Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ErpscanRecent
RecentMost viewed

291 matches found

erpscan
erpscanadded 2010/03/09 12:0 a.m.20 views

[ZDI-10-290] SAP NetWeaver Business Client SapThemeRepository ActiveX Control Remote Code Execution Vulnerability

Application: SAP NetWeaver, TippingPoint™ IPS Customer Protection Versions Affected: Vendor URL: Bugs: Reported: 03.09.2010 Vendor response: Date of Public Advisory: 14.12.2010 Author: Alexandr Polyakov, Alexey Sintsov Description This vulnerability allows remote attackers to execute arbitrary co...

0.5AI score
Exploits0
erpscan
erpscanadded 2010/02/15 12:0 a.m.20 views

SAP NetWeaver MMR — Denail of Service

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.0 metamodel repository Vendor URL: Bugs: Denial of service Exploits: YES Reported: 15.02.2010 Vendor response: 15.02.2010 Date of Public Advisory: 09.11.2010 Author: Alexandr Polyakov Description SAP Netweaver Metamodel Repository can ...

1.9AI score
Exploits0
erpscan
erpscanadded 2010/01/29 12:0 a.m.63 views

Oracle Document Capture ImportBodyText — read files

Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL: Oracle Bugs: Unsecure READ method Exploits: YES Reported: 29.01.2010 Second report: 02.02.2010 Date of Public Advisory: 24.01.2010 CVE-number:CVE-2010-3595 Author: Alexey Sintsov Description EasyMail ActiveX Control...

7.8CVSS1.5AI score0.28808EPSS
Exploits5
erpscan
erpscanadded 2010/01/25 12:0 a.m.40 views

SAP NetWeaver ISpeak — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine Ispeak Application Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 25.01.2010 Vendor response: 26.01.2010 Date of Public Advisory: 0.07.2011 CVSS: 4.3 Author:Dmitriy Evdokimov Description SAP NetWeaver Ispeak...

6.1AI score
Exploits0
erpscan
erpscanadded 2010/01/25 12:0 a.m.14 views

SAP NetWeaver ExchangeProfile — XSS

Application: SAP NetWeaver Versions Affected:SAP NetWeaver SLD ExchangeProfile application 6.40-7.30 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexandr Polyakov...

6.1AI score
Exploits0
erpscan
erpscanadded 2010/01/25 12:0 a.m.16 views

SAP NetWeaver MessagingServer — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Messaging system from 7.10-7.30 Vendor URL: http://www.sap.com Bugs: Linked XSS and Stored XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of Public Advisory: 12.04.2011 Author: Alexandr Polyakov Description...

6AI score
Exploits0
erpscan
erpscanadded 2010/01/25 12:0 a.m.17 views

SAP NetWaver JPR Proxy Server — Multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver JPR Proxy Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Dmitriy Evdokimov Description SAP NetWeaver...

6.1AI score
Exploits0
erpscan
erpscanadded 2010/01/25 12:0 a.m.53 views

SAP NetWeaver XI SOAP Adapter — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver XI SOAP Adapter 3.0-7.11 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of Public Advisory: 09.03.2011 CVE-number: Author: Dmitriy Evdokimov Description SAP Netweaver 70 application XI SOAP...

6.1AI score
Exploits0
erpscan
erpscanadded 2010/01/04 12:0 a.m.16 views

SAP NetWaver Virus Scan Interface - multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 01.04.2010 Vendor response:08.04.2010 Date of Public Advisory:11.11.2011 CVSS:4.3 Author: Dmitriy Evdokimov Description SAP Netweaver Virus Scan Interfa...

6.6AI score
Exploits0
erpscan
erpscanadded 2010/01/04 12:0 a.m.11 views

SAP NetWeaver Component Build Service — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver JDI 6.4 SP23-26 Vendor URL: Bugs: XSS Exploits: YES Reported: 01.04.2010 Vendor response: 02.04.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Dmitriy Evdokimov Description SAP NetWeaver...

6.1AI score
Exploits0
erpscan
erpscanadded 2010/01/04 12:0 a.m.28 views

SAP NetWeaver performanceProvierRoot - XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Information disclose Exploits: YES Reported: 01.04.2010 Vendor response: 08.04.2010 Date of Public Advisory: 17.06.2011 CVSS: 5.0 Author:Dmitriy Chastuhin Description SAP NetWeaver...

6.1AI score
Exploits0
erpscan
erpscanadded 2009/12/16 12:0 a.m.18 views

SAP RFC SDK — Memory Corruption

Application: RFC SDK SAP AG Versions Affected: RFC SDK 6400-7.20 and SAP GUI 7.10-7.20 Vendor URL: Bugs: Buffer Overflow Exploits: YES Reported: 16.12.2009 Vendor response: 16.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov...

