291 matches found
Oracle E-Business Suite - XXE injection vulnerability
Application: Oracle E-Business Suite Version Affected: Oracle E-Business Suite 12.1.3, probably others Vendor: Oracle Bugs: XXE injection Reported:17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 19.01.2016 Reference: Oracle CPU Jan 2016 Author: Nikita Kelesis, Ivan Chalykin, Alexe...
SAP RFC EPS_DELETE_FILE — Authorisation bypass, smbrelay
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs:Auth bypass, directory traversal, smbrelay Exploits: YES Reported: 15.01.2011 Vendor response: 25.01.2011 Date of Public Advisory: 22.08.2011 Author: Alexey Sintsov Description Security...
SAP Netweaver Java deserialization of untrusted user value in metadatauploader
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7400.12.21.30308 Vendor URL: SAP Bugs: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2399804 Author: Vahagn VardanyanERPScan & Mathieu Geli ERPScan VULNERABILITY...
Oracle E-Business Suite - SQL injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: SQL injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov ERPScan VULNERABILITY INFORMATION Class: SQL...
SAP Netweaver AS Java - XXE vulnerability in Visual Composer VC70RUNTIME
Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2386873 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...
SAP NetWeaver AS JAVA - information disclosure vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2256846 Author: Vahagn Vardanyan ERPScan VULNERABILI...
SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...
SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...
SAP NetWeaver Management Console (gSOAP) - Partial HTTP requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
Lotus Domino Web Administrator - Cross Site Command Execution
Application: Lotus Domino Versions Affected: Lotus Domino Web Administrator 6.5 and 8.5.1 Vendor URL: IBM Bugs: CSRF, Command execution Exploits: YES Reported: 22.04.2010 Vendor response: 22.04.2010 Date of Public Advisory: 24.03.2013 Reference: IBM CVE number: CVE-2013-0489 Author: Alexander...
Oracle Secure Enterprise Search 10.1.8 Linked XSS Vulnerability
Application: Oracle Secure Enterprise Search SES Versions Affected: Oracle Secure Enterprise Search SES version 10.1.8.2.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 21.01.2009 Vendor response: 23.01.2009 Date of Public Advisory: 16.07.2009 CVE: CVE-2009-1968 Description: XSS IN search query...
Oracle E-Business Suite – XXE injection vulnerability
Application: Oracle E-Business Suite Vendor: Oracle Versions Affected: Oracle E-Business Suite 12.1.3, probably others Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 19.01.2016 Reference: Oracle CPU Jan 2016 Author: Nikita Kelesis, Ivan Chalykin,...
SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS vulnerability Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...
SAP Kernel - RCE and DoS vulnerability
Application: SAP NetWeaver Dispatcher Versions Affected: SAP Kernel 7.00 32BIT, 7.40 64BIT Vendor URL: http://www.sap.com Vulnerability: Buffer Overflow – RCE, Denial of Service Exploits: YES Reported: 25.08.2014 Vendor response: 25.08.2014 Date of Public Advisory: 15.12.2014 Reference: SAP...
Oracle Document Capture ActiveX — Insecure method, buffer overflow
Application: Oracle Document Capture Versions Affected: Oracle Document Capture 10.1.3.5 Vendor URL: Bugs: Insecure method. Buffer overflow. Exploits: YES Reported: 14.12.2009 Vendor response: 15.12.2009 Date of Public Advisory: 24.01.2011 CVE-number: CVE-2010-3599 Author: Alexandr Polyakov...
SAP Afaria 7 XComms - BoF
Application: SAP Afaria 7.00.6620.2 SP5 Vendor URL: http://www.sap.com Bugs: BoF Reported: 13.03.2015 Vendor response: 14.03.2015 Date of Public Advisory: 18.05.2015 Reference: SAP Security Note 2153690 Authors: Dmitry Chastukhin ERPScan Vulnerability information Class: XML External Entity CWE-12...
