CVE-2016-6148

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service process termination or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136...

CVE-2016-6139

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...

Recycle Bin Files

Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92429; scriptversion"1.6"; scriptcvsdate"Date: 2018/11/15 20:50:27"; scriptnameenglish:"Recycle Bin Files"; scriptsummaryenglish:"Repo...

Microsoft Windows PowerShell Execution Policy

Nessus was able to collect and report the PowerShell execution policy for the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92367; scriptversion"1.6";...

SAP NetWeaver AS JAVA 7.5 Information Disclosure

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: information disclosure Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn...

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016...

SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP...

SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016...

SAP NetWeaver AS JAVA 7.1 &lt; 7.5 - &#039;ctcprotocol Servlet&#039; XML External Entity

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2235994 Author: Vahagn Vardanyan ERPScan...

SAP NetWeaver AS JAVA 7.5 Cross Site Scripting

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XSS Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan ERPScan...

SAP NetWeaver AS JAVA 7.5 Directory Traversal

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2234971 Author: Vahagn...

SAP NetWeaver Java 7.5 XXE

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2347439 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact: Denial of...

SAP NetWeaver AS Java getUserUddiElements SQL Injection

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java ES UDDI 7.11 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 17.06.2016 Vendor response: 17.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2356504 Author: Vahagn Vardanyan ERPScan VULNERABILI...

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection

SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP...

SAP NetWeaver AS JAVA 7.1 < 7.5 - SQL Injection

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016...

SAP NetWeaver AS JAVA 7.1 &lt; 7.5 - SQL Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan...

SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure

Exploit for java platform in category web applications Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: information disclosure Sent: 15.09.2015 Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016...

SAP xMII 15.0 - Directory Traversal

Exploit for php platform in category web applications Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 22309...

SAP xMII 15.0 - Directory Traversal

SAP xMII 15.0 - Directory Traversal Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry...