CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2015-7828 – SAP HANA TrexNet Command Execution
https://notcve.org/view.php?id=CVE-2015-7828
09 Nov 2015 — SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583. SAP HANA Database 1.00 SPS10 y anteriores no requiere autenticación, lo qu... • http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7991 – SAP HANA Remote Trace Disclosure
https://notcve.org/view.php?id=CVE-2015-7991
09 Nov 2015 — The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vectors, aka SAP Security Note 2148854. el servicio Web Dispatcher en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos leer archivos web dispatcher y security trace y posiblemente obtener contraseñas a través de vectores no especificados, también conocida como SAP Security Note 2148854. Due to ... • http://packetstormsecurity.com/files/134283/SAP-HANA-Remote-Trace-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7992 – SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7992
09 Nov 2015 — SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RULE_SET stored procedure, aka SAP Security Note 2175928. SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de indexserver) a través de vectores no especificados en el procedimiento EXECUTE_SEARCH_RULE_SET almacenado, t... • http://packetstormsecurity.com/files/134284/SAP-HANA-EXECUTE_SEARCH_RULE_SET-Stored-Procedure-Memory-Corruption.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2015-7993 – SAP HANA HTTP Login Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7993
09 Nov 2015 — The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. Extended Application Services (también conocido como XS o XS Engine) en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados relacionados con 'HTTP Login,' también conocida como SAP Security No... • http://packetstormsecurity.com/files/134286/SAP-HANA-HTTP-Login-Remote-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2015-7994 – SAP HANA SQL Login Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7994
09 Nov 2015 — The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. La interfaz SQL en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados relacionados con 'SQL Login,' también conocida como SAP Security Note 2197428. Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated ... • http://packetstormsecurity.com/files/134287/SAP-HANA-SQL-Login-Remote-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 75%CPEs: 1EXPL: 2CVE-2015-7986 – SAP HANA 1.00.095 - hdbindexserver Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7986
27 Oct 2015 — The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428. El servidor index (hdbindexserver) en SAP HANA 1.00.095 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una petición HTTP, también conocida como SAP Security Note 2197428. • https://www.exploit-db.com/exploits/39382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7726
https://notcve.org/view.php?id=CVE-2015-7726
15 Oct 2015 — Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898. Vulnerabilidad de XSS en la eliminación de rol en el Web-based Development Workbench en SAP HANA DB 1.00.091.00.1418659308 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de rol, también ... • http://seclists.org/fulldisclosure/2015/Sep/114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7725
https://notcve.org/view.php?id=CVE-2015-7725
15 Oct 2015 — Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765. Múltiples vulnerabilidades de inyección SQL en el Web-based Development Workbench en SAP HANA DB 1.00.091.00.1418659308 pe... • http://packetstormsecurity.com/files/133761/SAP-HANA-_modifyUser-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7728
https://notcve.org/view.php?id=CVE-2015-7728
15 Oct 2015 — Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898. Vulnerabilidad de XSS en la creación de usuario en el Web-based Development Workbench en SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nom... • http://seclists.org/fulldisclosure/2015/Sep/116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7729
https://notcve.org/view.php?id=CVE-2015-7729
15 Oct 2015 — Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. Inyección eval en test-net.xsjs en el Web-based Development Workbench en SAP HANA Developer Edition DB 1.00.091.00.1418659308 permite a usuarios remotos autenticados ejecutar código XSJS arbitrario a través de vectores no especificados, también conocida como SAP S... • http://packetstormsecurity.com/files/133763/SAP-HANA-test-net.xsjs-Code-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •