5 matches found
EnjoySAP SAP GUI - ActiveX Control Arbitrary File Download (Metasploit)
$Id: enjoysapguicompdownload.rb 11189 2010-12-01 03:18:05Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
EnjoySAP SAP GUI ActiveX Control Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'EnjoySAP SAP...
SAP GUI unauthorized access
KWEdit ActiveX has unsafe SaveDocumentAs method...
SAP GUI KWEdit ActiveX控件不安全SaveDocumentAs()调用漏洞
BUGTRAQ ID: 34524 CVECAN ID: CVE-2008-4830 SAPgui是SAP软件的图形用户界面客户端。 SAPgui所捆绑的KWEdit ActiveX控件(KWEDIT.DLL)提供了不安全的SaveDocumentAs函数。如果用户受骗访问了恶意网页的话,该函数可能将 HTML文档保存到指定的位置。如果结合OpenDocument方式的话,远程攻击者就可以泄露任意文件的内容,或在用户系统上执行任意代码。 SAP Sapgui 7.10 Patch 5 SAP Sapgui 6.40 Patch 29 SAP ---...
EnjoySAP SAP GUI ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in SAP KWEdit ActiveX Control kwedit.dll 6400.1.1.41 provided by EnjoySAP GUI. By sending an overly long string to the "PrepareToPostHTML" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...