18 matches found
EUVD-2015-2905
Malware in sbrugna...
SAP Management Console Brute Force
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console Brute Force', 'Description' = %q This module simply attempts to brute force the username and password for the SAP Manageme...
CVE-2019-0345
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...
Server side request forgery (ssrf)
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...
CVE-2019-0345
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...
SAP Management Console List Config Files
This module attempts to list the config files through the SAP Management Console SOAP Interface. Returns a list of config files found in the SAP configuration with its absolute paths inside the server filesystem. This module requires Metasploit: https://metasploit.com/download Current source:...
Design/Logic Flaw
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768...
CVE-2015-2817
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768...
SAP Management Console OSExecute Payload Execution
No description provided by source. $Id: sapmgmtconosexecpayload.rb 14048 2011-10-24 16:42:07Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
SAP Management Console Detection
The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
SAP Management Console OSExecute Payload Execution
This module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password for the SAP Management Console must be provided. This module has been tested successfully on both Windows and Linux platforms running SAP Netweaver. In order to exploit a Lin...
SAP Management Console OSExecute Payload Execution
Exploit for php platform in category web applications $Id: sapmgmtconosexecpayload.rb 14048 2011-10-24 16:42:07Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informati...
SAP Management Console OSExecute
This module allows execution of operating system commands through the SAP Management Console SOAP Interface. A valid username and password must be provided. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
SAP Management Console Get Process Parameters
This module simply attempts to output a SAP process parameters and configuration settings through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP...
SAP Management Console Brute Force
This module simply attempts to brute force the username and password for the SAP Management Console SOAP Interface. If the SAPSID value is set it will replace instances of in any user/pass from any wordlist. This module requires Metasploit: https://metasploit.com/download Current source:...
SAP Management Console Get Logfile
This module simply attempts to download available logfiles and developer tracefiles through the SAP Management Console SOAP Interface. Please use the sapmgmtconlistlogfiles extension to view a list of available files. This module requires Metasploit: https://metasploit.com/download Current source...
SAP Management Console Instance Properties
This module simply attempts to identify the instance properties through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console Instanc...
SAP Management Console security vulnerabilities
Information leakage, DoS...