CVE-2015-7828
https://notcve.org/view.php?id=CVE-2015-7828
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583. SAP HANA Database 1.00 SPS10 y anteriores no requiere autenticación, lo que permite a atacantes remotos ejecutar código arbitrario o tener otro impacto no especificado a través de un paquete TrexNet al método (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop o (17) pythonexec, también conocida como SAP Security Note 2165583. • http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html http://seclists.org/fulldisclosure/2015/Nov/36 https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition • CWE-20: Improper Input Validation •
CVE-2015-7986 – SAP HANA 1.00.095 - hdbindexserver Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7986
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. El servidor index (hdbindexserver) en SAP HANA 1.00.095 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una petición HTTP, también conocida como SAP Security Note 2197428. • https://www.exploit-db.com/exploits/39382 http://packetstormsecurity.com/files/135416/SAP-HANA-hdbindexserver-Memory-Corruption.html http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review http://seclists.org/fulldisclosure/2016/Jan/94 http://www.securityfocus.com/archive/1/537376/100/0/threaded https://erpscan.io/advisories/erpscan-15-024-sap-hana-hdbindexserver-memory-corruption • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7728
https://notcve.org/view.php?id=CVE-2015-7728
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. Vulnerabilidad de XSS en la creación de usuario en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de usuario, también conocida como SAP Security Note 2153898. • http://seclists.org/fulldisclosure/2015/Sep/116 https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition https://www.onapsis.com/research/security-advisories/sap-hana-xss-user-creation-through-web-based-development • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7727
https://notcve.org/view.php?id=CVE-2015-7727
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898. Múltiples vulnerabilidades de inyección SQL en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados en la (1) página trace configuration o (2) función getSqlTraceConfiguration, también conocidas como SAP Security Note 2153898. • http://packetstormsecurity.com/files/133766/SAP-HANA-Trace-Configuration-SQL-Injection.html http://packetstormsecurity.com/files/133768/SAP-HANA-getSqlTraceConfiguration-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Sep/115 http://seclists.org/fulldisclosure/2015/Sep/117 http://www.onapsis.com/research/security-advisories/SAP-HANA-Trace-configuration-SQL-injection https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition https://www.onapsis.com/research/security-advisories/sap-hana-sql- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-3994
https://notcve.org/view.php?id=CVE-2015-3994
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. La aplicación grant.xsfunc en testApps/grantAccess/ en el motor XS en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados falsificar entradas del registro a través de una solicitud manipulada, también conocido como la nota de seguridad de SAP 2109818. • http://packetstormsecurity.com/files/132067/SAP-HANA-Log-Injection.html http://seclists.org/fulldisclosure/2015/May/118 http://www.onapsis.com/research/security-advisories/SAP-HANA-Log-Injection-Vulnerability-in-Extended-Application-Services http://www.securityfocus.com/archive/1/535618/100/0/threaded http://www.securityfocus.com/bid/74859 • CWE-20: Improper Input Validation •