Page 21 of 108 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la función SRTT_GET_COUNT_BEFORE_KEY_RFC en SAP NetWeaver 7.30 que permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55736 http://www.securitytracker.com/id/1029352 https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection https://service.sap.com/sap/support/notes/1783795 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55620 https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe https://service.sap.com/sap/support/notes/1890819 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos arbitrarios y directorios a través de un documento XML que contiene una declaración de entidad externa en combinación con un referencia de la entidad, en relación con una cuestión entidad externa XML (XXE). • http://en.securitylab.ru/lab/PT-2013-13 http://osvdb.org/98892 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55302 http://www.securityfocus.com/bid/63302 https://service.sap.com/sap/support/notes/1820894 •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de recorrido de directorios en SAP NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados • http://en.securitylab.ru/lab/PT-2012-24 http://osvdb.org/97350 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/54809 http://www.securityfocus.com/bid/62391 https://exchange.xforce.ibmcloud.com/vulnerabilities/87121 https://websmp230.sap-ag.de/sap/support/notes/1779578 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." Vulnerabilidad de inyección SQL en SAP NetWeaver 7.30 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar, relacionado con "ABAD0_DELETE_DERIVATION_TABLE." • http://osvdb.org/96900 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/54702 http://www.securityfocus.com/bid/62147 http://www.securitytracker.com/id/1029018 https://erpscan.io/advisories/dsecrg-13-016-sap-netweaver-abad0_delete_derivation_table https://service.sap.com/sap/support/notes/1840249 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •