CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428...

CVE-2015-7992

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) is affected by CVE-2015-7992. Remote authenticated users can trigger a denial of service (memory corruption and indexserver crash) by calling the EXECUTE_SEARCH_RULE_SET stored procedure, per SAP Security Note 2175928. Exploitation details and exact ve...

CVE-2015-7992

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to cause a denial of service memory corruption and indexserver crash via unspecified vectors to the EXECUTESEARCHRULESET stored procedure, aka SAP Security Note 2175928...

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change...

cli

Getting started with the Snyk CLI Introduction to Snyk and...

CVE-2015-7986

The index server hdbindexserver in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via an HTTP request, aka SAP Security Note 2197428...

Memory corruption

The index server hdbindexserver in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via an HTTP request, aka SAP Security Note 2197428...

CVE-2015-7986

The index server hdbindexserver in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via an HTTP request, aka SAP Security Note 2197428...

CVE-2015-7986

The CVE-2015-7986 issue affects SAP HANA 1.00.095, where the index server (hdbindexserver) memory can be corrupted via a remote HTTP request, enabling potentially remote code execution. Public advisories (ERPScan ERPSCAN-15-024) describe memory corruption and RCE with full-system impact; vendor S...

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access

ERPSCAN Research Advisory ERPSCAN-15-017 SAP NetWeaver J2EE DAS service - Unauthorized Access Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA, probably others Vendor URL: http://SAP.com Bugs: Unauthorized access Sent: 20.04.2013 Reported: 21.04.2013 Vendor response: 21.04.2013...

SAP NetWeaver JAVA AS UDDI component - XXE vulnerability

Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.4 Vendor URL: SAP Bugs: XXE Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 14.04.2016 Reference: SAP Security Note 2254389 Author: Vahagn Vardanyan ERPScan Vulnerability Information Class: denial of service Impac...

SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS vulnerability Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...

SAP NetWeaver Java AS ctcprotocol servlet - XXE vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bug: XXE Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2235994 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...

flash-plugin: multiple code execution issue fixed in APSB15-27

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648...

CVE-2015-7730

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI BOXI 3.1 R3 allow remote attackers to cause a denial of service out-of-bounds read and listener crash via a crafted GIOP packet, aka SAP Security Note 2001108...

CVE-2015-7729

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

Sql injection

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

Cross site scripting

Cross-site scripting XSS vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898...

Sql injection

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the 1 trace configuration page or 2 getSqlTraceConfiguration function, aka SAP...

Memory corruption

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service memory corruption and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700...