769 matches found
CVE-2015-7727
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the 1 trace configuration page or 2 getSqlTraceConfiguration function, aka SAP...
CVE-2015-7728
Cross-site scripting XSS vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898...
CVE-2015-7729
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...
SAP NetWeaver 7.4 (ProxyServer servlet) - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: Cross Site Scripting XSS Reported: 10.08.2015 Vendor response: 11.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2220571 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class...
SAP NetWeaver Java AS - multiple XSS vulnerabilities
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: leakage...
SAP HANA - log injection and no size restriction
Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://www.sap.com Bugs: Log injection Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Log injectio...
SAP HANA hdbxsengine JSON - DoS
Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: DoS Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: DoS Impact:...
SAP Netweaver XML External Entity Injection
Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : =================== SAP Netwear : XML Content and Actions - Import section. Vulnerabilities : XML External Entity Injection ...
SAP NetWeaver AS JAVA - information disclosure vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2256846 Author: Vahagn Vardanyan ERPScan VULNERABILI...
[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials
ERPSCAN Research Advisory ERPSCAN-15-015 SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date ...
[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository
ERPSCAN Research Advisory ERPSCAN-15-014 SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015...
SAP Mobile Platform 3 XXE Injection
ERPSCAN Research Advisory ERPSCAN-15-014 SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015...
CVE-2015-6664
XML external entity XXE vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227...
CVE-2015-6663
Cross-site scripting XSS vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669...
Cross site scripting
Cross-site scripting XSS vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669...
CVE-2015-6662
XML external entity XXE vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485...
CVE-2015-6663
CVE-2015-6663 is a stored XSS vulnerability in SAP Afaria 7 affecting the Device Inspector page, specifically the Client form. The issue arises because the Client name field data is inserted into the page without proper escaping, enabling an attacker to inject arbitrary script via crafted data. T...
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device...
SAP NetWeaver AS JAVA - SQL injection vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 18.08.2015 Vendor response: 19.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan ERPScan VULNERABILITY...
SAP xMII - directory traversal vulnerability
Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: SAP Bugs: Directory traversal Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: CWE-36 Impact...