1.1AI score
Exploits0
erpscan
erpscanadded 2009/12/15 12:0 a.m.17 views

SAP RFC SDK — Format String

Application: RFC SDK SAP AG Versions Affected: RFC SDK 6.40 7.11 Vendor URL: Bugs: Format String Vulnerability Exploits: YES Reported: 15.12.2009 Vendor response: 18.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov Description SAP...

0.6AI score
Exploits0
erpscan
erpscanadded 2009/12/14 12:0 a.m.110 views

Oracle Document Capture ActiveX — Insecure method, buffer overflow

Application: Oracle Document Capture Versions Affected: Oracle Document Capture 10.1.3.5 Vendor URL: Bugs: Insecure method. Buffer overflow. Exploits: YES Reported: 14.12.2009 Vendor response: 15.12.2009 Date of Public Advisory: 24.01.2011 CVE-number: CVE-2010-3599 Author: Alexandr Polyakov...

9.4CVSS0.3AI score0.31379EPSS
Exploits5
erpscan
erpscanadded 2009/12/14 12:0 a.m.17 views

SAP NetWaver SLD — Multiple XSS

Application: SAP NetWeaver SLD Versions Affected: 6.4-7.02 Vendor URL: Bugs: XSS Exploits: YES Reported: 14.12.2009 Vendor response: 15.12.2009 Last response: 06.05.2010 Date of Public Advisory: 13.07.2010 Author: Alexander Polyakov and Alexey Troshichev Description SAP NetWeaver System has...

6.4AI score
Exploits0
erpscan
erpscanadded 2009/12/14 12:0 a.m.9 views

SAP NetWeaver DTR — Multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Design Time Repository 6.4-7.2 Vendor URL: Bugs: XSS Exploits: YES Reported: 14.12.2009 Vendor response: 14.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexander Polyakov and Alexey...

6.1AI score
Exploits0
erpscan
erpscanadded 2009/12/01 12:0 a.m.9 views

SAP Cfolders Multiple Linked XSS Vulnerabilities

Application: SAP Cfolders SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms collaboration rooms Vendor URL: Bugs: Multiple Liked XSS Risk: High Exploits: YES Reported: 12.01.2009 Vendor response: 13.01.2009 patched: 21.01.2009 Date of Public Advisory: 21.04.2009 Reference: SAP...

0.1AI score
Exploits0
erpscan
erpscanadded 2009/10/16 12:0 a.m.14 views

SAP GUI 7.1 — Insecure Method, Code execution

Application: SAP GUI Versions Affected: SAP GUI SAP GUI 7.1 Vendor URL: Bugs: Insecure method, Code Execution Exploits: YES Reported: 16.10.2009 Vendor response: 27.10.2009 Date of Public Advisory: 23.03.2010 Author: Sintsov Alexey Description Insecure method was founded in SAPBExCommonResources...

0.8AI score
Exploits0
erpscan
erpscanadded 2009/07/09 12:0 a.m.11 views

SAP Netweaver SQL Monitors — Multiple XSS

Application: SAP Netweaver Administrator panel Versions Affected: SAP Netweaver Administrator panel from ECC 6.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 07.09.2009 Vendor response: 08.09.2009 Date of Public Advisory: 09.11.2010 Author: Alexandr Polyakov and Alexey Troshichev Description Ope...

6.7AI score
Exploits0
erpscan
erpscanadded 2009/06/26 12:0 a.m.112 views

Oracle BI help page - XSS

Application: Oracle Business Intelligence Versions Affected: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Vendor URL: http://www.oracle.com Bugs: XSS/phishing credentials Exploits: YES Reported: 26.06.2009 Vendor response: 27.06.2009 Last response: 30.06.2009 Patched: 16.10.2012 Dat...

4.3CVSS5.4AI score0.00442EPSS
Exploits0
erpscan
erpscanadded 2009/05/26 12:0 a.m.16 views

SAP Netweaver wsnavigator — XSS Security Vulnerability

Application: SAP Netweaver Versions Affected: Version 6.4-7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 26.05.2009 Vendor response: 27.05.2009 Date of Public Advisory: 13.07.2010 Author: Alexander Polyakov Description SAP Netweaver system has linked XSS security vulnerability in wsnavigator...

