EUVD-2007-1911

Malware in sbrugna...

EUVD-2007-1910

Malware in sbrugna...

EUVD-2007-1909

Malware in sbrugna...

EUVD-2007-1908

Malware in sbrugna...

Malicious code in sap-node-rfc-utils (npm)

The package sap-node-rfc-utils was found to contain malicious code...

SAP RFC SDK — Memory Corruption

Application: RFC SDK SAP AG Versions Affected: RFC SDK 6400-7.20 and SAP GUI 7.10-7.20 Vendor URL: Bugs: Buffer Overflow Exploits: YES Reported: 16.12.2009 Vendor response: 16.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov...

SAP RFC SDK — Format String

Application: RFC SDK SAP AG Versions Affected: RFC SDK 6.40 7.11 Vendor URL: Bugs: Format String Vulnerability Exploits: YES Reported: 15.12.2009 Vendor response: 18.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov Description SAP...

Information disclosure

The RFCSTARTPROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information external RFC server configuration data via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague...

Buffer overflow

Buffer overflow in the RFCSTARTPROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended...

Buffer overflow

Buffer overflow in the SYSTEMCREATEINSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has...

Information disclosure

The RFCSETREGSERVERPROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service client lockout via unspecified vectors. NOTE: This information is based upon a vague...

CVE-2007-1915

Buffer overflow in the RFCSTARTPROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended...

CVE-2007-1917

Buffer overflow in the SYSTEMCREATEINSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has...

Buffer overflow

Buffer overflow in the RFCSTARTGUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended...

CVE-2007-1915

CVE-2007-1915 concerns a buffer overflow in SAP RFC Library (versions 6.40 and 7.00 prior to 20061211) within the RFC_START_PROGRAM function. Reported as allowing remote attackers to execute arbitrary code via unspecified vectors. The description notes this information stems from a vague initial ...

CVE-2007-1915

Buffer overflow in the RFCSTARTPROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended...

CVE-2007-1916

CVE-2007-1916: SAP RFC Library (versions 6.40 and 7.00 prior to 20061211) contains a buffer overflow in the RFC_START_GUI function. This allows remote code execution via unspecified vectors; exact exploit details and affected inputs are not disclosed in the provided documents. The issue is docume...

CYBSEC Release: SAP Security - Paper & Tool release

I am proud to announce the release of a White-paper and an open-source tool, both addressing security of SAP R/3 systems. The paper describes vulnerabilities discovered in the SAP RFC interface implementation and library, as well as some attacks that can be performed over SAP systems. The tool,...

CYBSEC Security Pre-Advisory: SAP RFC_START_GUI RFC Function Buffer Overflow

The following pre-advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-SecurityAdvisorySAPRFCSTARTGUIRFCFunctionBufferOverflow.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: SAP RFCSTARTGUI RFC Function Buffer Overflow ================== Vulnerability...

CYBSEC Security Pre-Advisory: SAP SYSTEM_CREATE_INSTANCE RFC Function Buffer Overflow

----------------------------------------- Mariano Nunez Di Croce CYBSEC S.A. Security Systems Email: [email protected] Tel/Fax: 54-11 4371-4444 Web: http://www.cybsec.com PGP: http://www.cybsec.com/pgp/mnunez.txt ----------------------------------------- The following pre-advisory is also availab...