291 matches found
SAP NetWeaver logon.html — XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver SAPBASIS 620-730 Vendor URL: Bugs: XSS Exploits: YES Reported: 05.02.2010 Vendor response: 06.02.2010 Date of Public Advisory: 09.03.2011 CVE-number: Author: Alexey Sintsov Description SAP NetWeaver BSP logon page has linked XSS...
Oracle Database 11g — EXFSYS PL/SQL injection vulnerability
Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of Public Advisory: 13.01.2009 Author: Alexandr Polyakov Description...
SAP NetWeaver Portal IView - XSS
Application: SAP NetWeaver Portal Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 29.07.2010 Vendor response: 30.07.2010 Patched: 13.03.2012 Date of Public Advisory: 17.06.2012 Reference: SAP Security Note 1656549 Author: Dmitriy Chastuchin ERPScan Description SAP NetWeaver Portal...
SAP Hostcontrol remote DOS
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...
SAP NetWeaver AS JAVA - XSS vulnerability
Application: SAP NetWeaver Portal 7.4 Vendor URL: SAP Bug: XSS Reported: 12.08.2015 Vendor response: 13.08.2015 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2256178 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: XSS Impact: modify displayed content from a Web...
SAP NetWeaver AdapterFramework - information disclosure
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 06.12.2011 Vendor response: 07.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1679897 Authors: Dmitry Chastukhin...
SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability
Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 09.12.2010 Vendor response:10.12.2010 Date of Public Advisory:15.09.2011 CVSS: 4.3 Author: Dmitriy Chastuchin...
SAP Crystal Reports 2008 — Directory Traversal
Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Directory Traversal File Read Exploits: YES Reported: 29.03.2010 Vendor response: 30.03.2010 Date of SAP Security Note Published: 08.10.2010 Date of Public Advisory:...
SAP HANA hdbxsengine JSON - DoS
Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: DoS Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: DoS Impact:...
Oracle Weblogic Application Server – Authorization bypass
Application: Oracle Weblogic Application Server Versions Affected: WebLogic Server 10.3.6.0/10.3.1.0, maybe others Vendor URL: http://www.oracle.com Bugs: Authorization bypass Exploits: YES Reported: 11.06.2014 Vendor response: 12.06.2014 Date of Public Advisory: 17.10.2014 Reference: Oracle CPU...
SAP NetWeaver Dispatcher Multiple Vulnerabilities - RCE, DoS
Application: SAP NetWeaver Dispatcher Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe 7000.52.12.34966 Vendor URL: http://www.sap.com Bugs: Buffer overflow CWE-119, Integer overflow CWE-190, Improper Input Validation CWE-20 CVSS: AV:N/AC:H/Au:S/C:C/I:C/A:C 7.1 Exploits: PoC Reported:...
SAP Portal webdynpro - information disclosure
Application: SAP NetWeaver J2EE 7.31 Vendor URL: SAP Bug: Information Disclosure Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2197262 Author: Alexander Polyakov VULNERABILITY INFORMATION Class: Information disclosure Impact:...
Oracle JVM gopher protocol - SSRF
Application: Oracle JVM Versions Affected: Oracle JVM Vendor URL: http://www.oracle.com Bugs: Security Bypass, SSRF Exploits: YES Reported: 16.07.2012 Vendor response: 18.07.2012 Date of Public Advisory: 23.10.2012 Reference: Oracle CPU October 2012 Authors: Alexander Polyakov ERPScan Description...
SAP NetWeaver J2EE MeSync – information disclose
Application: SAP NetWeaver Versions Affected: SAP NetWeaver MI 2 Vendor URL: http://www.sap.com Bugs:information disclosure Exploits: YES Reported: 29.07.2011 Vendor response:30.07.2011 Date of Public Advisory:11.11.2011 Author: Alexander Polyakov Description Attacker can get information about...
SAP NetWeaver EPS - Multiple missing auth check
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs:Auth bypass, directory traversal, smbrelay Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Date of Public Advisory: 17.06.2012 Author: Alexey Tyurin ERPScan Description A...
SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW)
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Command execution Exploits: YES Reported: 14.03.2011 Vendor response:16.03.2011 Date of Public Advisory:11.11.2011 CVSS: 6.0 Author: Alexey Tyurin Description THGREP report is vulnerable for command...
