CVE-2016-6256

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity XXE attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.inWCSX/com.sap.b1i.vplatform.runtime/INBWSCALLSYNCXPT/INBWSCALLSYNCXPT.ipo/proc, aka SAP Security Note 2378065...

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...

CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...

CVE-2017-8915

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...

Code injection

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...

Code injection

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

Xxe

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...

CVE-2017-8914

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694...

CVE-2017-8914

CVE-2017-8914 affects SAP HANA XS Sinopia (HDB 1.00 and 2.00). The root cause is an insecure default user-creation policy in Sinopia, enabling remote attackers to hijack npm packages or host arbitrary files. Public disclosures reference ERPScan and SAP Security Note 2407694; the advisory describe...

CVE-2017-8915

CVE-2017-8915 affects SAP HANA XS sinopia npm registry (HDB 1.00 and 2.00). The issue arises when a package is pushed with a filename containing a '$' or '%' character, triggering an assertion failure in storage logic and causing a denial-of-service (service crash). Exploitation details are docum...

CVE-2017-8913

The CVE-2017-8913 vulnerability affects SAP NetWeaver AS JAVA 7.5, specifically the Visual Composer VC70RUNTIME component. Affected files/components include VC70RUNTIME (7.30–7.50) and VCFRAMEWORK/VCFLEX7.00 as listed in public advisories. The issue is an XML External Entity (XXE) vulnerability t...

CVE-2017-8915

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service assertion failure and service crash by pushing a package with a filename containing a $ dollar sign or % percent character, aka SAP Security Note 2407694...

Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution (MS17-010)

Microsoft Windows 72008 R2 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb from struct import pack import sys import socket ''' EternalBlue exploit for Windows 7/2008 by sleepya The exploit might FAIL and CRASH a target system depended on what is...

Log injection in SAP NetWeaver AS Java using basic auth

Application: SAP NetWeaver AS Java Versions Affected: ENGINEAPI 7.10-7.50 Vendor URL: SAP Bug: Log Injection Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2485208 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

XSS in SAP NetWeaver AS Java SRM

Application: SAP SRM Versions Affected: SAP SRM 701 – 714 Vendor URL: SAP Bug: XSS Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 08.08.2017 Reference: SAP Security Note 2493099 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium Impact:...

Insecure log configuration in TREX

Application: SAP TREX Versions Affected: SAP TREX 7.1-7.25 Vendor URL: SAP Bug: Information disclosure Reported: 16.05.2017 Vendor response: 17.05.2017 Date of Public Advisory: 12.09.2017 Reference: SAP Security Note 2489196 Author: Nursultan Abubakirov ERPScan VULNERABILITY INFORMATION Class:...

Denial of Service in Enqueue server

Application: SAP Enqueue Versions Affected: 7490.17.26.5735 Vendor URL: SAP Bug: DoS Reported: 16.05.2017 Vendor response: 17.05.2017 Date of Public Advisory: 10.10.2017 Reference: SAP Security Note 2476937 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: Denial of Service Risk:...

SAP POS Missing Authentication in XpressServer

Application: SAP POS Xpress Server Vendor URL: SAP Bug: Missing Authentication Check Reported: 15.05.2017 Vendor response: 16.05.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: Missing Authentication...

Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review ...