205 matches found
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...
SAP Web Application Server crossite scripting
Crossite scripting with /sap/bc/gui/sap/its/webgui/...
CYBSEC-SAPBC2.txt
The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryArbitraryFileReadorDeleteinSAPBC.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Arbitrary File Read/Delete in SAP BC Business Connector Vulnerability Class: Improper Input...
CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC
The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityPre-AdvisoryPhishingVectorinSAPBC.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Phishing Vector in SAP BC Business Connector Vulnerability Class: Phishing Vector / Improper Input...