Lucene search
K
ErpscanMost viewed

291 matches found

erpscan
erpscan
added 2008/10/01 12:0 a.m.51 views

Oracle Application Server (SOA) — Linked XSS vulnerability

Application:Oracle Application ServerSOA Versions Affected:Oracle Application ServerSOA version 10.1.3.1.0 Vendor URL: http://oracle.com Bugs:Multiple XSS Exploits: YES Reported: 10.01.2008 Vendor response:11.01.2008 Date of Public Advisory:13.01.2009 CVE: CVE-2008-4014 Description: XSS IN...

5.5CVSS0.2AI score0.01018EPSS
Exploits1
erpscan
erpscan
added 2015/05/09 12:0 a.m.50 views

SAP PCo agent - DoS vulnerability

Application: SAP PCo Vendor: Bugs: DoS Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2238619 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Denial of service Impact: Disrupt operational status Remotely Exploitable:...

7.8CVSS0.2AI score0.02958EPSS
Exploits0
erpscan
erpscan
added 2016/08/18 12:0 a.m.49 views

SAP Message Server HTTP remote DoS

Application: SAP KERNEL Versions Affected: SAP KERNEL 7.21-7.49 Vendor URL: SAP Bugs: Denial of Service Reported: 18.08.2016 Vendor response: 19.08.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2358972 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Denial of...

5CVSS7.8AI score0.01553EPSS
Exploits0
erpscan
erpscan
added 2014/06/16 12:0 a.m.49 views

SAP Router - Integer Overflow vulnerability

Application: SAP Network Interface Router SAProuter Versions Affected: SAP 40.4 – Win64/Linux x8664 Vendor URL: http://www.sap.com Vulnerability: XXE Reported: 16.06.2014 Vendor response: 17.06.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2037492 Authors: Roman Bazhin...

0.6AI score
Exploits0
erpscan
erpscan
added 2014/06/16 12:0 a.m.49 views

SAP NetWeaver AS Java CIM UPLOAD - XXE

Application: SAP NetWeaver AS Java Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 16.06.2014 Vendor response: 17.06.2014 Date of Public Advisory: 18.05.2015 Reference: SAP Security Note 2090851 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External...

7.5CVSS0.3AI score0.02934EPSS
Exploits0
erpscan
erpscan
added 2016/01/02 12:0 a.m.48 views

SAP Hybris E-commerce Suite VirtualJDBC - Default Credentials

Application: SAP Hybris E-commerce Suite Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3 Vendor URL: SAP Bugs: Default credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Author: Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: CWE-259 Use...

0.1AI score
Exploits0
erpscan
erpscan
added 2015/07/17 12:0 a.m.48 views

Oracle E-Business Suite - XXE injection vulnerability

Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...

6.4CVSS1.8AI score0.03119EPSS
Exploits0
erpscan
erpscan
added 2015/05/09 12:0 a.m.48 views

SAP NetWeaver - internal special account password leak

Application: SAP Netweaver Versions Affected: SAP Netweaver 7.4 Vendor URL: SAP Bugs: Coding error, Reading sensitive user data Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 08.12.2015 Reference: SAP Security Note 2240946 Author: Dmitry Chastuhin,...

0.9AI score
Exploits0
erpscan
erpscan
added 2015/04/12 12:0 a.m.48 views

SAP NetWeaver Enqueue Server - DoS vulnerability

Application: SAP AS JAVA Versions Affected: SAP AS JAVA 7.1 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2258784 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

5CVSS1.3AI score0.02615EPSS
Exploits0
erpscan
erpscan
added 2010/04/22 12:0 a.m.48 views

Lotus Domino Web Administrator - XSS

Application: Lotus Domino Versions Affected: Lotus Domino Web Administrator 6.5 and 8.5.1 Vendor URL: IBM Bugs: XSS Exploits: YES Reported: 22.04.2010 Vendor response: 22.04.2010 Date of Public Advisory: 24.03.2013 Reference: IBM CVE number: CVE-2013-0488 Author: Dmitry Chastukhin ERPScan...

4.3CVSS5.8AI score0.00931EPSS
Exploits0
erpscan
erpscan
added 2015/12/03 12:0 a.m.47 views

SAP Afaria - Authorization bypass, Insecure signature

Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Authorization bypass Reported: 12.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 12.05.2015 Reference: SAP Security Note 2134905 Authors: Dmitry Chastukhin ERPScan Description An anonymous attacker can spoof a...

1.1AI score
Exploits0
erpscan
erpscan
added 2015/04/12 12:0 a.m.47 views

SAP Telnet Console - Directory traversal vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2280371 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATIO...

