3118 matches found
CVE-2017-9289
CVE-2017-9289 affects Bram Korsten Note up to version 1.2.0, with a reflected XSS in the file note-source/ui/editor.php (edit parameter). The connected documents corroborate a cross-site scripting vulnerability in Bram Korsten Note 1.2.0 and earlier. The description does not provide concrete reme...
CVE-2017-9289
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php edit parameter...
Xxe
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...
CVE-2016-6256
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...
CVE-2016-6256
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...
CVE-2017-8913
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...
CVE-2017-8914
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...
CVE-2017-8913
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...
CVE-2017-8915
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...
Code injection
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...
Code injection
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...
Xxe
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...
CVE-2017-8914
CVE-2017-8914 affects SAP HANA XS Sinopia (HDB 1.00 and 2.00). The root cause is an insecure default user-creation policy in Sinopia, enabling remote attackers to hijack npm packages or host arbitrary files. Public disclosures reference ERPScan and SAP Security Note 2407694; the advisory describe...
CVE-2017-8915
CVE-2017-8915 affects SAP HANA XS sinopia npm registry (HDB 1.00 and 2.00). The issue arises when a package is pushed with a filename containing a '$' or '%' character, triggering an assertion failure in storage logic and causing a denial-of-service (service crash). Exploitation details are docum...
CVE-2017-8914
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...
CVE-2017-8915
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...
CVE-2017-8913
The CVE-2017-8913 vulnerability affects SAP NetWeaver AS JAVA 7.5, specifically the Visual Composer VC70RUNTIME component. Affected files/components include VC70RUNTIME (7.30–7.50) and VCFRAMEWORK/VCFLEX7.00 as listed in public advisories. The issue is an XML External Entity (XXE) vulnerability t...
XSS in SAP NetWeaver AS Java SRM
Application: SAP SRM Versions Affected: SAP SRM 701 – 714 Vendor URL: SAP Bug: XSS Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 08.08.2017 Reference: SAP Security Note 2493099 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium Impact:...
Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution (MS17-010)
Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb from struct import pack import sys import socket ''' EternalBlue exploit for Windows 7/2008 by sleepya The exploit might FAIL and CRASH a target system depended on what is...
Log injection in SAP NetWeaver AS Java using basic auth
Application: SAP NetWeaver AS Java Versions Affected: ENGINEAPI 7.10-7.50 Vendor URL: SAP Bug: Log Injection Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2485208 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...