Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-11-20 | CVE-2013-6820 | Unspecified vulnerability in SAP Netweaver Development Infrastructure Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. | 9.3 |
| 2012-05-15 | CVE-2012-2611 | Improper Input Validation vulnerability in SAP Netweaver 7.0 The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | 9.3 |
| 2010-12-22 | CVE-2010-2590 | Buffer Errors vulnerability in SAP Crystal Reports 2008 Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. | 9.3 |
| 2010-12-17 | CVE-2010-4556 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Netweaver Business Client Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. | 9.3 |
| 2010-10-18 | CVE-2010-3983 | Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 3.2 CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | 9.0 |
| 2010-10-18 | CVE-2010-0219 | Credentials Management vulnerability in multiple products Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | 10.0 |
| 2010-08-25 | CVE-2009-4988 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Business ONE 2005-A 6.80.123/6.80.320 Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. | 10.0 |
| 2010-08-17 | CVE-2010-3032 | Numeric Errors vulnerability in SAP Crystal Reports 2008 Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. | 10.0 |
| 2010-03-29 | CVE-2010-1185 | Buffer Errors vulnerability in SAP Maxdb 7.4.3.32/7.6.0.37/7.6.06 Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. | 10.0 |
| 2009-09-24 | CVE-2009-3346 | Remote Security vulnerability in SAP Crystal Reports Server 2008 Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. | 10.0 |