15 matches found
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection
Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTCREFRESHCHECKENV 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information...
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault Keystream Recovery 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device would be able to decrypt...
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device...
SAP BusinessObjects Explorer 14.0.5 Information Disclosure
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Potential information disclosure relating to SBOP Explorer Risk: Medium Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note:...
SAP AG SAPgui EAI WebViewer3D Buffer Overflow
No description provided by source. $Id: sapguisaveviewtosessionfile.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...
SAP AG SAPgui EAI WebViewer3D - Remote Buffer Overflow (Metasploit)
$Id: sapguisaveviewtosessionfile.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
SAP MaxDB Detection
This host is running SAP MaxDB. MaxDB is an ANSI SQL-92 entry level compliant relational database management system RDBMS from SAP AG. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SAP AG SAPgui sapirrfc.dll ActiveX控件缓冲区溢出漏洞
BUGTRAQ ID: 35256 SAPgui是SAP软件的图形用户界面客户端。 SAP GUI所捆绑的SAPIrRfc ActiveX组件(sapirrfc.dll,GUID = F6908F83-ADA6-11D0-87AA-00AA00198702)没有正确的验证用户对Accept函数所传送的参数。如果用户受骗访问了恶意网页并向该函数传送了超长参数的话,就可能触发缓冲区溢出,导致在目标系统上执行任意代码。 SAP Sapgui 6.4 厂商补丁: SAP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2007-4475
Stack-based buffer overflow in EAI WebViewer3D ActiveX control webviewer3d.dll in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method...
CVE-2007-4475
Stack-based buffer overflow in EAI WebViewer3D ActiveX control webviewer3d.dll in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method...
SAP AG SAPgui mdrmsap.dll ActiveX控件远程代码执行漏洞
BUGTRAQ ID: 32186 CVECAN ID: CVE-2008-4387 SAPgui是SAP软件的图形用户界面客户端。 SAPgui的一个组件提供名为MDrmSap的ActiveX控件(mdrmsap.dll)。该控件没有正确地验证某些用户输入参数,如果用户使用IE打开了恶意HTML文档并试图实例化该控件,就会导致浏览器崩溃或执行任意代码。 SAP Sapgui 临时解决方法: 在IE中禁用MDrmSap ActiveX控件,为以下CLSID设置kill bit: B01952B0-AF66-11D1-B10D-0060086F6D97 或将以下文本保存为.REG文件并导入...
DSquare Exploit Pack: D2SEC_SAPGUI
Name| d2secsapgui ---|--- CVE| CVE-2008-4387 Exploit Pack| D2ExploitPack Description| SAP AG SAPgui mdrmsap.dll ActiveX Stack Overflow Notes|...
SAP AG SAPgui MDrmSap ActiveX control code execution vulnerability
Overview The MDrmSap ActiveX control, which is provide with the SAP AG SAPgui software, contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAPgui is a graphical user interface client for SAP software. One of the...
DSquare Exploit Pack: D2SEC_SAPLPD
Name| d2secsaplpd ---|--- CVE| CVE-2008-0621 Exploit Pack| D2ExploitPack Description| SAP AG SAPlpd 6.28 Stack Overflow Notes|...
SAP R/3 Web Application Server Demo for Linux: root exploit
Topic: SAP R/3 Web Application Server Demo for Linux: root exploit Module: /usr/sap/WAS/SYS/exe/run/saposcol Announced: 2001-04-29 Affects: WAS demo as released on CeBit Vendor: 1SAP AG, Walldorf, Germany Vendor-Status: informed 2001-04-09 acknoledged 2001-04-10 workaround specified 2001-04-17...