190 matches found
Malicious code in Be.Vlaaոdеren.Basisrеgisters.ProjectiоnHandling.SqlStreamStore (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaаnderen.Basisrеgisters.Utilities.ToStringBuilder (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaаոdеren.Basisrеgisters.BlobStore (NuGet)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-22131
CVE-2024-22131 affects SAP ABA (Application Basis) across versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I. The issue enables an authenticated user with remote execution privileges to use a vulnerable interface to invoke application functions beyond normal permissions, potentially readin...
CVE-2024-22128
SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...
SAP NetWeaver Business Client for HTML Cross-Site Scripting Vulnerability
SAP NetWeaver Business Client for HTML SAP NWBC for HTML is a lightweight browser-based version of NWBC from SAP, Germany. SAP NetWeaver Business Client for HTML SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731 versions have a security...
SAP ABA 代码注入漏洞
SAP ABA Application Basis is an application transaction management system developed by SAP. A code injection vulnerability exists in the SAP ABA Application Basis interface, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary code in the...
PT-2024-5016 · Sap · Sap Aba
Name of the Vulnerable Software and Affected Versions: SAP ABA Application Basis versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I Description: The issue in SAP ABA is related to incorrect code generation management, allowing an attacker with remote execution authorization to use a...
A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade
Two researchers have improved a well-known technique for lattice basis reduction, opening up new avenues for practical experiments in cryptography and mathematics...
CVE-2023-49584
SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...
CVE-2023-41120
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoft’s threat intelligence team, it has been exploited in the wild by DEV-0950 Lace Tempest in “limited attacks.” In a...
CVE-2023-40624
SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...
PT-2023-27546 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions SAP UI 754 through SAP UI 758 SAP NetWeaver AS ABAP versions SAP BASIS 702, SAP BASIS 731 Description: The issue allows an attacker to inject JavaScript code that can be executed in the web-application,...
PT-2023-4244 · Sap · Abap Platform +1
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP BASIS 700, SAP BASIS 701, SAP BASIS 702, SAP BASIS 731, SAP BASIS 740, SAP BASIS 750, SAP BASIS 752, SAP BASIS 753, SAP BASIS 754, SAP BASIS 755, SAP BASIS 756, SAP BASIS...
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...
basis-wien.at Cross Site Scripting vulnerability OBB-3294595
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem
Background Rapid7 Insight Agent and InsightVM Scan Assistant are executables that can be deployed to assist in understanding the vulnerabilities in your environment. Frequently there are questions around when and where you would deploy each, if you need both, what they actually monitor, etc. This...
SUSE CVE-2020-26974
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...
Vulnerabilities fixed in SAP products
SAP has released updates for several products, including SAP BASIS, Netweaver, HAMA, Business Planning & Consolidation, SAP CRM and SAP Solution Manager. A malicious party could potentially exploit and cause damage in the following categories: Cross-Site Scripting XSS Bypassing authentication...