PT-2017-19211 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP version 7.40 Description: The issue allows remote authenticated users with certain privileges to cause a denial of service, resulting in a process crash. This is achieved through vectors involving disp+work.exe...

Synology Note Station Cross-Site Scripting Vulnerability

Synology Note Station is a cloud-based note management platform from China-based Synology Inc. A cross-site scripting vulnerability exists in Synology Note Station. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML via attached file names or note names...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 note title or 2 file name of attachments...

CVE-2015-9103

Multiple cross-site scripting XSS vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 note title or 2 file name of attachments...

CVE-2015-9103

Multiple cross-site scripting XSS vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 note title or 2 file name of attachments...

CVE-2015-9103

Synology Note Station 1.1-0212 and earlier are affected by cross-site scripting (XSS) via (1) note title or (2) attachment file name. Remote authenticated attackers can inject script; impact is browser-execution of arbitrary HTML/code. A patch exists: update to Note Station 1.1-0214 or later per ...

The vulnerability of the SAP HANA database management system allows a hacker to execute arbitrary code.

The vulnerability of the SAP HANA database management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using vectors that include audit logs. This is referred to as SAP Security Note 2170806...

Protect Your Organization from Petya / NotPetya Ransomware with Carbon Black

Organizations from Russia to Britain were hit by a ransomware attack on Tuesday in a hack with similarities to the recent WannaCry attacks. Initial analysis showed that the malware seen is a recent variant of the Petya ransomware family based upon how it encrypts files and displays its ransom not...

CSRF in SAP Java CRM

Application: SAP CRM Versions Affected: SAP Java CRM 700-754 Vendor URL: SAP Bug: CSRF Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2478964 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: CSRF Risk: Medium Impac...

XSS in CRM (Administration Console, Java)

Application: SAP Java CRM Versions Affected: SAP Java CRM 700-754 Vendor URL: SAP Bug: XSS Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2478964 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium...

HANA DB credentials exposed to XSA applications

Application: SAP HANA Versions Affected: 1.0 SPS11, SPS12 and 2.0 with XS Advanced Vendor URL: SAP Bug: Information Disclosure Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2508673 Author: Mathieu Geli ERPScan VULNERABILITY...

Metadata Analysis Draws its Own Conclusions on WannaCry Authors

The most intriguing mystery that remains about WannaCry is the identity of the attacker. The theory with the best legs is that North Korea’s Lazarus APT is the entity behind the worldwide ransomware outbreak given the discovery of shared code samples in the malware with older Lazarus attacks. Tha...

McAfee Antivirus Engine Out of Date

McAfee VirusScan, an antivirus application, is installed on the remote host. However, its antivirus engine is out of date and should be upgraded. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid100784; scriptversion"1.3";...

Bram Korsten Note Cross-Site Scripting Vulnerability

Bram Korsten Note is a lightweight php-based content management system developed by Dutch developer Bram Korsten. A cross-site scripting vulnerability exists in the note-source\ui\editor.php file in Bram Korsten Note 1.2.0 and earlier versions. A remote attacker can exploit this vulnerability to...

Cross site scripting

Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php edit parameter...

CVE-2017-9289

Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php edit parameter...

CVE-2017-9289

Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php edit parameter...

CVE-2017-9289

CVE-2017-9289 affects Bram Korsten Note up to version 1.2.0, with a reflected XSS in the file note-source/ui/editor.php (edit parameter). The connected documents corroborate a cross-site scripting vulnerability in Bram Korsten Note 1.2.0 and earlier. The description does not provide concrete reme...

Xxe

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...