Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.
b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ecOnapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.
ec578a095f1a6d51c543b8f60172c4da01037681852bb0569b01951f9eb78573Onapsis Security Advisory - Weaknesses in the SAP WebAS system allow for malicious shortcut generation. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
32765a43c85053cc199a128f6134c3af8ada30764b99921dd00412a849720679Onapsis Security Advisory - SAP WebAS suffers from a cross site scripting vulnerability. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
da774926d74eeaa735ada09954cd7b6d44b6f03c5ce42072d67b01799a0d56c5Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
de1a526a09377a0ed8182d857eb00916bfdd1fa815f7b172bc6f5c71f72ee65eSAP WebAS Integrated ITS suffers from a remote command execution vulnerability.
6235e661b3b9fe406aecbd27c564491890152c26c55f0577cd6fc7e05d2762aeWhitepaper called SAP Penetration Testing with Sapyto.
74600147b1192eff71ef757b0e9db5e7916f75dcbe26c2c40be69feabefd314eWhitepaper: Exploiting SAP Internals - A Security Analysis Of The RFC Interface Implementation.
0732519307bc916b1b18f10d66d1fd69f74362b7918402bd5d249ef1ba2705d2CYBSEC Security Advisory - The SAP RFC_START_PROGRAM RFC function suffers from multiple vulnerabilities.
ac7ef1eac9ba811abdf99588177632db3f04369bb304d5674db0d799f8228970CYBSEC Security Advisory - The SAP RFC_SET_REG_SERVER_PROPERTY RFC function suffers from a denial of service vulnerability.
09f1ece6c60c3b0e0bea1d3fd0ea49edb973f4c9c377c372328210861800014eCYBSEC Security Advisory - The SAP SYSTEM_CREATE_INSTANCE RFC function suffers from a buffer overflow vulnerability.
6a447c9832bec0007019cc9acd2c0fb6f2ba529a1044018d6f1406eede127a6fCYBSEC Security Advisory - The SAP RFC_START_GUI RFC function suffers from a buffer overflow vulnerability.
92e40159fe8d7ef5f7db52e7a033e3c69152e8936976c21c2295d2c8412b66c7CYBSEC Security Advisory - The SAP RFC_START_PROGRAM RFC function suffers from multiple vulnerabilities.
8c63eeebc53a49379d04e3a80f706807c750d399d670db9dec3308d3a570ba97CYBSEC Security Advisory - The SAP TRUSTED_SYSTEM_SECURITY RFC function suffers from an information disclosure.
6a52038918a95ee84b04a5f54bc086257f7d0863c0dc06dc534c043963763df5CYBSEC Security Advisory - A specially crafted HTTP request can trigger a remote buffer overflow in SAP IGS service.
140dce31f80c33f96fc4f5fb9d11c258d9cfcfeed32188954f44e87decf132c7CYBSEC Security Advisory - A specially crafted HTTP request can remove any file located in SAP IGS file-system. SAP IGS versions 6.40 Patchlevel 16 and below and 7.00 Patchlevel 6 and below are affected.
992d1c3e589ee06443567d8375401c73114e94090b39202776695427f219875fCYBSEC Security Advisory - Undocumented features have been discovered in SAP IGS service, some of which may signify security risks. SAP IGS versions 6.40 Patchlevel 15 and below and 7.00 Patchlevel 3 and below are affected.
a54d1cedef3e5d18339a313268d765c9d82972cf5f13660663dec05e76e801b6CYBSEC Security Advisory - A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client Service. Affected products include Microsoft Windows 2000 SP4 and below, Microsoft Windows XP SP2 and below, and Microsoft Windows 2003 SP1 and below.
8272a8546f4126084dc45255ec9b3853da45de6ef9b21be144a6b6b8450aad68CYBSEC Security Advisory - The SAP Internet Graphics Service (IGS) suffers from a buffer overflow condition.
823b0b5aa7b72a6a392e4e6d2319704ca685d846f6cec087d50131209bfffdf8CYBSEC Security Advisory - The SAP Internet Graphics Service (IGS) suffers from a remote denial of service condition.
560c9199e750ccd40c8e6ab6dc3c183fed036f528202e10c19ca1839423f997eA remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client service. Affected include Microsoft Windows 2000 SP4 and below, Microsoft Windows XP SP2 and below, and Microsoft Windows 2003 SP1 and below.
f0b8a04ebf77fe02b596538c5c1cb68e368d924a0210b5216832db0dd11aeda9Proof of concept exploit for AppScan QA versions 5.0.x that stages itself as a webserver and exploits a buffer overflow via the WWW-Authenticate header of a 401 HTTP response.
8e6c615c470e86daee1e69fc755f9f8e66eaf7382354ecd5c7fd8dc9c81e3cbaAppScan QA versions 5.0.x suffer from a buffer overflow vulnerability in the WWW-Authenticate header of a 401 HTTP response.
104be83a892484026296785d17b54f2095e4f81aab9af133e34a48ec4a771b2f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed