The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output. Date published : 2013-11-20 http://www.ec-cube.net/info/weakness/weakness.php?id=54 http://jvn.jp/en/jp/JVN61077110/index.html
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows...
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon...
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. Date published : 2013-11-19 http://www.securityfocus.com/bid/63663 http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-002-sap-grmgapp-xxe-and-authentication-bypass/
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-002-sap-grmgapp-xxe-and-authentication-bypass/
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218 https://service.sap.com/sap/support/notes/1628537
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218...
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218 https://service.sap.com/sap/support/notes/1784894
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218 https://service.sap.com/sap/support/notes/1685106
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218 https://service.sap.com/sap/support/notes/1820666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-11-19 http://scn.sap.com/docs/DOC-8218...
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External...
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. Date...