The SAP NetWeaver SPML service suffers from a cross site request forgery vulnerability.
322ab3a2b0d5f55c5b57691f980918122aa961043519cd3ac848bdaa88e9ca1b
This Metasploit module abuses the SAP NetWeaver PFL_CHECK_OS_FILE_EXISTENCE function, on the SAP SOAP RFC Service, to check for files existence on the remote file system. The module can also be used to capture SMB hashes by using a fake SMB share as FILEPATH.
9d5f46cbc7660de1aed08bce90727085f54a370aa1d41e6c542210bc5a436973
This Metasploit module abuses the SAP NetWeaver EPS_GET_DIRECTORY_LISTING function, on the SAP SOAP RFC Service, to check for remote directory existence and get the number of entries on it. The module can also be used to capture SMB hashes by using a fake SMB share as DIR.
e9446350eea1081a54d135daacf2fb0e7ff1aadcd595676db4b0228d64da75d9
This Metasploit module abuses the SAP NetWeaver EPS_DELETE_FILE function, on the SAP SOAP RFC Service, to delete arbitrary files on the remote file system. The module can also be used to capture SMB hashes by using a fake SMB share as DIRNAME.
dd8fea54335c24c4b123e867b2f7f6799e65ed7f1293added0b5dc7555c7b9a1
The SAP NetWeaver ABAP IGS service suffers from multiple memory corruption vulnerabilities.
2d1f0734303783a8b47a886f91b23670d4395d5d4ed4501f6e4af6001b97b2b7
The SAP NetWeaver ABAP Gateway service suffers from multiple memory corruption vulnerabilities.
da1fec63d0f864232e684c79171e0e2cc4a5296c2ce6bd0702518810eabac2ea
The SAP Netweaver version 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.
cdea10037f25f37e68dadc3dd2a5c0d0f27caaca32899c47a4e16ddc8f3b72eb
The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_CHECK_ENV function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.
b35e9f6613d4f1f23468ca6d75fc9ed768d97653f4622f0c9116590ea888b4f4
The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.
48c0424ccdff8795c1c8e34571da47df3e36d4472a09787da490e76fa363125c
This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
07e4fa901be9cc50c8930727a69a8c8e30098c5150d37c5a93fa5928c0123236
This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
9c4b5e90a96b549626431074b175b223177580d1d90db57236152e6e60113583
This Metasploit module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info() function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer Traces have been configured at levels 2 or 3. The module has been successfully tested on SAP Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass).
df2e94bf3f16b9b94127f76497e9d8f082577bd02bc6dd1ff0c5913c7b9ff7fa
The SAP NetWeaver Virus Scan interface suffers from multiple cross site scripting vulnerabilities.
bb8285b3a50293e1b7955490ff1a6f95c2a536a27d3d98b985e8678a317a3799
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Start service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
4973dde1444f7ea1451bf61d92f93f460d71a3e5898a4dae972e180aaafefe31
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Test service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
b1a16e8fafc41fd2fd523be4fe06a2088738ea8be3c1a1f316e68006cd95226d
Multiple cross site scripting vulnerabilities have been discovered in the SAP NetWeaver Integration Directory.
6c1f10b4919499bf8e2eb3a38ba5b4c505670c59ce701c4a2769af93a5d72d82
SAP XRFC version 6.40 and 7.00 suffers from a stack overflow vulnerability.
9b8e7b9a5adb907ede97829d87b64a1087018e9595e7e83781a56c9d2180bf3a
The SAP NetWeaver administrator panel from ECC version 6.0 suffers from cross site scripting vulnerabilities.
3d805721f30788cc734b4cca6025ed61f899f4240facd6d677bd99feb4a472b9
Oracle BPEL Console version 10.1.3.3.0 suffers from a cross site scripting vulnerability.
8b80837fd9c12c060f51e80f3ef5cf3cb1543ef6936db9fd039e3765f60d152d
Oracle BI Publisher suffers from a HTTP response splitting vulnerability.
a16b4a5d2e42764c015a89ca8d14b3e7d1594fc9ccef544177abbde6f3759df3
SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities.
8b641e06e58f7c35d9140a710b83cde908ed39795c6e2eedaaa58b596a3b8385
SAP Netweaver versions 6.4 through 7.0 suffer from a cross site scripting vulnerability.
3a33cbd84a9db933f995cbae70e001e3a89be10e4fa30b160c720ca941a9066e
The IBM BladeCenter Management module suffers from cross site scripting and directory traversal vulnerabilities.
221ec396f78060edb0ef769a38cef5b58e18b6f8c6f38d5188b079e148e40370
VMware View Portal versions 3.1 and below suffer from a cross site scripting vulnerability.
6ff34d3c4c5414257facf8f8b5cdd2f2fd3e1d2c50b916d0ba65eccf0d979ba0
The IBM BladeCenter Management module suffers from a denial of service vulnerability.
2fdefac0d8be7e6b47669981826466ac5d6de34aad57eb161e0f1651ff4e02b5
VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and executable files for remote console of guest OS. VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.
9b7e2d5d9e6d71cece7b4f8e09a5fa1063bb231718082ebea4980540a99db1c7