1284 matches found
Xxe
The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...
CVE-2013-6815
The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...
CVE-2013-3243
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...
Security feature bypass
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...
CVE-2013-3243
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...
CVE-2013-3243
The CVE-2013-3243 issue affects OpenText/IXOS ECM for SAP NetWeaver (Doculink). It is a Remote ABAP Injection vulnerability that, per ESNC, could allow an attacker to inject and execute ABAP code on a remote SAP system. An exploit is claimed to exist in ESNC’s suite; vendor patching information p...
[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver
ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...
OpenText/IXOS ECM for SAP NetWeaver code exeution
ABAP code injection...
SAP /sap/bc/soap/rfc SOAP Service SUSR_RFC_USER_INTERFACE Function User Creation
This module makes use of the SUSRRFCUSERINTERFACE function, through the SOAP /sap/bc/soap/rfc service, for creating/modifying users on a SAP. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on,...
Stack overflow
Multiple stack-based buffer overflows in msgserver.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service crash and execute arbitrary code via a 1 long parameter value, 2 crafted string size field, or 3 long Parameter Name string in a package with opcode 0x43 and sub...
CVE-2012-4341
CVE-2012-4341 affects SAP NetWeaver ABAP 7.x and involves multiple stack-based buffer overflows in the msg_server.exe component. The vulnerability allows remote attackers to crash the service and potentially execute arbitrary code via crafted input: (1) long parameter value, (2) crafted string si...
PT-2012-5341 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP versions 7.x Description: The issue allows remote attackers to cause a denial of service and execute arbitrary code via a long parameter value, crafted string size field, or long Parameter Name string in a package with opco...
SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msgserver.exe listening on 3900 by default. When the msgserver parses a message...
SAP Netweaver ABAP 'msg_server.exe'远程代码执行漏洞
Bugtraq ID: 54214 SAP NetWeaver是一款SAP业务套件解决方案、SAP xApps组合应用、合作伙伴解决方案以及客户定制应用的技术基础。 SAP NetWeaver处理操作码为0x43的报文存在缺陷。如果sub opcode为0x4的报文包含超长参数值字符串,NetWeaver最后会把\x00字节写入到栈中标记字符串的结尾,而NULL字节的位置以来用户提供的输入,提供超长数值可导致栈破坏,可以以进程上下文执行任意代码。 0 SAP NetWeaver ABAP 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...
SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opco...
SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opco...
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
DSECRG-11-031 SAP RFC EPSDELETEFILE - Authorisation bypass, smbrelay Security vulnerability was founded in sap EPSDELETEFILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack. Digital Security Research Group...
SAP Netweaver CCMS - XML External Entity
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1715040 Authors: Alexey Tyurin ERPScan...
SAP NetWeaver EPS - Multiple missing auth check
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs:Auth bypass, directory traversal, smbrelay Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Date of Public Advisory: 17.06.2012 Author: Alexey Tyurin ERPScan Description A...
SAP Management Console ABAP Syslog Disclosure
This module simply attempts to extract the ABAP syslog through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console ABAP Syslog...