Sybase SQL Anywhere 11 and 16 - DoS
Application: Sybase SQL Anywhere 11 and 16 Vendor URL: Bugs: DoS Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2108161 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: DoS CWE-122 Impact: DoS Remotely Exploitabl...
Oracle E-Business Suite - XXE injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...
SAP NetWeaver AS Java 7.4 DataArchivingService servlet XSS
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: XXS Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2308535 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...
SAP NetWeaver Portal ReportXmlViewer - XXE
Application: SAP NetWeaver Portal 7.31.201109172004 Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 06.11.2014 Vendor response: 07.11.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2111939 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...
Oracle BI help page - XSS
Application: Oracle Business Intelligence Versions Affected: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Vendor URL: http://www.oracle.com Bugs: XSS/phishing credentials Exploits: YES Reported: 26.06.2009 Vendor response: 27.06.2009 Last response: 30.06.2009 Patched: 16.10.2012 Dat...
SAP NetWeaver JAVA AS UDDI component - XXE vulnerability
Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.4 Vendor URL: SAP Bugs: XXE Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 14.04.2016 Reference: SAP Security Note 2254389 Author: Vahagn Vardanyan ERPScan Vulnerability Information Class: denial of service Impac...
SAP Mobile Platform - XXE
Application: Mobile Platform Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 06.11.2014 Vendor response: 07.11.2014 Date of Public Advisory: 15.02.2015 Reference: SAP Security Note 2125358 Authors: Dmitry Chastukhin ERPScan VULNERABILITY INFORMATION Class: XML External Entity...
SAPKERNEL C_SAPGPARAM - RCE, DoS
Application: SAP NetWeaver Dispatcher Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe 7000.52.12.34966, SAP KERNEL 7.40 64BIT, disp+work.exe 7400.12.21.30308 Vendor URL: http://www.sap.com Bugs: Buffer Overflow Reported: 17.08.2014 Vendor response: 18.08.2014 Date of Public Advisory:...
SAP NetWeaver Portal XMLValidationComponent - XXE
Application: SAP NetWeaver Portal Versions Affected: SAP NetWeaver Portal 7.31.201109172004 Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 06.11.2014 Vendor response: 07.11.2014 Date of Public Advisory: 15.02.2015 Reference: SAP Security Note 2093966 Authors: Vahagn Vardanyan...
Oracle Application Server — Linked XSS vulnerability
Application: Oracle BPEL Console version 10.1.3.3.0 Versions Affected: Oracle BPEL Console version 10.1.3.3.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 18.03.2009 Vendor response: 19.03.2009 Date of Public Advisory: 20.10.2010 CVE: CVE-2010-3581 Author: Alexandr Polyakov Description XSS in...
SAP xMII - directory traversal vulnerability
Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: SAP Bugs: Directory traversal Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: CWE-36 Impact...
Oracle E-Business Suite - Cross-site Scripting vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: Cross-site Scripting Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: Cross-site...
SAP NetWeaver AS JAVA - SQL injection vulnerability
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 18.08.2015 Vendor response: 19.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan ERPScan VULNERABILITY...
SAP Kernel - RCE, DoS
Application: SAP NetWeaver Dispatcher Versions Affected: SAP Kernel 7.00 32BIT, 7.40 64BIT Vendor URL: http://www.sap.com Bugs: Buffer Overflow – RCE, DoS Exploits: YES Reported: 25.08.2014 Vendor response: 25.08.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2059734 Author...
SAP NetWeaver 7.4 (ProxyServer servlet) - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: Cross Site Scripting XSS Reported: 10.08.2015 Vendor response: 11.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2220571 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class...
Oracle Document Capture empop3.dll — insecure method
Application: Oracle Document Capture Versions Affected: 6.4 — 7.2 Vendor URL: http://www.oracle.com Bugs: Insecure method, File overwriting, File deleting Exploits: YES Reported: 22.03.2010 Vendor response: 31.03.2010 Date of Public Advisory: 24.01.2011 CVE-number:CVE-2010-3591 Author: Evdokimov...
