| CVE-2015-7241 |
critical |
9.8 |
10.0 |
EXP |
|
sap |
9y ago |
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. |
| CVE-2016-6256 |
critical |
9.6 |
10.0 |
EXP |
|
sap |
9y ago |
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i… |
| CVE-2017-8852 |
high |
7.8 |
8.8 |
EXP |
|
sap |
9y ago |
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of da… |
| CVE-2016-10079 |
high |
7.5 |
8.5 |
EXP |
|
sap |
10y ago |
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. |
| CVE-2016-3974 |
critical |
9.1 |
10.0 |
EXP |
|
sap |
10y ago |
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access… |
| CVE-2016-2389 |
high |
7.5 |
8.5 |
EXP |
|
sap |
10y ago |
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitra… |
| CVE-2015-7986 |
high |
— |
8.5 |
EXP |
|
sap |
11y ago |
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 21… |
| CVE-2012-2611 |
critical |
— |
10.0 |
EXP |
|
sap |
14y ago |
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace config… |
| CVE-2010-2590 |
critical |
— |
10.0 |
EXP |
|
sap |
16y ago |
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute… |
| CVE-2010-0219 |
critical |
— |
10.0 |
EXP |
|
apachesap |
16y ago |
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier … |
| CVE-2009-4988 |
critical |
— |
10.0 |
EXP |
|
sap |
16y ago |
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. |
| CVE-2010-1185 |
critical |
— |
10.0 |
EXP |
|
sap |
16y ago |
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to T… |
