SAP HANA 1.00.095 - hdbindexserver Memory Corruption

SAP HANA 1.00.095 - hdbindexserver Memory Corruption ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public...

Samsung Note 3 and Galaxy S6 Denial of Service Vulnerability

The Samsung Note 3 and Galaxy S6 are both smartphones released by the South Korean company Samsung Samsung. A security vulnerability exists in the Samsung Note 3 and Galaxy S6. An attacker can exploit the vulnerability to cause a denial of service null pointer backreference by sending an HTTP...

SAP HANA 1.00.095 - hdbindexserver Memory Corruption

ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public Advisory: 13.10.2015 Reference: SAP Security Note 2197428...

The core area of URL filtering vulnerability affects Samsung Note 3, The Galaxy S6(CVE-2 0 1 6-2 0 3 6)-vulnerability warning-the black bar safety net

A Samsung Note 3, The Galaxy S6 phone Bug-the kernel area of the URL filter will appear what problem? Author: Roberto Paleari @rpaleari and Aristide Fattori @joystickID: CVE-2 0 1 6-2 0 3 6 notification date: 20/10/2 0 1 5 release date: 20/01/2 0 1 6 in the study of the Samsung Android kernel, we...

CVE-2016-1928

Buffer overflow in the XS engine hdbxsengine in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978...

Design/Logic Flaw

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service disk consumption and process crash via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978...

Buffer overflow

Buffer overflow in the XS engine hdbxsengine in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978...

CVE-2016-1928

Buffer overflow in the XS engine hdbxsengine in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978...

CVE-2016-1910

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...

Code injection

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...

CVE-2016-1910

CVE-2016-1910 affects SAP NetWeaver 7.4 UME (User Management Engine) and is described as a cryptographic issue enabling attackers to decrypt data via unspecified vectors (SAP Security Note 2191290). The connected materials indicate this is a crypto-issue vulnerability with publicly available PoCs...

SAP Netweaver Java deserialization of untrusted user value in metadatauploader

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7400.12.21.30308 Vendor URL: SAP Bugs: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2399804 Author: Vahagn VardanyanERPScan & Mathieu Geli ERPScan VULNERABILITY...

SAP Hostcontrol remote DOS

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...

Authorization

SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905...

CVE-2015-8753

The CVE concerns SAP Afaria 7.0.6001.5, where a crafted request allows remote attackers to bypass authorization and wipe or lock mobile devices. The issue is described as related to an

SAP Business Object Data Services - directory traversal

Application: SAP Data Services 4.2 Vendor URL: SAP Bug: Directory Travesal Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2300346 Author: Nursultan Abubakirov ERPScan VULNERABILITY INFORMATION Class: directory traversal Impact:...

SAP Adaptive Server Enterprise - DoS vulnerability

Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: SAP Bug: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author: Vahgan Vardanyan ERPScan...

SAP SQL Anywhere MobiLink Synchronization Server - buffer overflow vulnerability

Application: SAP SQL Anywhere MobiLink Synchronization Server 17 Vendor URL: SAP Bug: Buffer overflow Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2308778 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Buffer...

[Responsible disclosure] How I could have removed all your Facebook notes

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Summary: This blog post is about an Insecure direct object reference vulnerability in Facebook Notes using which attacker could have removed all your notes just b...

SAP Afaria - Authorization bypass, Insecure signature

Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Authorization bypass Reported: 12.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 12.05.2015 Reference: SAP Security Note 2134905 Authors: Dmitry Chastukhin ERPScan Description An anonymous attacker can spoof a...