Lucene search
+L

1284 matches found

Prion
Prion
added 2013/11/20 2:12 p.m.19 views

Xxe

The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...

5CVSS7.3AI score0.0169EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/11/19 7:0 p.m.23 views

CVE-2013-6815

The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...

6.7AI score0.0169EPSS
Exploits0References4
NVD
NVD
added 2013/10/28 10:55 p.m.10 views

CVE-2013-3243

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...

6.8CVSS7.5AI score0.01264EPSS
Exploits1References2
Prion
Prion
added 2013/10/28 10:55 p.m.15 views

Security feature bypass

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...

6.8CVSS8AI score0.01264EPSS
Exploits1References2
Cvelist
Cvelist
added 2013/10/28 10:0 p.m.23 views

CVE-2013-3243

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...

7.5AI score0.01264EPSS
Exploits1References2
CVE
CVE
added 2013/10/28 10:0 p.m.46 views

CVE-2013-3243

The CVE-2013-3243 issue affects OpenText/IXOS ECM for SAP NetWeaver (Doculink). It is a Remote ABAP Injection vulnerability that, per ESNC, could allow an attacker to inject and execute ABAP code on a remote SAP system. An exploit is claimed to exist in ESNC’s suite; vendor patching information p...

6.8CVSS7.8AI score0.01264EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.42 views

[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...

6.8CVSS7AI score0.01264EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.45 views

OpenText/IXOS ECM for SAP NetWeaver code exeution

ABAP code injection...

6.8CVSS2.5AI score0.01264EPSS
Exploits1References1
Metasploit
Metasploit
added 2012/11/07 4:4 p.m.32 views

SAP /sap/bc/soap/rfc SOAP Service SUSR_RFC_USER_INTERFACE Function User Creation

This module makes use of the SUSRRFCUSERINTERFACE function, through the SOAP /sap/bc/soap/rfc service, for creating/modifying users on a SAP. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on,...

7.3AI score
Exploits0
Prion
Prion
added 2012/08/15 9:55 p.m.28 views

Stack overflow

Multiple stack-based buffer overflows in msgserver.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service crash and execute arbitrary code via a 1 long parameter value, 2 crafted string size field, or 3 long Parameter Name string in a package with opcode 0x43 and sub...

10CVSS8.4AI score0.08703EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2012/08/15 9:0 p.m.65 views

CVE-2012-4341

CVE-2012-4341 affects SAP NetWeaver ABAP 7.x and involves multiple stack-based buffer overflows in the msg_server.exe component. The vulnerability allows remote attackers to crash the service and potentially execute arbitrary code via crafted input: (1) long parameter value, (2) crafted string si...

10CVSS8AI score0.08703EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2012/08/15 12:0 a.m.8 views

PT-2012-5341 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP versions 7.x Description: The issue allows remote attackers to cause a denial of service and execute arbitrary code via a long parameter value, crafted string size field, or long Parameter Name string in a package with opco...

10CVSS8AI score0.08703EPSS
Exploits0References9
Zero Day Initiative
Zero Day Initiative
added 2012/06/28 12:0 a.m.23 views

SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msgserver.exe listening on 3900 by default. When the msgserver parses a message...

10CVSS8.6AI score
Exploits0References1
seebug.org
seebug.org
added 2012/06/28 12:0 a.m.24 views

SAP Netweaver ABAP 'msg_server.exe'远程代码执行漏洞

Bugtraq ID: 54214 SAP NetWeaver是一款SAP业务套件解决方案、SAP xApps组合应用、合作伙伴解决方案以及客户定制应用的技术基础。 SAP NetWeaver处理操作码为0x43的报文存在缺陷。如果sub opcode为0x4的报文包含超长参数值字符串,NetWeaver最后会把\x00字节写入到栈中标记字符串的结尾,而NULL字节的位置以来用户提供的输入,提供超长数值可导致栈破坏,可以以进程上下文执行任意代码。 0 SAP NetWeaver ABAP 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...

6.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2012/06/28 12:0 a.m.27 views

SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opco...

9CVSS8.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2012/06/27 12:0 a.m.30 views

SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opco...

10CVSS8.2AI score
Exploits0References1
securityvulns
securityvulns
added 2011/11/20 12:0 a.m.129 views

[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay

DSECRG-11-031 SAP RFC EPSDELETEFILE - Authorisation bypass, smbrelay Security vulnerability was founded in sap EPSDELETEFILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack. Digital Security Research Group...

7AI score
Exploits0
erpscan
erpscan
added 2011/07/12 12:0 a.m.24 views

SAP Netweaver CCMS - XML External Entity

Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1715040 Authors: Alexey Tyurin ERPScan...

0.7AI score
Exploits0
erpscan
erpscan
added 2011/05/13 12:0 a.m.25 views

SAP NetWeaver EPS - Multiple missing auth check

Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs:Auth bypass, directory traversal, smbrelay Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Date of Public Advisory: 17.06.2012 Author: Alexey Tyurin ERPScan Description A...

0.6AI score
Exploits0
Metasploit
Metasploit
added 2011/03/02 10:18 a.m.32 views

SAP Management Console ABAP Syslog Disclosure

This module simply attempts to extract the ABAP syslog through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console ABAP Syslog...

7.3AI score
Exploits0
Rows per page
Query Builder