Vulnerabilities (CVE)

Vendor filter

Sap Subscribe

Filter

601 total CVE
CVE Vendors Products Updated CVSS
CVE-2012-2611 1 Sap 1 Netweaver 2012-08-19 9.3
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to...
CVE-2012-1292 1 Sap 1 Netweaver 2012-02-27 5.0
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.
CVE-2012-1291 1 Sap 1 Netweaver 2012-02-24 5.0
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the...
CVE-2012-1290 1 Sap 1 Netweaver 2012-02-24 4.3
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.
CVE-2009-3345 1 Sap 1 Crystal Reports Server 2011-12-20 10.0
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable...
CVE-2010-3983 1 Sap 1 Businessobjects 2010-11-03 9.0
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
CVE-2010-3981 1 Sap 1 Businessobjects 2010-11-03 4.3
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
CVE-2010-3980 1 Sap 1 Businessobjects 2010-10-19 4.0
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the...
CVE-2010-3979 1 Sap 1 Businessobjects 2010-10-19 5.0
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the...
CVE-2009-4603 1 Sap 1 Sap Kernel 2010-01-13 5.0
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management...
CVE-2009-3346 1 Sap 1 Crystal Reports Server 2009-09-28 10.0
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this...
CVE-2009-3344 1 Sap 1 Crystal Reports Server 2009-09-28 5.0
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. ...
CVE-2006-7220 1 Sap 2 Saplpd, Sapsprint 2008-09-05 7.8
Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely...
CVE-2005-1691 1 Sap 1 Sap R 3 2008-09-05 5.0
Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.
CVE-2003-0944 1 Sap 1 Sap Db 2008-09-05 7.5
Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI.
CVE-2003-0943 1 Sap 1 Sap Db 2008-09-05 7.5
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL...
CVE-2003-0942 1 Sap 1 Sap Db 2008-09-05 7.5
Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa.
CVE-2003-0941 1 Sap 1 Sap Db 2008-09-05 7.5
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.
CVE-2003-0940 1 Sap 1 Sap Db 2008-09-05 5.0
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
CVE-2003-0939 1 Sap 1 Sap Db 2008-09-05 7.5
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port...