29 matches found
EUVD-2001-0363
Malware in sbrugna...
EUVD-2003-1025
Malware in sbrugna...
EUVD-2019-1084
Malware in sbrugna...
EUVD-2002-1558
Malware in sbrugna...
EUVD-2018-14291
Malware in sbrugna...
EUVD-2002-1559
Malware in sbrugna...
CVE-2019-0311
Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...
Cross site scripting
Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...
CVE-2019-0311
Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...
CVE-2018-2436
Executing transaction WRCK in SAP R/3 Enterprise Retail EHP6 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...
Cain & Abel v4.9.43 Released
Cain & Abel v4.9.43 Released Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing passwor...
Cain & Abel v4.9.43 Released
Cain & Abel v4.9.43 Released Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing passwor...
CYBSEC Release: SAP Security - Paper & Tool release
I am proud to announce the release of a White-paper and an open-source tool, both addressing security of SAP R/3 systems. The paper describes vulnerabilities discovered in the SAP RFC interface implementation and library, as well as some attacks that can be performed over SAP systems. The tool,...
SAP Internet Graphics Server远程缓冲区溢出漏洞
SAP Internet Graphics Server是SAP R/3企业环境的一个组件,可提供图形服务。 SAP Internet Graphics Server不正确处理用户提交的HTTP请求,远程攻击者可以利用漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。 目前没有详细漏洞细节提供,成功利用漏洞可导致在UNIX系统下获得SAP系统管理员特权,而在windows下可导致获得SYSTEM权限。 SAP Internet Graphics Server 6.40 Patch 11 SAP Internet Graphics Server 6.40 SAP Internet...
r3mote_unix_UDPexec.pl.txt
!/usr/bin/perl -w use IO::Socket; Unix version of the FX SAP R/3 gwrd vuln. We partially control a call to excve made by lnaxdm/sapsys Easily exploitable with local access Could be done remotely under some conditions 2003, FX of Phenoelit Win32 original code 2005, Nicob Unix version $|=1; die "Gi...
SAP R/3 Internet Graphics Server directory traversal
Directory traversal on accesing htdocs folder...
CVE-2002-1578
The default installation of SAP R/3, when using Oracle and SQLnet V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected...
CVE-2003-1035
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does...
CVE-2002-1577
SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the 1 SAP, 2 SAPCPIC, 3 DDIC, 4 EARLYWATCH, or 5 TMSADM accounts...
CVE-2002-1577
SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the 1 SAP, 2 SAPCPIC, 3 DDIC, 4 EARLYWATCH, or 5 TMSADM accounts...