Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-06 | CVE-2008-0620 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui, Saplpd and Sapsprint SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. | 10.0 |
| 2008-01-12 | CVE-2008-0244 | Improper Input Validation vulnerability in SAP Maxdb SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. | 10.0 |
| 2007-07-09 | CVE-2007-3624 | Remote Buffer Overflow vulnerability in SAP Message Server Group Parameter Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. | 10.0 |
| 2007-04-10 | CVE-2007-1917 | Unspecified vulnerability in SAP RFC Library 6.4/7.0 Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2007-04-10 | CVE-2007-1916 | Unspecified vulnerability in SAP RFC Library 6.4/7.0 Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2006-12-07 | CVE-2006-6346 | Multiple Unspecified vulnerability in SAP IGS Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. | 10.0 |
| 2006-05-23 | CVE-2006-2547 | Local Privilege Escalation vulnerability in SAP SAPDBA Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling. | 10.0 |