplication URL (webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigati...

CVE-2016-4015

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted request, aka SAP Security Note 2258784...

Samba Security Updates Address Badlock Vulnerabilities

The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a...

Linux ASLR vulnerabilities: an attacker with unlimited disable ASLR（CVE-2 0 1 6-3 6 7 2-the vulnerability warning-the black bar safety net

! Recently, security personnel repair a Linux ASLR in a relatively old vulnerability, with x86 devices on the 3 2-bit application usage rights of any user, by the RLIMITSTACK resource is set to“unlimited”you can disable ASLR. The vulnerability CVE number CVE-2 0 1 6-3 6 7 2, The CNNVD number of...

Design/Logic Flaw

The Java Startup Framework aka jstart in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted HTTP request, aka SAP Security Note 2259547...

Memory corruption

Internet Communication Manager aka ICMAN or ICM in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service heap memory corruption and process crash via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185...

CVE-2016-3980

The Java Startup Framework aka jstart in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted HTTP request, aka SAP Security Note 2259547...

CVE-2016-3979

Internet Communication Manager aka ICMAN or ICM in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service heap memory corruption and process crash via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185...

Authorization

The XML Data Archiving Service XML DAS in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to 1 webcontent/cas/casenter.jsp, 2...

CVE-2015-8840

The XML Data Archiving Service XML DAS in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to 1 webcontent/cas/casenter.jsp, 2...

CVE-2016-3976

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971...

CVE-2016-3976

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971...

CVE-2016-3975

Cross-site scripting XSS vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP...

CVE-2016-3974

XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...

CVE-2016-3973

The chat feature in the Real-Time Collaboration RTC services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tcrtccoll.appl.rtcwdchat/Chat, pressing "Add users", and doing a search, aka SAP...