0.7AI score
Exploits0
erpscan
erpscan
added 2014/09/12 12:0 a.m.47 views

SAP Afaria 7 XcListener - Missing authorization check

Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Missing authorization check Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2134905 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: DoS...

7.5CVSS2AI score0.02582EPSS
Exploits0
erpscan
erpscan
added 2015/10/20 12:0 a.m.46 views

SAP NetWeaver Java AS ctcprotocol servlet - XXE vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bug: XXE Reported: 20.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2235994 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...

6.4CVSS0.5AI score0.15058EPSS
Exploits5
erpscan
erpscan
added 2015/05/05 12:0 a.m.46 views

SAP xMII - Reflected XSS vulnerability

Application: SAP NetWeaver AS JAV Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: XSS Reported: 05.05.2015 Vendor response: 06.05.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2201295 Author: Nursultan Abubakirov , Vahagn Vardanyan ERPScan VULNERABILITY...

4.3CVSS6.3AI score0.01452EPSS
Exploits2
erpscan
erpscan
added 2016/09/03 12:0 a.m.45 views

SAP NetWeaver - buffer overflow vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.0-7.5 Vendor URL: SAP Bugs: buffer overflow Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author: Dmitry Yudin ERPScan VULNERABILITY INFORMATION Class: Denial ...

7.5CVSS0.2AI score0.02231EPSS
Exploits0
erpscan
erpscan
added 2016/06/17 12:0 a.m.45 views

SAP NetWeaver AS Java getUserUddiElements SQL Injection

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java ES UDDI 7.11 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 17.06.2016 Vendor response: 17.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2356504 Author: Vahagn Vardanyan ERPScan VULNERABILI...

0.1AI score
Exploits0
erpscan
erpscan
added 2015/07/13 12:0 a.m.45 views

SAP NetWeaver - SQL Injection

Application: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://www.sap.com Bugs: SQL injection Reported: 13.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 09.09.2015 Reference: SAP Security Note 2193389 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Information...

7.5CVSS0.3AI score0.0218EPSS
Exploits1
erpscan
erpscan
added 2008/01/29 12:0 a.m.45 views

Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection

Application: Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: Bugs: PL/SQL Injections Exploits: YES Reported: 29.01.2008 Vendor response: 31.01.2008 CVE: CVE-2009-1991 SVSS2: 3.6 Date of Public Advisory: 26.10.2009 Solution: YES Non official Author:...

3.6CVSS0.8AI score0.01712EPSS
Exploits0
erpscan
erpscan
added 2016/06/17 12:0 a.m.44 views

SAP NetWeaver Java 7.5 XXE

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2347439 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact: Denial of...

0.1AI score
Exploits0
erpscan
erpscan
added 2016/04/22 12:0 a.m.44 views

SAP NetWeaver AS ABAP - Directory traversal using READ DATASET

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: SAP Bugs: Directory traversal Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina ERPScan VULNERABILITY...

0.6AI score
Exploits0
erpscan
erpscan
added 2010/01/25 12:0 a.m.42 views

SAP NetWeaver ISpeak — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine Ispeak Application Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 25.01.2010 Vendor response: 26.01.2010 Date of Public Advisory: 0.07.2011 CVSS: 4.3 Author:Dmitriy Evdokimov Description SAP NetWeaver Ispeak...

6.1AI score
Exploits0
erpscan
erpscan
added 2015/04/16 12:0 a.m.41 views

SAP NetWeaver 7.4 - XXE

Application: SAP NetWeaver Portal 7.4 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 16.04.2015 Vendor response: 17.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: XML External Enti...

6.8CVSS0.5AI score0.01643EPSS
Exploits2
erpscan
erpscan
added 2015/03/13 12:0 a.m.40 views

SAP Mobile Platform 3 - XXE Vulnerability in Add Repository

Application: SAP Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 13.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2159601 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External...

7.5CVSS0.6AI score0.02885EPSS
Exploits1
erpscan
erpscan
added 2016/01/02 12:0 a.m.38 views

SAP SQL Anywhere MobiLink Synchronization Server - buffer overflow vulnerability

Application: SAP SQL Anywhere MobiLink Synchronization Server 17 Vendor URL: SAP Bug: Buffer overflow Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2308778 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Buffer...

4CVSS1.6AI score0.02024EPSS
Exploits0
erpscan
erpscan
added 2015/04/12 12:0 a.m.38 views

SAP JAVA AS jstart - DoS vulnerability

Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2259547 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...

5CVSS0.1AI score0.07075EPSS
Exploits0
erpscan
erpscan
added 2011/02/15 12:0 a.m.38 views

SAP GUI BAPI Explorer- Unauthorized execution of function

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Unauthorized execution Exploits: YES Reported: 15.02.2011 Vendor response:16.02.2011 Date of Public Advisory:11.11.2011 Author: Dmitriy Chastuchin Description SAP GUI BAPI Explorer has stored XSS which...