Oracle BI Publisher — Response Splitting
Application: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Versions Affected: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Vendor URL: Bugs: Response Splitting, XSS, Phishing credentials Exploits: YES Reported: 03.03.2009 Vendor response: 04.03.2009 Last response:...
SAP ASE ODATA Server - Denial of Service
Application: SAP ASE Versions Affected: SAP ASE 16 Vendor URL: SAP Bugs: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2330422 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Denial of Service...
Oracle E-Business Suite - XXE injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...
Oracle Document Capture ImportBodyText — read files
Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL: Oracle Bugs: Unsecure READ method Exploits: YES Reported: 29.01.2010 Second report: 02.02.2010 Date of Public Advisory: 24.01.2010 CVE-number:CVE-2010-3595 Author: Alexey Sintsov Description EasyMail ActiveX Control...
SAP AS JAVA DoS in BC-IAM-SSO-OTP package via QR Servlet
Application: SAP AS JAVA SSO Authentication Library Versions Affected: SAP AS JAVA SSO Authentication Library 2.0-3.0 Vendor URL: SAP Bugs: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2389042 Author: Vahagn Vardanyan ERPSca...
SAP JAVA AS icman - DoS vulnerability
Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2256185 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...
SAP HANA metadata.xsjs - SQL injection
Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: YES Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2067972 Author: Dmitry Chastukhin ERPScan Description SQL...
SAP Management Console ReadProfile Parameters - Information disclosure
Application: SAP NetWeaver 7.40 Vendor URL: http://www.sap.com Bugs: Information disclosure Reported: 06.11.2014 Vendor response: 07.11.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2091768 Authors: Dmitry Chastukhin ERPScan VULNERABILITY INFORMATION Class: Information...
Oracle BI — WB_OLAP_AW_REMOVE_SOLVE_ID - privilege escalation
Application: Oracle BI Versions Affected: Oracle BI Oracle Warehouse Builder 10.2.0.5, 11.1.0.7 Vendor URL: http://oracle.com Bugs: PL/SQL Injection, privilege escalation Exploits: YES Reported: 20.04.2009 Vendor response: 22.04.2009 Last response: 12.04.2011 Date of Public Advisory: 16.06.2011...
SAP NetWeaver AS JAVA XSS in portal app component
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java RTC 7.0-7.3 Vendor URL: SAP Bugs: XSS Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2341302 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...
SAP HANA hdbindexserver - Memory corruption
Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: RCE, Memory corruption Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public Advisory: 13.10.2015 Reference: SAP Security Note 2197428 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION...
SAP NetWeaver - Authentication bypass (Verb Tampering)
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 14.03.2011 Vendor response:15.03.2011 Date of Public Advisory:11.11.2011 CVSS: 10 by ERPSCAN 7.3 by SAP Author:Alexandr Polyakov Description...
SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component (CVE-2016-9563)
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XXE...
SAP NetWeaver XI SOAP Adapter — XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver XI SOAP Adapter 3.0-7.11 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of Public Advisory: 09.03.2011 CVE-number: Author: Dmitriy Evdokimov Description SAP Netweaver 70 application XI SOAP...
Oracle BI — WB_OLAP_AW_SET_SOLVE_ID - privilege escalation
Application: Oracle BI Versions Affected: Oracle BI Oracle Warehouse Builder 10.2.0.5, 11.1.0.7 Vendor URL: http://oracle.com Bugs: PL/SQL Injection, privilege escalation Exploits: YES Reported: 20.04.2009 Vendor response: 22.04.2009 Last response: 12.04.2011 Date of Public Advisory: 24.05.2011...
SAP Afaria 7 XcListener - Buffer overflow
Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: BoF Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2132584 Author: Vahagn Vardanyan ERPScan Vulnerability information Class: DoS CWE-400 Impact: DoS Remotely...
SAP NetWeaver AS JAVA icman - DoS vulnerability (CVE-2016-9562)
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2313835 Author: Vahagn Vardanyan ERPScan VULNERABILITY...
Oracle E-Business Suite - Database user enumeration vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: User enumeration Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov ERPScan VULNERABILITY INFORMATION Class:...