Out-of-bounds

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI BOXI 3.1 R3 allow remote attackers to cause a denial of service out-of-bounds read and listener crash via a crafted GIOP packet, aka SAP Security Note 2001108...

CVE-2015-6507

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service memory corruption and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700...

CVE-2015-6507

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service memory corruption and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700...

CVE-2015-7726

Cross-site scripting XSS vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898...

CVE-2015-7727

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the 1 trace configuration page or 2 getSqlTraceConfiguration function, aka SAP...

CVE-2015-7729

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...

CVE-2015-7728

Cross-site scripting XSS vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898...

CVE-2015-7730

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI BOXI 3.1 R3 allow remote attackers to cause a denial of service out-of-bounds read and listener crash via a crafted GIOP packet, aka SAP Security Note 2001108...

CakePHP 3.0.5 XML Class SSRF

============================================================================= Title : CakePHP Xml class SSRF Vulnerability CVE Number : N/A not assigned Affected Software : Confirmed on CakePHP v3.0.5 prior versions may also be affected Credit : Takeshi Terada of Mitsui Bussan Secure Directions,...

SAP NetWeaver 7.4 (ProxyServer servlet) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: Cross Site Scripting XSS Reported: 10.08.2015 Vendor response: 11.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2220571 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class...

CVE-2015-5652

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really ...

Threat Outbreak Alert RuleID18385: Email Messages Distributing Malicious Software on September 30, 2015

Medium Alert ID: 41292 First Published: 2015 September 30 14:02 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18385 may contain the following files: Name ...

SAP NetWeaver Java AS - multiple XSS vulnerabilities

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: leakage...

SAP HANA - log injection and no size restriction

Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://www.sap.com Bugs: Log injection Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Log injectio...

SAP HANA hdbxsengine JSON - DoS

Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: DoS Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: DoS Impact:...

SAP Netweaver XML External Entity Injection

Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : =================== SAP Netwear : XML Content and Actions - Import section. Vulnerabilities : XML External Entity Injection ...

SAP NetWeaver AS JAVA - information disclosure vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2256846 Author: Vahagn Vardanyan ERPScan VULNERABILI...

[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials

ERPSCAN Research Advisory ERPSCAN-15-015 SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date ...

[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

ERPSCAN Research Advisory ERPSCAN-15-014 SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015...

Threat Outbreak Alert RuleID17898: Email Messages Distributing Malicious Software on September 11, 2015

Medium Alert ID: 40947 First Published: 2015 September 11 14:10 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17898 may contain the following files: Name ...