0.9AI score
Exploits0
erpscan
erpscan
added 2016/04/22 12:0 a.m.37 views

SAP NetWeaver 7.5 Information disclosure + port scan in SLD test application

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver SLD Vendor URL: SAP Bugs: Information disclosure Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2342940 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION...

7AI score
Exploits0
erpscan
erpscan
added 2015/02/25 12:0 a.m.37 views

SAP Mobile Platform 2.3 - XXE vulnerability in application import

Application: SAP Mobile Platform 2.3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 25.02.2015 Vendor response: 25.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152227 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: XML External...

6.8CVSS0.6AI score0.01635EPSS
Exploits2
erpscan
erpscan
added 2015/02/18 12:0 a.m.37 views

SAP Afaria - Stored XSS

Application: SAP Afaria 7 Vendor URL: http://www.sap.com Bugs: XSS Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152669 Authors: Dmitry Chastukhin ERPScan Vulnerability information Class: XML External Entity CWE-79 Impact: Store...

4.3CVSS0.6AI score0.01273EPSS
Exploits1
erpscan
erpscan
added 2008/11/13 12:0 a.m.36 views

SAP GUI 6.4 Buffer Overflow Vulnerability

Application: EnjoySAP, SAP GUI for Windows Versions Affected: Version 6.4 Vendor URL: Bugs: Buffer Overflow Exploits: YES Reported: 13.11.2008 Vendor response: 17.11.2008 Date of Public Advisory: 08.06.2009 Author: Alexandr Polyakov Description SAP GUI for Windows version 6.4 contains ActiveX...

1.5AI score
Exploits0
erpscan
erpscan
added 2015/05/09 12:0 a.m.35 views

SAP MII - Encryption Downgrade vulnerability

Application: SAP MII Vendor URL: http://www.sap.com Bugs: Cryptographic issues Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2240274 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Cryptographic issues Impact: readi...

5CVSS0.4AI score0.00968EPSS
Exploits0
erpscan
erpscan
added 2010/08/24 12:0 a.m.35 views

SAP GUI (SAPGUI) — DLL hijacking

Application: SAP GUI Versions Affected: 6.4 — 7.2 Vendor URL: Bugs: DLL hijacking Exploits: YES Reported: 24.08.2010 Vendor response: 26.08.2010 Date of Public Advisory: 09.03.2011 CVE-number: Author: Alexey Sintsov, Alexandr Polyakov Description SAP Front End applications SAPGui.exe are vulnerab...

0.2AI score
Exploits0
erpscan
erpscan
added 2014/06/03 12:0 a.m.34 views

SAP NetWeaver - Hardcoded Credentials

Application: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Hardcoded credentials Reported: 06.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2057982 Authors: Rustem Gazizov, Diana Grigorieva ERPScan VULNERABILITY INFORMATION Class:...

0.8AI score
Exploits0
erpscan
erpscan
added 2015/09/28 12:0 a.m.33 views

SAP HANA - log injection and no size restriction

Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://www.sap.com Bugs: Log injection Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Log injectio...

0.4AI score
Exploits0
erpscan
erpscan
added 2011/05/13 12:0 a.m.33 views

SAP NetWeaver RZL_READ_DIR_LOCAL - missing authorization check and SMB Relay vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Missing auth check Exploits: YES Reported: 13.05.2011 Vendor response:15.05.2011 Date of Public Advisory:13.03.2012 Reference: SAP Security Note 1595074 Author:Alexey Tyurin ERPScan Description Missing...

0.4AI score
Exploits0
erpscan
erpscan
added 2008/01/25 12:0 a.m.33 views

SAP Netviewer 7.0 — XSS Security Vulnerability

Application: SAP Web Application Server, Web Dynpro ABAP and for BSP Versions Affected: Version 7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 CVE number: 2008-2421 Description: XSS IN BPELCONSOLE/DEFAULT/ACTIVITIES.JSP...

Exploits0
erpscan
erpscan
added 2011/05/13 12:0 a.m.32 views

SAP NetWeaver RFC WSDL - XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 6.40, 7.02 and maybe others Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Date of Public Advisory: 13.06.2012 Reference: SAP Security Note 1614834 Author: Alexey Tyurin ERPScan...

0.3AI score
Exploits0
erpscan
erpscan
added 2014/04/04 12:0 a.m.31 views

SAP HANA net.xsjs - SQL injection

Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: YES Reported: 04.04.2014 Vendor response: 04.04.2014 Date of Public Advisory: 21.08.2014 Reference: SAP Security Note 2014881 Author: Dmitry Chastukhin, Vahagn Vardanyan ERPScan...

