Vulnerabilities > SAP > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-02-06 CVE-2008-0620 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui, Saplpd and Sapsprint
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.
network
low complexity
sap CWE-119
critical
10.0
2008-01-12 CVE-2008-0244 Improper Input Validation vulnerability in SAP Maxdb
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
network
low complexity
sap CWE-20
critical
10.0
2007-07-09 CVE-2007-3624 Remote Buffer Overflow vulnerability in SAP Message Server Group Parameter
Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.
network
low complexity
sap
critical
10.0
2007-04-10 CVE-2007-1917 Unspecified vulnerability in SAP RFC Library 6.4/7.0
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
sap
critical
10.0
2007-04-10 CVE-2007-1916 Unspecified vulnerability in SAP RFC Library 6.4/7.0
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
sap
critical
10.0
2006-12-07 CVE-2006-6346 Multiple Unspecified vulnerability in SAP IGS
Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues.
network
low complexity
sap
critical
10.0
2006-05-23 CVE-2006-2547 Local Privilege Escalation vulnerability in SAP SAPDBA
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
network
low complexity
sap
critical
10.0