768 matches found
Code injection
An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...
CVE-2017-14511
An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...
CVE-2017-14511
An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...
OS Identification : OUI
This plugin attempts to identify the operating system by examining the MAC address OUI. C Tenable, Inc. include"compat.inc"; if description scriptid102821; scriptversion"2.9"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/06/23"; scriptnameenglish:"OS Identification : OUI";...
CVE-2017-12637
SAP NetWeaver Application Server Java 7.5 is affected by a local/file read vulnerability (CVE-2017-12637) in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows remote attackers to read arbitrary server files via a .. in the query string. The issue is confirmed in multiple connected s...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
CVE-2017-11459
SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...
CVE-2017-11460
Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...
CVE-2017-11458
Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...
CVE-2017-11460
Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
Cross site scripting
Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...
Cross site scripting
Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...
Server side request forgery (ssrf)
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
Command injection
SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...
CVE-2017-11460
Cross-site scripting XSS vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shpresult.jsp, aka SAP Security Note 2308535...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
CVE-2017-11457
CVE-2017-11457 is an XXE vulnerability in SAP NetWeaver AS JAVA 7.5, affecting the component com.sap.km.cm.ice . A remote authenticated attacker can abuse a crafted XML DTD to read arbitrary files or perform SSRF. The issue is documented against SAP NetWeaver AS JAVA 7.5 via SAP Security Note 238...
CVE-2017-11458
Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...
CVE-2017-11460
CVE-2017-11460 is a cross-site scripting (XSS) vulnerability in the DataArchivingService servlet of SAP NetWeaver Portal 7.4. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the responsecode parameter in shp/shp_result.jsp. Public sources consistently desc...