0.6AI score
Exploits0
erpscan
erpscan
added 2016/01/02 12:0 a.m.30 views

SAP Business Object Data Services - directory traversal

Application: SAP Data Services 4.2 Vendor URL: SAP Bug: Directory Travesal Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2300346 Author: Nursultan Abubakirov ERPScan VULNERABILITY INFORMATION Class: directory traversal Impact:...

1AI score
Exploits0
erpscan
erpscan
added 2011/08/04 12:0 a.m.30 views

SAP Internet Sales - XSS

Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: High Exploits: YES Reported: 08.04.2011 Vendor response: 08.04.2011 Date of Public Advisory: 17.02.2012 Reference: SAP Security Note 1583300 Description SAP NetWeaver 7.0 Internet Sales crm.b2b has XSS vulnerability. Business Risk An attacker...

6.1AI score
Exploits0
erpscan
erpscan
added 2010/01/04 12:0 a.m.30 views

SAP NetWeaver performanceProvierRoot - XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Information disclose Exploits: YES Reported: 01.04.2010 Vendor response: 08.04.2010 Date of Public Advisory: 17.06.2011 CVSS: 5.0 Author:Dmitriy Chastuhin Description SAP NetWeaver...

6.1AI score
Exploits0
erpscan
erpscan
added 2016/04/22 12:0 a.m.29 views

SAP NetWeaver AS JAVA - deserialization of untrusted user value

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver 7.5 Vendor URL: SAP Bugs: Denial of Service Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2315788 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...

Exploits0
erpscan
erpscan
added 2016/01/02 12:0 a.m.29 views

SAP Hybris E-commerce Suite VirtualJDBC SQL Injection

Application: SAP Hybris E-commerce Vendor URL: SAP Bugs: SQL Injection Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 14.02.2016 Reference: SAP replied “Due to the fact that this issue is inside Hybris cloud we don’t provide a security note. Please mention inside your...

0.1AI score
Exploits0
erpscan
erpscan
added 2011/08/04 12:0 a.m.29 views

SAP NetWeaver SPML - XML External Entity

Application: SAP NetWeaver JAVA Versions Affected: 6.40/7.02 maybe others Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 08.04.2011 Vendor response: 09.04.2011 Patched by SAP: 11.09.2012 Date of Public Advisory: 15.12.2012 Reference: SAP Security Note 1621534...

0.6AI score
Exploits0
erpscan
erpscan
added 2011/03/14 12:0 a.m.29 views

SAP NetWeaver Runtime — Multiple XSS

Description SAP NetWeaver Integration Directory has linked XSS vulnerability: XSS in errormsg.jsp XSS in ViewCaches.jsp Stored XSS in ViewLogger.jsp POST and Stored XSS in ShowMemLog Business Risk An attacker can use XSS vulnerability by sending a link on malicious script to an unaware user via a...

Exploits0
erpscan
erpscan
added 2010/03/09 12:0 a.m.29 views

[ZDI-10-290] SAP NetWeaver Business Client SapThemeRepository ActiveX Control Remote Code Execution Vulnerability

Application: SAP NetWeaver, TippingPoint™ IPS Customer Protection Versions Affected: Vendor URL: Bugs: Reported: 03.09.2010 Vendor response: Date of Public Advisory: 14.12.2010 Author: Alexandr Polyakov, Alexey Sintsov Description This vulnerability allows remote attackers to execute arbitrary co...

0.5AI score
Exploits0
erpscan
erpscan
added 2014/12/29 12:0 a.m.28 views

SAP Mobile Platform - XXE

Application: Mobile Platform 3 Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 29.12.2014 Vendor response: 30.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2125513 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XML External Entity...

0.5AI score
Exploits0
erpscan
erpscan
added 2012/09/19 12:0 a.m.28 views

SAP NetWeaver HTTPd - Partial HTTP POST requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 19.09.2012 Vendor response: 20.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1966655 Author: Alexey Tyurin ERPScan...

0.4AI score
Exploits0
erpscan
erpscan
added 2010/09/12 12:0 a.m.28 views

SAP NetWeaver SOAP RFC – Denial of Service / Integer overflow

Application: SAP NetWeaver Kernel Versions Affected: ernel 4.6 – 7.2 Vendor URL: http://www.sap.com Bugs:XML Attribute Blow-up attack Exploits: YES Reported: 09.12.2010 Vendor response: 10.12.2010 Solution:YES Date of Public Advisory: 20.07.2011 Author: Alexey Sintsov Description It is possible t...

1.3AI score
Exploits0
Total number of security vulnerabilities291