Export limit exceeded: 366885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1700 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1961 1 Sap 1 Netweaver 2025-04-11 N/A
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.
CVE-2013-7095 1 Sap 1 Customer Relationship Management 2025-04-11 N/A
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
CVE-2013-3244 1 Sap 1 Erp Central Component 2025-04-11 N/A
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
CVE-2012-4341 1 Sap 1 Netweaver Abap 2025-04-11 N/A
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
CVE-2013-3061 1 Sap 2 Erp Central Component, Healthcare Industry Solution 2025-04-11 N/A
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
CVE-2013-3063 1 Sap 1 Basis Communication Services 2025-04-11 N/A
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-6821 1 Sap 1 Netweaver 2025-04-11 N/A
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2010-1609 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1290 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.
CVE-2010-3032 1 Sap 1 Crystal Reports 2025-04-11 N/A
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
CVE-2013-6244 1 Sap 1 Netweaver 2025-04-11 N/A
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2012-2612 1 Sap 1 Netweaver 2025-04-11 N/A
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2010-3982 1 Sap 1 Businessobjects 2025-04-11 N/A
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.
CVE-2013-6823 1 Sap 1 Netweaver 2025-04-11 N/A
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2010-3983 1 Sap 1 Businessobjects 2025-04-11 N/A
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
CVE-2010-4556 1 Sap 1 Netweaver Business Client 2025-04-11 N/A
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods.
CVE-2010-3980 1 Sap 1 Businessobjects 2025-04-11 N/A
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.
CVE-2012-2514 1 Sap 1 Netweaver 2025-04-11 N/A
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2013-6817 1 Sap 1 Network Interface Router 2025-04-11 N/A
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
CVE-2010-3981 1 Sap 1 Businessobjects 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.