SAP NetWeaver Integration Directory — Multiple XSS
Application: SAP NetWeaver XI Versions Affected: SAP NetWeaver XI Vendor URL: Bugs: XSS Exploits: YES Reported: 09.06.2010 Vendor response: 10.06.2010 Date of Public Advisory: 09.03.2011 CVE-number: Author: Dmitriy Evdokimov Description SAP NetWeaver Integration Directory has multiple linked XSS...
SAP Crystal Reports 2008 — actionNavjsp_xss
Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 04.03.2010 Vendor response: 05.03.2010 Date of SAP Security Note Published: 08.10.2010 Date of Public Advisory:...
SAP NetWeaver Application Server (UDDI client) XSS Vulnerability
Application: SAP NetWeaver Application Server Java Versions Affected: Version 7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 18.03.2009 Vendor response: 19.03.2009 Date of Public Advisory: 11.08.2009 Reference: SAP Security Note 1322098 Author: Alexandr Polyakov Description SAP NetWeaver...
SAP SAPDB (WEB DBM) XSS Vulnerability
Application: SAPDB Versions Affected: Last Vendor URL: Bugs: XSS Exploits: YES Reported: 20.11.2008 Vendor response: 20.11.2008 Date of Public Advisory: 31.03.2009 Description SAP MaxDB Web Database engine which listens port 9999 has a Linked XSS security vulnerability. Business Risk An attacker...
SAP NetWeaver SDM - authentication bypass
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Auth Bypass Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPScan...
SAP NetWeaver Mobile - XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: XSS Exploits: no Reported: 10.02.2012 Vendor response: 10.03.2012 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1669031 Author: Alexander Polyakov ERPScan Description SAP NetWeaver...
SAP NetWeaver HTTP - Partial HTTP POST requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Alexey Tyurin ERPScan...
SAP NetWeaver Management Console (gSOAP) - Partial HTTP POST requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
SAP NetWeaver DIR error - XSS
Application: SAP NetWeaver Integration Repository Versions Affected: SAP NetWeaver Integration Repository Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2012 Vendor response: 14.07.2012 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1788080 CVSS:...
SAP XI - authentication bypass
Application: SAP NetWeaver XI Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 21.03.2011 Vendor response: 22.03.2011 Date of Public Advisory: 11.09.2012 Reference: SAP Security Note 1707494 Authors: Alexander Polyakov, Alexey Tyurin,...
Oracle Database 10g — Code Execution and SQL injection
Application: Oracle Database Versions Affected: Oracle Database 10g R1 Vendor URL: Bugs: SQL Injection,Buffer Owerflov Exploits: YES Reported: 18.12.2007 Vendor response: 20.12.2007 Date of Public Advisory: 16.01.2008 Author: Alexandr Polyakov Description Buffer overflow in...
SAP NetWeaver Message Server – DoS
Application: SAP NetWeaver Message Server Versions Affected: SAP KERNEL 7.20 32BIT Vendor URL: http://www.sap.com Bugs: Improper Input Validation Exploits: PoC Reported: 10.07.2013 Vendor response: 11.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1773912 Author: George...
SAP NetWeaver SDM Admin - DoS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPScan...
SAP NetWeaver J2EE Engine - Partial HTTP POST requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
SAP NetWeaver SOAP RFC - CSRF
Application: SAP BASIS Vendor URL: http://www.sap.com Bugs: CSRF Exploits: YES Reported: 12.03.2011 Vendor response:13.03.2011 Date of SAP Security Note published: 14.08.2012 Date of Public Advisory:13.11.2012 Reference: SAP Security Note 1728500 Author: Alexey Tyurin ERPScan Description It is...
SAP NetWeaver Internet Sales-Multiple XSS - 2
Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 08.04.2011 Vendor response: 10.04.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1584030 Author: Dmitriy Chastuchin ERPScan Description SAP NetWeaver Internet...
SAP Netweaver CCMS - XML External Entity
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1715040 Authors: Alexey Tyurin ERPScan...
SAP Netweaver ABAP - XML External Entity
Application: SAP NetWeaver ABAP Vendor URL: Bugs: XXE, Unauthorized access Risk: High Exploits: YES Reported: 13.05.2011 Vendor response: 17.05.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1594475 Author: Alexey Tyurin ERPScan Description SAP Netweaver...
