CVE-2015-2815

CVE-2015-2815 affects the SAP NetWeaver Dispatcher in SAP Kernel. Vulnerable are SAP KERNEL 7.00 (32-bit, disp+work.exe 7000.52.12.34966) and 7.40 (64-bit, disp+work.exe 7400.12.21.30308). The issue is a buffer overflow in C_SAPGPARAM that can be exploited by an authenticated remote attacker to e...

CVE-2015-2813

CVE-2015-2813: XXE vulnerability in SAP Mobile Platform. The SAP XML parser at /scc/messagebroker/http improperly processes user-supplied DTDs, enabling remote attackers to disclose information, DoS, or read local files. Affected versions include SAP Mobile Platform 2.2 and 2.3 (likely others). R...

CVE-2015-2820

SAP Afaria’s XcListener is affected by a buffer overflow that can be triggered by a crafted request, causing remote denial of service (process termination). This is tied to CVE-2015-2820 and SAP Security Note 2132584. ERPScan’s advisory confirms the affected component and provides PoC details sho...

CVE-2015-2818

CVE-2015-2818 describes an XML External Entity (XXE) vulnerability in SAP Mobile Platform 3. The issue arises from XXE processing in XML inputs, allowing a remote attacker to craft XML that can cause requests to internal/intranet servers. The vulnerability is associated with SAP Mobile Platform 3...

CVE-2015-2818

XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513...

CVE-2015-2819

CVE-2015-2819 affects SAP Sybase SQL Anywhere 11 and 16. An anonymous, remotely exploitable DoS can be triggered by a crafted request, crashing the server. ERPScan’s advisory (ERPSCAN-15-010) and SAP Security Note 2108161 describe the vulnerability and remediation. A PoC is included in the adviso...

CVE-2015-2817

The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768...

Threat Outbreak Alert RuleID14395: Email Messages Distributing Malicious Software on March 31, 2015

Medium Alert ID: 38140 First Published: 2015 March 31 19:00 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID14395 may contain the following files: Name | Si...

SAP Mobile Platform 3 - XXE Vulnerability in Add Repository

Application: SAP Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 13.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2159601 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External...

KENT-WEB Joyful Note Arbitrary Code Execution Vulnerability

KENT-WEB Joyful Note is a suite of message board applications from the Japanese company KENT-WEB. A security vulnerability exists in KENT-WEB Joyful Note versions prior to 5.3. A remote attacker can exploit the vulnerability to delete or write arbitrary files and execute arbitrary code...

CVE-2015-0889

KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article...

CVE-2015-0889

KENT-WEB Joyful Note is affected by a vulnerability in how it handles uploaded files, allowing remote attackers to create or delete arbitrary files and, consequently, execute arbitrary code. The flaw exists in Joyful Note versions prior to a released fix (reported as affected up to 5.3 in CVE con...

CVE-2015-2076

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

CVE-2015-2076

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

Design/Logic Flaw

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...

Design/Logic Flaw

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...