Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vahagn vardanyan vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-5068
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote malicious users to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.
Sap Mobile Platform 3.0
6.1
CVSSv3
CVE-2016-2387
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220...
Sap Netweaver 7.40
NA
CVE-2015-7239
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sap Netweaver J2ee Engine 7.40
NA
CVE-2015-6664
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote malicious users to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.
Sap Mobile Platform 2.3
9.1
CVSSv3
CVE-2016-3974
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~we...
Sap Netweaver Application Server Java
1 EDB exploit
7.5
CVSSv3
CVE-2016-3976
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 up to and including 7.5 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
Sap Netweaver Application Server Java
1 EDB exploit
1 Article
6.1
CVSSv3
CVE-2016-4016
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote malicious users to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/Naviga...
Sap Java As 7.4
NA
CVE-2016-401610
SAP xMII version 15 suffers from a cross site scripting vulnerability.
6.1
CVSSv3
CVE-2017-3300
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...
Oracle Peoplesoft Enterprise Peopletools 8.54
Oracle Peoplesoft Enterprise Peopletools 8.55
6.6
CVSSv3
CVE-2018-2380
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an malicious user to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Sap Customer Relationship Management 7.33
Sap Customer Relationship Management 7.01
Sap Customer Relationship Management 7.02
Sap Customer Relationship Management 7.30
Sap Customer Relationship Management 7.31
Sap Customer Relationship Management 7.54
1 EDB exploit
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2