Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

769 matches found

Cvelist
Cvelistadded 2017/09/19 4:0 p.m.21 views

CVE-2017-14581

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service service crash via a crafted request, aka SAP Security Note 2389181...

7.4AI score0.01706EPSS
Exploits0References1
Prion
Prionadded 2017/09/17 9:29 p.m.14 views

Code injection

An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...

5CVSS7.4AI score0.01408EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2017/09/17 9:29 p.m.3 views

CVE-2017-14511

An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...

7.5CVSS5.8AI score
Exploits0References3
Cvelist
Cvelistadded 2017/09/17 9:0 p.m.16 views

CVE-2017-14511

An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...

7.4AI score0.01408EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2017/08/29 12:0 a.m.94 views

OS Identification : OUI

This plugin attempts to identify the operating system by examining the MAC address OUI. C Tenable, Inc. include"compat.inc"; if description scriptid102821; scriptversion"2.9"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/06/23"; scriptnameenglish:"OS Identification : OUI";...

7AI score
Exploits0
CVE
CVEadded 2017/08/07 8:0 p.m.250 views

CVE-2017-12637

SAP NetWeaver Application Server Java 7.5 is affected by a local/file read vulnerability (CVE-2017-12637) in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows remote attackers to read arbitrary server files via a .. in the query string. The issue is confirmed in multiple connected s...

7.5CVSS7.4AI score0.94557EPSS
In wildExploits3References2Affected Software1
NVD
NVDadded 2017/07/25 6:29 p.m.32 views

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

6.5CVSS6.3AI score0.01373EPSS
Exploits0References2
NVD
NVDadded 2017/07/25 6:29 p.m.11 views

CVE-2017-11458

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

6.1CVSS6.1AI score0.0097EPSS
Exploits0References2
NVD
NVDadded 2017/07/25 6:29 p.m.16 views

CVE-2017-11460

Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...

6.1CVSS6.1AI score0.01146EPSS
Exploits0References3
NVD
NVDadded 2017/07/25 6:29 p.m.28 views

CVE-2017-11459

SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...

9.8CVSS9.8AI score0.02354EPSS
Exploits0References1
OSV
OSVadded 2017/07/25 6:29 p.m.3 views

CVE-2017-11460

Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...

6.1CVSS5.9AI score
Exploits0References3
OSV
OSVadded 2017/07/25 6:29 p.m.5 views

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

6.5CVSS5.9AI score0.01373EPSS
Exploits0References2
Prion
Prionadded 2017/07/25 6:29 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

4.3CVSS6AI score0.0097EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2017/07/25 6:29 p.m.19 views

Server side request forgery (ssrf)

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

4CVSS6.2AI score0.01373EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2017/07/25 6:29 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...

4.3CVSS6AI score0.01146EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2017/07/25 6:29 p.m.21 views

Command injection

SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...

7.5CVSS9.8AI score0.02354EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2017/07/25 6:0 p.m.65 views

CVE-2017-11457

CVE-2017-11457 is an XXE vulnerability in SAP NetWeaver AS JAVA 7.5, affecting the component com.sap.km.cm.ice . A remote authenticated attacker can abuse a crafted XML DTD to read arbitrary files or perform SSRF. The issue is documented against SAP NetWeaver AS JAVA 7.5 via SAP Security Note 238...

6.5CVSS6.2AI score0.01373EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2017/07/25 6:0 p.m.42 views

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

6.3AI score0.01373EPSS
Exploits0References2
Cvelist
Cvelistadded 2017/07/25 6:0 p.m.24 views

CVE-2017-11460

Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...

6.1AI score0.01146EPSS
Exploits0References3
Cvelist
Cvelistadded 2017/07/25 6:0 p.m.17 views

CVE-2017-11458

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

6.1AI score0.0097EPSS
Exploits0References2
Rows per page
Query Builder