Filtered by vendor Sap
Subscriptions
Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6346 | 1 Sap | 1 Internet Graphics Server | 2025-04-09 | N/A |
| Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134. | ||||
| CVE-2007-3607 | 1 Sap | 1 Enjoysap | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors. | ||||
| CVE-2009-2932 | 1 Sap | 1 Netweaver | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. | ||||
| CVE-2008-0620 | 1 Sap | 3 Sapgui, Saplpd, Sapsprint | 2025-04-09 | N/A |
| SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. | ||||
| CVE-2006-5114 | 1 Sap | 1 Internet Transaction Server | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. | ||||
| CVE-2009-3346 | 1 Sap | 1 Crystal Reports Server | 2025-04-09 | N/A |
| Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-4603 | 1 Sap | 3 Sap Kernel, Sap Netweaver, Sap Web Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6010 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | N/A |
| SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. | ||||
| CVE-2008-0621 | 1 Sap | 3 Sapgui, Saplpd, Sapsprint | 2025-04-09 | N/A |
| Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. | ||||
| CVE-2006-5784 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. | ||||
| CVE-2008-1846 | 1 Sap | 1 Netweaver | 2025-04-09 | N/A |
| The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. | ||||
| CVE-2006-7220 | 1 Sap | 2 Saplpd, Sapsprint | 2025-04-09 | N/A |
| Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3624 | 1 Sap | 1 Sap Message Server | 2025-04-09 | N/A |
| Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. | ||||
| CVE-2008-4387 | 3 Microsoft, Sap, Simba Technologies | 3 Internet Explorer, Sapgui, Mdrmsap Activex Control | 2025-04-09 | N/A |
| Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. | ||||
| CVE-2006-6011 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. | ||||
| CVE-2007-3496 | 1 Sap | 4 Netweaver Nw04, Netweaver Nw04s, Sap Basis Component 640 and 1 more | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||
| CVE-2007-3608 | 1 Sap | 1 Enjoysap | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. | ||||
| CVE-2008-0306 | 1 Sap | 1 Maxdb | 2025-04-09 | N/A |
| sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. | ||||
| CVE-2007-3605 | 1 Sap | 1 Enjoysap | 2025-04-09 | N/A |
| Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function. | ||||
| CVE-2008-0244 | 1 Sap | 1 Maxdb | 2025-04-09 | N/A |
| SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. | ||||