16 matches found
EUVD-2015-1453
Malware in sbrugna...
EUVD-2019-1084
Malware in sbrugna...
Online portal exposed car and personal data, allowed anyone to remotely unlock cars
A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...
CVE-2019-0311
Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...
Malicious code in dealer-portal (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-819 Malicious code in dealer-portal (npm)
--- -= Per source details. Do not edit below this line.=-...
Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number
In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: "These attacks could be executed remotely on any...
CVE-2019-0311
Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...
Cross site scripting
Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...
CVE-2019-0311
Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...
CVE-2019-0311
Summary: CVE-2019-0311 affects SAP R/3 Enterprise Application’s Automotive Dealer Portal (versions 600–617). It arises from insufficient encoding of user-controlled inputs, enabling Cross-Site Scripting (XSS) where an attacker’s input can execute scripts in a victim’s browser. Affected component:...
LPG Gas Company Leaked Details, Aadhaar Numbers of 6.7 Million Indian Customers
Why would someone bother to hack a so-called "ultra-secure encrypted database that is being protected behind 13 feet high and 5 feet thick walls," when one can simply fetch a copy of the same data from other sources. French security researcher Baptiste Robert, who goes by the pseudonym "Elliot...
SAP ERP Dealer Portal Elevation of Privilege Vulnerability
SAP ERP is a set of integrated enterprise resource planning system based on customer/server structure and open system from SAP, Germany. The system supports custom reports, standardized processes and automated execution of business processes. A security vulnerability exists in Dealer Portal for S...
CVE-2015-1312
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details ar...
Information disclosure
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details ar...
CVE-2015-1312
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details ar...