SAP NetWeaver Workflow Modeler - Multiple XSS
Application: SAP NetWeaver Workflow Modeler Versions Affected: SAP NetWeaver NW2004s SP6 Workflow Modeler Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 06.08.2010 Vendor response: 07.08.2010 Date of Public Advisory: 12.02.2014 Reference: SAP Security Note 1860923 Author:...
SAP Crystal Reports 2008 — Multiple XSS
Application: SAP Crystal Report Server 2008 Versions Affected: AP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 06.08.2010 Vendor response: 07.08.2010 Date of Public Advisory: 09.03.2011 Author: Dmitriy Chastuhin Description...
Oracle Document Capture Actbar2.ocx — Insecure Method
Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: Insecure method, File overwriting Exploits: YES Reported: 22.03.2010 Vendor response: 31.03.2010 Date of Public Advisory: 24.01.2011 Author: Evdokimov Dmitriy Description ActiveX components...
SAP NetWeaver MMC - CSRF
Application: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: CSRF Exploits: YES Reported: 12.03.2012 Vendor response:13.03.2012 Date of Public Advisory:13.11.2012 Reference: SAP Security Note 1734986 Author: Alexey Tyurin ERPScan Description It is possible to execute commands in SAP system via...
SAP NetWeaver Business Communication Broker - multiple XSS
Application: SAP NetWeaver Vendor URL: Bugs: Multiple XSS Risk: High Exploits: YES Reported: 09.12.2011 Vendor response: 10.12.2011 Date of Public Advisory: 20.01.2012 Reference: SAP Security Note 1585652 Description SAP NetWeaver Business Communication Broker has multiple linked XSS vulnerabilie...
SAP NetWeaver servlet DataCollector - Multiple XSS
Application: SAP NetWeaver DataCollector Versions Affected: SAP NetWeaver DataCollector Vendor URL: Bugs: XSS E xploits: YES Reported: 30.07.2011 Vendor response: 02.08.2011 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1828801 CVSS: AV:N/AC:L/AU:S/C:C/I:N/A:N 6.8 Author: Dmitr...
SAP NetWeaver Mobile Infrastructure Web Console - XSS
Application: SAP NetWeaver 7.0 Versions Affected: SAP NetWeaver Mobile Infrastructure Web Console Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Date of Public Advisory: 30.06.2012 Reference: SAP Security Note 1590866 Author: Dmitriy...
SAP NetWeaver RWB - unauthorized access
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass Exploits: YES Reported: 15.02.2011 Vendor response:16.02.2011 Date of Public Advisory:20.01.2011 Author:Alexandr Polyakov Description Unauthorized access is possible to some Runtime Workben...
SAP NetWeaver JavaMailExamples - XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver JavaMailExamples Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 11.05.2010 Vendor response: 12.05.2010 Date of Public Advisory: 19.08.2011 Author: Dmitriy Evdokimov Description SAP Netweaver JavaMailExamples has linked X...
SAP NetWeaver MMR — Denail of Service
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.0 metamodel repository Vendor URL: Bugs: Denial of service Exploits: YES Reported: 15.02.2010 Vendor response: 15.02.2010 Date of Public Advisory: 09.11.2010 Author: Alexandr Polyakov Description SAP Netweaver Metamodel Repository can ...
SAP AS Java XSS in Enterprise Portal
Application: SAP NetWeaver AS Java Vendor URL: SAP Bugs: XSS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 09.05.2017 Reference: SAP Security Note 2412897 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: Account hijacking Remotely...
SAP Adaptive Server Enterprise - DoS vulnerability
Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: SAP Bug: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author: Vahgan Vardanyan ERPScan...
SAP HANA Application Lifecycle manager - CSRF token bypass (Verb tampering)
Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: CSRF token bypass Verb tampering Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 21.08.2014 Reference: SAP Security Note 2011169 Author: Dmitry Chastukhin ERPScan Description It ...
SAP NetWeaver J2EE Engine - Partial HTTP requests DoS
Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Igor Ilyin, Alexey...
SAP GRMGApp - XXE and authentication bypass
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass, XXE Exploits: YES Reported: 13.07.2012 Vendor response: 14.07.2012 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 28.01.2013 Reference: SAP Security Not...
SAP NetWeaver Solution Manager - Missing Authorization Check & Information Disclosure
Application: SAP NetWeaver Solution Manager Versions Affected: SAP NetWeaver Solution Manager Vendor URL: http://www.sap.com Bugs: Missing Authorization Check & Information Disclosure Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note...