Lucene search
+L

124 matches found

0day.today
0day.today
added 2021/03/26 12:0 a.m.126 views

SAP Solution Manager 7.2 Remote Command Execution Exploit

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager SolMan running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information abou...

10CVSS0.5AI score0.98266EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2021/03/20 12:0 a.m.53 views

SAP Solution Manager Remote Code Execution (CVE-2020-6207)

A remote code execution vulnerability exists in SAP Solution Manager. The vulnerability is due to a lack of authentication in the User Experience Monitoring componant. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful...

10CVSS4.3AI score0.98266EPSS
Exploits7
The Hacker News
The Hacker News
added 2021/01/23 8:43 a.m.7 views

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager SolMan version 7.2 S...

10CVSS7.6AI score0.98266EPSS
Exploits7
The Hacker News
The Hacker News
added 2021/01/23 8:43 a.m.202 views

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager SolMan version 7.2 S...

10CVSS1AI score0.98266EPSS
Exploits7
Circl
Circl
added 2021/01/15 3:33 a.m.8 views

CVE-2020-6207

creationtimestamp| type| source ---|---|--- 2021-01-15 03:33:25+00:00| published-proof-of-concept| Telegram/mzMPJUtI8bSjYe6VDdVcO-nYDGgxJsJcGR3bIyj6eBfmw 2021-01-16 11:50:06+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2506 2021-01-23 09:55:55+00:00|...

10CVSS7.5AI score0.98266EPSS
Exploits7References10
Check Point Advisories
Check Point Advisories
added 2020/05/31 12:0 a.m.4 views

MacOS Out Of Bounds Read (CVE-2019-6207)

An out of bounds read vulnerability exists in MacOS. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

2.1CVSS3.4AI score0.00745EPSS
Exploits1
CVE
CVE
added 2020/03/10 8:20 p.m.1289 views

CVE-2020-6207

CVE-2020-6207 affects SAP Solution Manager 7.2, specifically the End User Experience Monitoring (EEM) servlet. The vulnerability is due to missing authentication checks, allowing unauthenticated access that can compromise all connected SMDAgents and enables remote code execution or command execut...

10CVSS9.5AI score0.98266EPSS
In wildExploits7References8Affected Software1
NCSC
NCSC
added 2020/03/10 12:0 a.m.10 views

Fixed several vulnerabilities in SAP products.

Vulnerabilities have been fixed in SAP products. The vulnerabilities enable a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS SQL Injection Denial-of-Service DoS. Remote code execution User Rights Access to sensitive data SAP reports a...

10CVSS7.1AI score0.98266EPSS
Exploits7
OSV
OSV
added 2019/12/18 6:15 p.m.2 views

CVE-2019-6207

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

5.5CVSS6.7AI score0.00745EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.23 views

CVE-2019-6207

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

5.5AI score0.00745EPSS
Exploits1References4
CVE
CVE
added 2019/12/18 5:33 p.m.104 views

CVE-2019-6207

CVE-2019-6207 is an out-of-bounds read in kernel memory handling that could let a malicious app determine kernel memory layout. Apple fixes: iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, via/improved input validation. Public documentation shows affected components (Kernel and related su...

5.5CVSS5.4AI score0.00745EPSS
Exploits1References4Affected Software4
Veracode
Veracode
added 2019/05/02 6:2 a.m.60 views

Stack-Based Buffer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References17Affected Software3
Veracode
Veracode
added 2019/05/02 6:2 a.m.53 views

Out-Of-Bounds Read

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References16Affected Software3
Veracode
Veracode
added 2019/05/02 6:2 a.m.50 views

Denial Of Service (DoS) Through Memory Corruption

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References16Affected Software3
Veracode
Veracode
added 2019/05/02 6:2 a.m.58 views

Arbitrary Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References15Affected Software3
Veracode
Veracode
added 2019/05/02 6:2 a.m.58 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References19Affected Software3
Veracode
Veracode
added 2019/05/02 6:2 a.m.55 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.84 views

PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.24. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wi...

9.8CVSS8.8AI score0.50427EPSS
Exploits13References14
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.62 views

PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.9. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wit...

9.8CVSS8.9AI score0.50427EPSS
Exploits13References14
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.54 views

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1)

This update for php5 fixes the following security issues : - CVE-2016-6128: Invalid color index not properly handled bsc987580 - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 - CVE-2016-6292: NULL pointer dereference in exifprocessusercomme...

9.8CVSS7.6AI score0.20237EPSS
Exploits22References72
Rows per page
Query Builder