Exploits0
erpscan
erpscanadded 2009/04/20 12:0 a.m.47 views

Oracle BI — WB_OLAP_AW_REMOVE_SOLVE_ID - privilege escalation

Application: Oracle BI Versions Affected: Oracle BI Oracle Warehouse Builder 10.2.0.5, 11.1.0.7 Vendor URL: http://oracle.com Bugs: PL/SQL Injection, privilege escalation Exploits: YES Reported: 20.04.2009 Vendor response: 22.04.2009 Last response: 12.04.2011 Date of Public Advisory: 16.06.2011...

6.5CVSS1.3AI score0.00509EPSS
Exploits4
erpscan
erpscanadded 2009/04/20 12:0 a.m.42 views

Oracle BI — WB_OLAP_AW_SET_SOLVE_ID - privilege escalation

Application: Oracle BI Versions Affected: Oracle BI Oracle Warehouse Builder 10.2.0.5, 11.1.0.7 Vendor URL: http://oracle.com Bugs: PL/SQL Injection, privilege escalation Exploits: YES Reported: 20.04.2009 Vendor response: 22.04.2009 Last response: 12.04.2011 Date of Public Advisory: 24.05.2011...

6.5CVSS1.3AI score0.00375EPSS
Exploits0
erpscan
erpscanadded 2009/03/18 12:0 a.m.92 views

Oracle Application Server — Linked XSS vulnerability

Application: Oracle BPEL Console version 10.1.3.3.0 Versions Affected: Oracle BPEL Console version 10.1.3.3.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 18.03.2009 Vendor response: 19.03.2009 Date of Public Advisory: 20.10.2010 CVE: CVE-2010-3581 Author: Alexandr Polyakov Description XSS in...

3.5CVSS5.3AI score0.0534EPSS
Exploits1
erpscan
erpscanadded 2009/03/18 12:0 a.m.21 views

SAP NetWeaver Application Server (UDDI client) XSS Vulnerability

Application: SAP NetWeaver Application Server Java Versions Affected: Version 7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 18.03.2009 Vendor response: 19.03.2009 Date of Public Advisory: 11.08.2009 Reference: SAP Security Note 1322098 Author: Alexandr Polyakov Description SAP NetWeaver...

6.2AI score
Exploits0
erpscan
erpscanadded 2009/03/18 12:0 a.m.13 views

Oracle BEA Weblogic — Linked ХSS vulnerability

Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: Bugs:Linked XSS Vulnerability Exploits:YES Reported:18.03.2009 Vendor response:19.03.2009 Description: XSS in Search Date of Public Advisory: 16.07.2009 Author: Alexandr Polyakov Description A linked XSS...

Exploits0
erpscan
erpscanadded 2009/03/03 12:0 a.m.61 views

Oracle BI Publisher — Response Splitting

Application: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Versions Affected: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Vendor URL: Bugs: Response Splitting, XSS, Phishing credentials Exploits: YES Reported: 03.03.2009 Vendor response: 04.03.2009 Last response:...

4.3CVSS5.4AI score0.0042EPSS
Exploits1
erpscan
erpscanadded 2009/02/07 12:0 a.m.12 views

SAP GUI 7.1 WebViewer2D ActiveX — Insecure Methods

Application: EAI WebViewer2D EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected:Tested on 7100.2.7.1038 PL 7 Vendor URL: Bugs: Insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Date of Public Advisory: 28.09.2009 Author: Alexandr Polyakov...

0.3AI score
Exploits0
erpscan
erpscanadded 2009/02/07 12:0 a.m.14 views

SAP GUI 7.1 WebViewer3D ActiveX — Insecure Methods

Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: Bugs: Insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Date of Public Advisory: 28.09.2009 Author: Alexandr Polyakov Description SAP G...

0.3AI score
Exploits0
erpscan
erpscanadded 2009/01/21 12:0 a.m.16 views

Oracle Application Server - multiple security vulnerabilities

Application: Oracle Application Server Versions Affected: Oracle Application Server 10.1.2.0.2 Vendor URL: http://oracle.com Bugs: Response Splitting XSS Exploits: YES Reported: 21.01.2009 Vendor response: 23.01.2009 Date of Public Advisory: 22.02.2012 Author: Alexandr Polyakov Description Oracle...

0.1AI score
Exploits0
erpscan
erpscanadded 2009/01/21 12:0 a.m.127 views

Oracle Secure Enterprise Search 10.1.8 Linked XSS Vulnerability

Application: Oracle Secure Enterprise Search SES Versions Affected: Oracle Secure Enterprise Search SES version 10.1.8.2.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 21.01.2009 Vendor response: 23.01.2009 Date of Public Advisory: 16.07.2009 CVE: CVE-2009-1968 Description: XSS IN search query...

