16 matches found
EUVD-2021-17107
Malware in sbrugna...
EUVD-2003-1373
Malware in sbrugna...
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning ERP software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 CVSS score: 9.9, was fixed by SAP as part of its monthly updates last month. "SAP...
CVE-2020-6188
VAT Pro-Rata reports in SAP ERP SAPAPPL versions 600, 602, 603, 604, 605, 606, 616 and SAPFIN versions 617, 618, 700, 720, 730 and SAP S/4 HANA versions 100, 101, 102, 103, 104 do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check...
CVE-2024-12812 WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees...
CVE-2025-4530
A vulnerability was found in fenghaha/megagao ssm-erp and productionssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack c...
Zucchetti Ad Hoc Infinity 安全漏洞
Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A security vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4 that stems from improper checking of the mcURL parameter, which could result in a victim being redirected to an attacker-controlled website...
CVE-2024-0913
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...
Aptos Wisal payroll 安全漏洞
Aptos Wisal payroll is an enterprise resource planning ERP solution from Aptos Luxembourg focused on the retail industry. A security vulnerability exists in Aptos Wisal payroll versions prior to 7.1.6 that stems from the use of hard-coded credentials. An attacker exploited the vulnerability to...
Oracle PeopleSoft Security Vulnerabilities Elevate ERP Security
Enterprise resource planning systems are the unexplored continent of vulnerability research, in spite of the fact that these massive, critical business systems support the inner workings of many large corporations and IT organizations. A recent run of bugs in SAP, and a presentation at this week’...
[Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-025: Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource...
IBM Bladecenter Management - Multiple web application vulnerabilities
No description provided by source. DSECRG-09-054 IBM Bladecenter Management - Multiple vulnerabilities The BladeCenter management module is prone to multiple security vulnerabilities: Unauthorized Access, Directory Listing, XSS Digital Security Research Group DSecRG Advisory DSECRG-09-054...
[Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory: Oracle JD Edwards Security Kernel Remote Password Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
DSECRG-11-031 SAP RFC EPSDELETEFILE - Authorisation bypass, smbrelay Security vulnerability was founded in sap EPSDELETEFILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack. Digital Security Research Group...
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability
DSECRG-11-038 SAP RSTXSCRP report - smb relay vulnerability SAP RSTXSCRP Report has path traversal vulnerability which can lead to SMB relay attack and full control on system. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: Path traversal, SMBRelay...
IBM Bladecenter Management - Multiple Web Application Vulnerabilities
IBM Bladecenter Management - Multiple Web Application Vulnerabilities DSECRG-09-054 IBM Bladecenter Management - Multiple vulnerabilities The BladeCenter management module is prone to multiple security vulnerabilities: Unauthorized Access, Directory Listing, XSS Digital Security Research Group...