what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

SAP NetWeaver Virus Scan Cross Site Scripting
Posted Nov 17, 2011
Authored by Dmitriy Evdokimov

The SAP NetWeaver Virus Scan interface suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, virus, xss
MD5 | 2f4ce85660635bae33af1714794d0f9e

Related Files

SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection
Posted Oct 3, 2016
Authored by Pablo Artuso | Site onapsis.com

The SAP Netweaver version 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.

tags | exploit, arbitrary
advisories | CVE-2016-7435
MD5 | c79af90ae3139a9e68b75e1883678fef
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection
Posted Oct 3, 2016
Authored by Pablo Artuso | Site onapsis.com

The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_CHECK_ENV function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.

tags | exploit, arbitrary
advisories | CVE-2016-7435
MD5 | 64cbf7ade76cb7efc7d3c21eac50c307
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection
Posted Oct 3, 2016
Authored by Pablo Artuso | Site onapsis.com

The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.

tags | exploit, arbitrary
advisories | CVE-2016-7435
MD5 | f147304090d412114282d55288be3787
SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
Posted May 9, 2013
Authored by nmonkee | Site metasploit.com

This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.

tags | exploit, remote
systems | linux, windows
MD5 | 385abecf04336905ed6d882a6fbc2253
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
Posted May 9, 2013
Authored by nmonkee | Site metasploit.com

This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.

tags | exploit, remote
systems | linux, windows
MD5 | 9ec84a8165c029d32c22410e603c66e1
SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
Posted Sep 3, 2012
Authored by juan vazquez, Martin Gallo | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info() function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer Traces have been configured at levels 2 or 3. The module has been successfully tested on SAP Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, arbitrary
systems | windows, xp
advisories | CVE-2012-2611, OSVDB-81759
MD5 | fb921481435fe5e02b482615cec63931
SAP NetWeaver SPML Cross Site Request Forgery
Posted Nov 17, 2011
Authored by Sh2kerr

The SAP NetWeaver SPML service suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | 1004099fbc4c63a617fa5a0c2e4ce23a
SAP WebAS ITS Mobile Start Service Information Disclosure
Posted Apr 28, 2011
Site onapsis.com

Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Start service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.

tags | advisory, web, arbitrary, vulnerability
MD5 | 560d35320bea4d4df021b43468b8728e
SAP WebAS ITS Mobile Test Service XSS
Posted Apr 28, 2011
Site onapsis.com

Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Test service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.

tags | advisory, web, arbitrary, vulnerability
MD5 | f9c7c698aaf51ec0e176da0df68d2d14
SAP NetWeaver Integration Directory Cross Site Scripting
Posted Mar 16, 2011
Authored by Sh2kerr, Dmitriy Evdokimov

Multiple cross site scripting vulnerabilities have been discovered in the SAP NetWeaver Integration Directory.

tags | advisory, vulnerability, xss
MD5 | f5b473f10905b44f7d5d074e43b8e1c1
SAP Crystal Report Server 2008 Active-X Insecure Methods
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.

tags | advisory
MD5 | 623bb1539a1aec82e12acf85131793af
SAP Crystal Report Server 2008 Cross Site Scripting
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6721adcf6316d6e202fd81c0e3c61b04
SAP NetWeaver 7.0 Denial Of Service
Posted Nov 18, 2010
Authored by Sh2kerr | Site dsecrg.com

SAP NetWeaver version 7.0 suffers from a denial of service vulnerability in the Metamodel Repository.

tags | advisory, denial of service
MD5 | 564a62ab8dfd6f7891722c55238b0d62
SAP XRFC 6.40 / 7.00 Stack Overflow
Posted Nov 17, 2010
Authored by Alexey Sintsov

SAP XRFC version 6.40 and 7.00 suffers from a stack overflow vulnerability.

tags | advisory, overflow
MD5 | 667eaa5ad8953aaa39aa3f3bc7805f15
SAP NetWeaver Administrator Panel ECC 6.0 Cross Site Scripting
Posted Nov 17, 2010
Authored by Sh2kerr, Alexey Troshichev | Site dsecrg.com

The SAP NetWeaver administrator panel from ECC version 6.0 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 3f5f3a29639152a4fcb16c07f1f5db4f
Oracle BPEL Console 10.1.3.3.0 Cross Site Scripting
Posted Oct 28, 2010
Authored by Sh2kerr | Site dsecrg.com

Oracle BPEL Console version 10.1.3.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-3581
MD5 | d4b0e75bfbffdb2ae1a457793c3f4e08
Oracle BI Publisher HTTP Response Splitting
Posted Oct 28, 2010
Authored by Sh2kerr | Site dsecrg.com

Oracle BI Publisher suffers from a HTTP response splitting vulnerability.

tags | exploit, web
MD5 | 91d3c190354d6032783de15d8392c521
SAP NetWeaver SLD 6.4 - 7.02 Cross Site Scripting
Posted Jul 23, 2010
Authored by Sh2kerr, Alexey Troshichev | Site dsecrg.com

SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 451abfbc0ef4b0e2a82befc9477d71d6
SAP Netweaver 6.4 - 7.0 Cross Site Scripting
Posted Jul 23, 2010
Authored by Sh2kerr | Site dsecrg.com

SAP Netweaver versions 6.4 through 7.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d16c41273ad057de749869ddaaf86c49
IBM BladeCenter Management Module Cross Site Scripting / Directory Traversal
Posted Jul 6, 2010
Authored by Alexey Sintsov | Site dsecrg.com

The IBM BladeCenter Management module suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 5da843bbe42c1abfa28b6102567b638b
VMware Portal 3.1 Cross Site Scripting
Posted May 14, 2010
Authored by Alexey Sintsov

VMware View Portal versions 3.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-1143
MD5 | 3fc218e6b65892b0fdceee2c8038598d
BladeCenter AMM Denial Of Service
Posted Apr 16, 2010
Authored by Alexey Sintsov

The IBM BladeCenter Management module suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 380f7ca4856e2f8a4b39f6f6dfe2e682
VMware Remote Console Format String
Posted Apr 14, 2010
Authored by Alexey Sintsov | Site dsecrg.com

VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and executable files for remote console of guest OS. VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.

tags | advisory, remote, web, arbitrary, code execution, activex
advisories | CVE-2009-3732
MD5 | 086438aad57475ec11043229c4ec0935
SAP GUI 7.1 Insecure Method
Posted Mar 23, 2010
Authored by Alexey Sintsov

An insecure method vulnerability was discovered in SAP GUI version 7.1.

tags | advisory
MD5 | 13030044a24e94ec61e5937729ca26ef
Symantec Antivirus Client Proxy Buffer Overflow
Posted Feb 20, 2010
Authored by Sh2kerr | Site dsecrg.com

An Active-X component in CLIproxy.dll from Symantec Antivirus Client Proxy suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2010-0108
MD5 | 1f68c2a86a81e38c5322e4127c8446d8
Page 1 of 4
Back1234Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close