CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command

: * SAP with Informix on HP-UX, Solaris, AIX, TRUE64 or Linux Local / Remote: Local Severity: Medium Author: Leandro Meiners. Vendor Status: * Confirmed, patch released Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf Product Overview

CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector)

: Improper Input Validation Release Date: 05/15/2006 Affected Applications: * SAP BC 4.6 * SAP BC 4.7 Affected Platforms: * Platform-Independent Local / Remote: Remote Severity: Medium Author: Leandro Meiners. Vendor Status: * Confirmed, patch released. Reference to Vulnerability

CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector)

Input Validation Release Date: 05/15/2006 Affected Applications: * SAP BC Core Fix 7 (and below) Affected Platforms: * Platform-Independent Local / Remote: Remote Severity: Low Author: Leandro Meiners. Vendor Status: * Confirmed, patch released. Reference to Vulnerability Disclosure

CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC

/ Improper Input Validation Release Date: 02/15/2006 Affected Applications: * SAP BC Core Fix 7 (and below) Affected Platforms: Platform-Independent Local / Remote: Remote Severity: Low Author: Leandro Meiners. Vendor Status: Confirmed, patch released. Reference to Vulnerability Disclosure

CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC

Class: Improper Input Validation Release Date: 02/15/2006 Affected Applications: * SAP BC 4.6 * SAP BC 4.7 Affected Platforms: Platform-Independent Local / Remote: Remote Severity: Medium Author: Leandro Meiners. Vendor Status: Confirmed, patch released. Reference to Vulnerability

CYBSEC - Security Advisory: Multiple XSS in SAP WAS

Release Date: 11/09/2005 Affected Applications: * SAP WAS 6.10 * SAP WAS 6.20 * SAP WAS 6.40 * SAP WAS 7.00 Affected Platforms: * Platform-Independent Local / Remote: Remote Severity: Medium Author: Leandro Meiners. Vendor Status: * Confirmed, patch released. Reference to Vulnerability

CYBSEC - Security Advisory: Phishing Vector in SAP WAS

/ Improper Input Validation Release Date: 11/09/2005 Affected Applications: * SAP WAS 6.10 * SAP WAS 6.20 * SAP WAS 6.40 * SAP WAS 7.00 Affected Platforms: * Platform-Independent Local / Remote: Remote Severity: Medium Author: Leandro Meiners. Vendor Status: * Confirmed, patch released

CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS

Response Splitting Release Date: 11/09/2005 Affected Applications: * SAP WAS 6.10 * SAP WAS 6.20 * SAP WAS 6.40 * SAP WAS 7.00 Affected Platforms: * Platform-Independent Local / Remote: Remote Severity: High Author: Leandro Meiners. Vendor Status: * Confirmed, patch released. Reference