Search Results (1700 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8661 1 Sap 1 Customer Relationship Management Internet Sales 2025-04-12 N/A
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-4160 1 Sap 1 Netweaver Business Client 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.
CVE-2014-4161 1 Sap 1 Supplier Relationship Management 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2015-7729 1 Sap 1 Hana 2025-04-12 N/A
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.
CVE-2015-8029 1 Sap 1 3d Visual Enterprise Viewer 2025-04-12 N/A
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
CVE-2015-1309 1 Sap 1 Netweaver Abap 2025-04-12 N/A
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
CVE-2014-4006 1 Sap 1 Oil Industry Solution Traders And Schedulers Workbench 2025-04-12 N/A
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-8028 1 Sap 1 3d Visual Enterprise Viewer 2025-04-12 N/A
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
CVE-2014-4007 1 Sap 1 Upgrade Tools 2025-04-12 N/A
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-8589 1 Sap 1 Network Interface Router 2025-04-12 N/A
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
CVE-2014-4008 1 Sap 1 Web Services Tool 2025-04-12 N/A
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-8308 1 Sap 1 Businessobjects 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7992 1 Sap 1 Hana 2025-04-12 N/A
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928.
CVE-2014-8311 1 Sap 1 Businessobjects 2025-04-12 N/A
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVE-2014-3787 1 Sap 1 Netweaver 2025-04-12 N/A
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
CVE-2015-2075 1 Sap 1 Businessobjects Edge 2025-04-12 N/A
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
CVE-2015-7728 1 Sap 1 Hana 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.
CVE-2015-7727 1 Sap 1 Hana 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
CVE-2014-4010 1 Sap 1 Transaction Data Pool 2025-04-12 N/A
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2016-9562 1 Sap 1 Netweaver Application Server Java 2025-04-12 7.5 High
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.