Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
Max CVSS
10.0
EPSS Score
0.75%
Published
2006-05-23
Updated
2018-10-18
Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134.
Max CVSS
10.0
EPSS Score
4.07%
Published
2006-12-07
Updated
2018-10-17
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Max CVSS
10.0
EPSS Score
13.90%
Published
2007-04-10
Updated
2021-09-22
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Max CVSS
10.0
EPSS Score
13.90%
Published
2007-04-10
Updated
2021-09-22
Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.
Max CVSS
10.0
EPSS Score
87.81%
Published
2007-07-09
Updated
2017-07-29

CVE-2008-0244

Public exploit
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
Max CVSS
10.0
EPSS Score
96.80%
Published
2008-01-12
Updated
2018-10-15
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.
Max CVSS
10.0
EPSS Score
5.82%
Published
2008-02-06
Updated
2018-10-15
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
0.23%
Published
2009-09-24
Updated
2011-12-20
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
1.11%
Published
2009-09-24
Updated
2009-09-28

CVE-2009-4988

Public exploit
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.
Max CVSS
10.0
EPSS Score
92.35%
Published
2010-08-25
Updated
2018-10-10

CVE-2010-0219

Public exploit
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
Max CVSS
10.0
EPSS Score
97.51%
Published
2010-10-18
Updated
2018-10-10
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
46.45%
Published
2010-03-29
Updated
2018-10-10
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
11.67%
Published
2010-08-17
Updated
2018-10-10

CVE-2010-5326

Known exploited
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack.
Max CVSS
10.0
EPSS Score
13.58%
Published
2016-05-13
Updated
2021-04-20
CISA KEV Added
2021-11-03
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
Max CVSS
10.0
EPSS Score
5.67%
Published
2012-08-15
Updated
2022-10-06
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
Max CVSS
10.0
EPSS Score
92.07%
Published
2020-01-23
Updated
2020-01-31
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
Max CVSS
10.0
EPSS Score
0.57%
Published
2013-11-20
Updated
2018-12-10
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
Max CVSS
10.0
EPSS Score
0.37%
Published
2013-12-13
Updated
2018-12-10
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.60%
Published
2014-11-06
Updated
2014-11-07
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
2.03%
Published
2014-11-06
Updated
2014-11-07
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
Max CVSS
10.0
EPSS Score
0.79%
Published
2014-12-17
Updated
2018-10-09
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
10.0
EPSS Score
0.60%
Published
2015-01-22
Updated
2023-12-21
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
Max CVSS
10.0
EPSS Score
0.77%
Published
2015-10-15
Updated
2015-10-16
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.
Max CVSS
10.0
EPSS Score
6.44%
Published
2015-11-10
Updated
2015-11-12
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
Max CVSS
10.0
EPSS Score
0.78%
Published
2016-09-27
Updated
2016-09-28
183 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!