8 matches found
CVE-2007-1913
The CVE-2007-1913 entry pertains to SAP RFC Library 6.40 and 7.00 before 20061211. It describes an information-disclosure vulnerability in the TRUSTED_SYSTEM_SECURITY function that could allow remote attackers to verify the existence of users and groups on systems and domains via unspecified vect...
CVE-2007-1914
SAP RFC Library 6.40 and 7.00 prior to 20061211 contains a vulnerability in the RFC_START_PROGRAM function that allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors. This is a separate issue from CVE-2006-6010. Affected versions ...
CVE-2007-1916
CVE-2007-1916: SAP RFC Library (versions 6.40 and 7.00 prior to 20061211) contains a buffer overflow in the RFC_START_GUI function. This allows remote code execution via unspecified vectors; exact exploit details and affected inputs are not disclosed in the provided documents. The issue is docume...
CVE-2007-1918
The CVE-2007-1918 issue affects SAP RFC Library 6.40 and 7.00 prior to 20070109, where the RFC_SET_REG_SERVER_PROPERTY function provides an option for exclusive access to an RFC server. This design allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. The ...
CVE-2015-2282
CVE-2015-2282 is a stack-based buffer overflow in SAP’s LZC/LZH decompression code used across SAP MaxDB 7.5/7.6, NetWeaver AS ABAP/Java, RFC/GUI SDKs, SAPCAR, and related tools. The flaw (CsObjectInt::CsDecomprLZC and related LZH handling) can cause denial of service (crash) and may allow arbitr...
CVE-2015-2278
CVE-2015-2278 and CVE-2015-2282 affect SAP products via the LZH/LZC decompression paths. The root causes are in the LZH BuildHufTree function (vpa108csulzh.cpp) and the LZC decompression logic (vpa106cslzc.cpp), where attacker-controlled indices can trigger out-of-bounds reads/writes. Affected so...
CVE-2007-1917
The CVE-2007-1917 entry concerns the SAP RFC Library (versions 6.40 and 7.00 prior to 20061211). The documented vulnerability is a buffer overflow in the SYSTEM_CREATE_INSTANCE function, which could allow remote attackers to execute arbitrary code via unspecified vectors. In the provided connecte...
CVE-2007-1915
CVE-2007-1915 concerns a buffer overflow in SAP RFC Library (versions 6.40 and 7.00 prior to 20061211) within the RFC_START_PROGRAM function. Reported as allowing remote attackers to execute arbitrary code via unspecified vectors. The description notes this information stems from a vague initial ...