CVE-2016-7435

The 1 SCTCREFRESHEXPORTTABCOMP, 2 SCTCREFRESHCHECKENV, and 3 SCTCTMSMAINTAINALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security...

SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection Vulnerability

Exploit for windows platform in category remote exploits Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTCREFRESHCHECKENV 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system...

SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection Vulnerability

Exploit for windows platform in category remote exploits Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTCREFRESHEXPORTTABCOMP 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the...

SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection Vulnerability

Exploit for windows platform in category remote exploits Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTCTMSMAINTAINALOG 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system...

SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection

Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTCREFRESHEXPORTTABCOMP 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information...

CVE-2016-6146

The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226...

CVE-2016-6146

The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226...

CVE-2016-6137

An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591...

Information disclosure

The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226...

Design/Logic Flaw

An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591...

CVE-2016-6137

An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591...

CVE-2016-6137

SAP TREX 7.10 Revision 63 is affected by CVE-2016-6137, a remote command execution vulnerability stemming from an unspecified function that enables arbitrary OS command execution via unknown vectors (aka SAP Security Note 2203591). The public documents do not reveal the exact vulnerable component...

CVE-2016-6142

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459...

Design/Logic Flaw

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...

Code injection

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459...

CVE-2016-3639

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...

CVE-2016-6142

Vulnerability summary (CVE-2016-6142): SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) is susceptible to remote injection of arbitrary audit-trail fields into the SYSLOG via SQL protocol-related vectors (as described by SAP Security Note 2197459). Affected component is SAP HANA DB; root cause involv...

CVE-2016-3639

SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...

CVE-2016-6142

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459...

PT-2016-24: XML External Entity Injection in SAP NetWeaver

The specialists of the Positive Research center have detected an XML External Entity Injection vulnerability in SAP NetWeaver. Vulnerability in the "TranslationSupport" component allows attackers to obtain sensitive information or cause a denial of service using a specially crafted XML request. H...