SAP NetWeaver Solution Manager - Missing Authorization Check & Information Disclosure

Application: SAP NetWeaver Solution Manager Versions Affected: SAP NetWeaver Solution Manager Vendor URL: http://www.sap.com Bugs: Missing Authorization Check & Information Disclosure Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note...

SAP Adapter Monitor - information disclosure

Application: SAP NetWeaver Vendor URL: Bugs: Information disclosure Risk: High Exploits: YES Reported: 06.12.2011 Vendor response: 06.12.2011 Date of Public Advisory: 17.12.2011 Reference: SAP Security Note 1445998 Description Information disclosure in com.sap.aii.mdt.amt.web.AMTPageProcessor...

SAP NetWeaver AdapterFramework - information disclosure

Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 06.12.2011 Vendor response: 07.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1679897 Authors: Dmitry Chastukhin...

SAP Crystal Reports 2008 - Multiple XSS

Application: SAP Crystal Reports Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 13.05.2011 Vendor response: 17.05.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1647871 Author: Dmitriy Chastuchin ERPScan Description XSS in MessagingSystem SAP...

SAP NetWeaver RFC WSDL - XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 6.40, 7.02 and maybe others Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Date of Public Advisory: 13.06.2012 Reference: SAP Security Note 1614834 Author: Alexey Tyurin ERPScan...

SAP Netweaver ABAP - XML External Entity

Application: SAP NetWeaver ABAP Vendor URL: Bugs: XXE, Unauthorized access Risk: High Exploits: YES Reported: 13.05.2011 Vendor response: 17.05.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1594475 Author: Alexey Tyurin ERPScan Description SAP Netweaver...

[DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking

DSECRG-11-014 SAP GUI sapgui - DLL hijacking SAP Front End applications SAPGui.exe are vulnerable to DLL hijacking attacks. It makes possible to remote code execution Digital Security Research Group DSecRG Advisory DSecRG-11-014 Internal DSecRG-00183 Application: SAP GUI Versions Affected: 6.4 -...

[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS

DSECRG-11-012 SAP NetWeaver Integration Directory - multiple XSS SAP NetWeaver Integration Directory has multiple linked XSS vulnerabilities. Digital Security Research Group DSecRG Advisory DSecRG-11-012 Internal DSecRG-00159 Application: SAP NetWeaver XI Versions Affected: SAP NetWeaver XI Vendo...

SAP Application Administration - local file read

Application: SAP NetWeaver Vendor URL: Bugs: Local file read Risk: High Exploits: YES Reported: 14.03.2011 Vendor response: 15.03.2011 Date of Public Advisory: 17.02.2012 Reference: SAP Security Note 1585527 Description SAP NetWeaver 7.0 Application Administration com.sap.ipc.webapp.ipc has local...

Joomla! Component com_xcloner-backupandrestore - Remote Command Execution

!/usr/bin/python Joomla component comxcloner-backupandrestore remote code execution exploit Vendor: http://www.xcloner.com/ "Our true divinity is in our ability to create. And armed with the understanding of the symbiotic connections of life, while being guided by the emergent nature of reality,...

SAP Crystal Report Server 2008 Directory Traversal

Exploit for jsp platform in category web applications Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://sap.com Bugs: Directory Traversal File Read Exploits: YES Reported: 29.03.2010 Vendor response: 30.03.2010 Date of SAPNOTE...

[DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss

XSS vulnerability found in SAP Crystal Report Server 2008 Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://sap.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 04.03.2010 Vendor response: 05.03.2010 Date of SAPNOTE Publishe...

R7-0037: SAP BusinessObjects Axis2 Default Admin Password

R7-0037: SAP BusinessObjects Axis2 Default Admin Password October 13th, 2010 Description: The SAP BusinessObjects product contains a module dswsbobje.war which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port...

Rapid7 Security Advisory 37

R7-0037: SAP BusinessObjects Axis2 Default Admin Password October 13th, 2010 Description: The SAP BusinessObjects product contains a module dswsbobje.war which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port...

SAP BusinessObjects Axis2 Default Admin Password

Overview The Axis2 component of SAP BusinessObjects contains a default administrator account and password. Description The SAP BusinessObjects product contains a module dswsbobje.war which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone...

SAP Netweaver 6.4 - 7.0 Cross Site Scripting

Digital Security Research Group DSecRG Advisory DSECRG-09-040 Application: SAP Netweaver Versions Affected: Version 6.4 - 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 26.05.2009 Vendor response: 27.05.2009 Date of Public Advisory: 13.07.2010 CVE-number: Author: Alexandr Polyak...

SAP NetWeaver Workflow Modeler - Multiple XSS

Application: SAP NetWeaver Workflow Modeler Versions Affected: SAP NetWeaver NW2004s SP6 Workflow Modeler Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 06.08.2010 Vendor response: 07.08.2010 Date of Public Advisory: 12.02.2014 Reference: SAP Security Note 1860923 Author:...

LDAP Group Enumeration

By using the search base gathered by plugin ID 25701, Nessus was able to enumerate the list of groups in the remote LDAP directory. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid45477; scriptversion"$Revision: 1.4 $"; scriptcvsdate"$Date: 2017/01/26 18:40:45 $";...

SAP Crystal Reports 2008 — actionNavjsp_xss

Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 04.03.2010 Vendor response: 05.03.2010 Date of SAP Security Note Published: 08.10.2010 Date of Public Advisory:...

SAP Crystal Reports 2008 — Directory Traversal

Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Directory Traversal File Read Exploits: YES Reported: 29.03.2010 Vendor response: 30.03.2010 Date of SAP Security Note Published: 08.10.2010 Date of Public Advisory:...