SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

PT-2024-6828 · Sap · Sap Shared Service Framework

Name of the Vulnerable Software and Affected Versions: SAP Shared Service Framework affected versions not specified Description: The issue is related to insufficient authorization procedures in the SAP Shared Service Framework, allowing a remote attacker to elevate their privileges. An...

CVE-2024-37180

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

CVE-2024-37180

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

PT-2024-10299 · Sap +1 · Sap Netweaver As Abap +2

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP and ABAP Platform affected versions not specified Description: The issue is related to the lack of authorization checks when a user executes certain RFC function modules, potentially allowing an attacker with basic user...

Server-Side Request Forgery (SSRF)

yuan1994/tpadmin is vulnerable to Server-Side Request Forgery. The vulnerability exists because the library does not properly validate the remote function in Upload.php which allows a remote attacker to cause an SSRF bypass via a crafted url...

PT-2023-2442 · Ftp Admin · Ftp Admin

Name of the Vulnerable Software and Affected Versions: tpAdmin version 1.3.12 Description: A critical vulnerability was found in the function remote of the file applicationadmincontrollerUpload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launc...

SUSE CVE-2007-3279

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL plpgsql language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing...

SUSE CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

CVE-2023-0019

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

Design/Logic Flaw

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

PT-2023-15951 · Sap · Sap Grc

Name of the Vulnerable Software and Affected Versions: SAP GRC Process Control versions GRCFND A V8100 through GRCFND A V1200 SAP GRC Process Control versions GRCPINW V1100 700 through GRCPINW V1200 750 Description: The issue allows an authenticated attacker with minimal privileges to access all...

SAP NetWeaver AS ABAP Multiple Vulnerabilities (3256571)

Multiple vulnerabilities may be present in SAP NetWeaver Application Server ABAP, including the following: - Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a fil...

CVE-2022-41214

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integri...

CVE-2022-41214

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integri...

CVE-2022-41212

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the...

Input validation

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the...

PT-2022-25734 · Sap · Abap Platform +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description: The issue is due to insufficient input validation, allowing an attacker with high-level privileges to use a remote-enabled function to delete...

CVE-2022-41212

CVE-2022-41212 affects SAP NetWeaver Application Server ABAP and ABAP Platform. The root cause is insufficient input validation that enables an attacker with high privileges to invoke a remotely enabled function to read a file that is normally restricted, compromising confidentiality. The descrip...