Searching sap software vulnerabilities

lserver in SAP DB 7.3 and earlier uses the curr

privileges | lserversrv | directory | malicious | execute | symlink | program | current | earlier | lserver | working | allows | called | users | which | local | uses | find | gain | has | SAP |

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.


SAP R/3 2.0B to 4.6D installs several clients w

privileges | passwords | attackers | installs | clients | default | several | remote | allows | which | users | gain | SAP | via | 46D | 20B | R/3 |

SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts.


The default installation of SAP R/3, when using

installation | SQL*net | default | Oracle | using | SAP | R/3 |

The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.


SAP GUI (Sapgui) 4.6D allows remote attackers t

GUI | SAP |

SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.


Race condition in SDBINST for SAP database 7.3.

condition | database | SDBINST | Race | SAP |

Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.


Directory traversal vulnerability in wgate.dll

vulnerability | Transaction | Directory | traversal | Internet | wgatedll | Server | SAP |

Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.


eo420_GetStringFromVarPart in veo420.c for SAP

eo420_GetStringFromVarPart | database | veo420c | server | SAP |

eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.


web-tools in SAP DB before 7.4.03.30 allows rem

web-tools | before | SAP |

web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.


The Web Database Manager in web-tools for SAP D

web-tools | Database | Manager | before | SAP | Web |

The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.


Format string vulnerability in the WGate compon

vulnerability | Transaction | component | Internet | Format | Server | string | WGate | SAP |

Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."


HTTP response splitting vulnerability in frames

vulnerability | framesethtm | Application | splitting | response | Server | HTTP | SAP | Web |

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.


frameset.htm in the BSP runtime in SAP Web Appl

Application | framesethtm | runtime | Server | Web | BSP | SAP |

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.


Directory traversal vulnerability in SAP Busine

vulnerability | Connector | Directory | traversal | Business | SAP |

Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means.


SAP allows remote attackers to obtain potential

RFC_SYSTEM_INFO | RfcCallReceive | CVE-2003-0747 | vulnerability | information | potentially | different | operating | sensitive | attackers | version | request | allows | remote | system | obtain | than | such | SAP | via |

SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.


Cross-site scripting (XSS) vulnerability in SAP

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.


Multiple unspecified vulnerabilities in ActiveX

vulnerabilities | unspecified | attackers | EnjoySAP | controls | Multiple | service | ActiveX | remote | denial | cause | allow | SAP | GUI |

Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.


Multiple unspecified vulnerabilities in ActiveX

vulnerabilities | unspecified | attackers | EnjoySAP | controls | Multiple | certain | vectors | ActiveX | create | remote | files | allow | via | SAP | GUI |

Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.


Internet Communication Manager (aka ICMAN.exe o

Communication | Internet | Manager |

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.


Software vulnerabilities results 1 to 20 of 62     
Page: 1234