4.3CVSS5.2AI score0.31825EPSS
Exploits1
erpscan
erpscanadded 2008/11/26 12:0 a.m.16 views

SAP GUI vsflexGrid ActiveX — Buffer Overflow vulnerability

Application: SAP GUI VSFlexGrid.VSFlexGridL Part of SAP GUI, SAP BO 2005, SAP BO 2007 Versions Affected: SAP GUI VSFlexGrid Activex Control SP=14 Vendor URL: http://sap.com” Bugs: Buffer Overflow Exploits: YES Reported: 26.11.2008 Vendor response: 27.11.2008 Date of Public Advisory: 06.10.2009...

0.2AI score
Exploits0
erpscan
erpscanadded 2008/11/20 12:0 a.m.22 views

SAP SAPDB (WEB DBM) XSS Vulnerability

Application: SAPDB Versions Affected: Last Vendor URL: Bugs: XSS Exploits: YES Reported: 20.11.2008 Vendor response: 20.11.2008 Date of Public Advisory: 31.03.2009 Description SAP MaxDB Web Database engine which listens port 9999 has a Linked XSS security vulnerability. Business Risk An attacker...

6.3AI score
Exploits0
erpscan
erpscanadded 2008/11/17 12:0 a.m.26 views

Oracle Database 11g — EXFSYS PL/SQL injection vulnerability

Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of Public Advisory: 13.01.2009 Author: Alexandr Polyakov Description...

0.9AI score
Exploits0
erpscan
erpscanadded 2008/11/13 12:0 a.m.35 views

SAP GUI 6.4 Buffer Overflow Vulnerability

Application: EnjoySAP, SAP GUI for Windows Versions Affected: Version 6.4 Vendor URL: Bugs: Buffer Overflow Exploits: YES Reported: 13.11.2008 Vendor response: 17.11.2008 Date of Public Advisory: 08.06.2009 Author: Alexandr Polyakov Description SAP GUI for Windows version 6.4 contains ActiveX...

1.5AI score
Exploits0
erpscan
erpscanadded 2008/10/01 12:0 a.m.33 views

Oracle Application Server (SOA) — Linked XSS vulnerability

Application:Oracle Application ServerSOA Versions Affected:Oracle Application ServerSOA version 10.1.3.1.0 Vendor URL: http://oracle.com Bugs:Multiple XSS Exploits: YES Reported: 10.01.2008 Vendor response:11.01.2008 Date of Public Advisory:13.01.2009 CVE: CVE-2008-4014 Description: XSS IN...

5.5CVSS0.2AI score0.00247EPSS
Exploits1
erpscan
erpscanadded 2008/07/16 12:0 a.m.14 views

Oracle BEA Weblogic 10 — Multiple Linked ХSS vulnerabilities

Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response: 30.10.2008 Description: Review Service sample of WebLogic Server. Date of Public...

0.1AI score
Exploits0
erpscan
erpscanadded 2008/04/12 12:0 a.m.14 views

SAP Cfolders Multiple Stored XSS Vulnerabilies

Application: SAP Cfolders included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms Vendor URL: Bugs: Multiple Stored XSS Risk: High Exploits: YES Reported: 04.12.2008 Vendor response: 05.12.2008 Vulnerability patched: 15.12.2008 Date of Public Advisory: 21.04.2009 Referenc...

Exploits0
erpscan
erpscanadded 2008/01/29 12:0 a.m.31 views

Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection

Application: Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: Bugs: PL/SQL Injections Exploits: YES Reported: 29.01.2008 Vendor response: 31.01.2008 CVE: CVE-2009-1991 SVSS2: 3.6 Date of Public Advisory: 26.10.2009 Solution: YES Non official Author:...

3.6CVSS0.8AI score0.00761EPSS
Exploits0
erpscan
erpscanadded 2008/01/25 12:0 a.m.30 views

SAP Netviewer 7.0 — XSS Security Vulnerability

Application: SAP Web Application Server, Web Dynpro ABAP and for BSP Versions Affected: Version 7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 CVE number: 2008-2421 Description: XSS IN BPELCONSOLE/DEFAULT/ACTIVITIES.JSP...

Exploits0
erpscan
erpscanadded 2007/12/18 12:0 a.m.22 views

Oracle Database 10g — Code Execution and SQL injection

Application: Oracle Database Versions Affected: Oracle Database 10g R1 Vendor URL: Bugs: SQL Injection,Buffer Owerflov Exploits: YES Reported: 18.12.2007 Vendor response: 20.12.2007 Date of Public Advisory: 16.01.2008 Author: Alexandr Polyakov Description Buffer overflow in...

2.9AI score
Exploits0
Total number of security vulnerabilities291