EUVD-2008-4368

Malware in sbrugna...

CVE-2024-27902 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

SapLPD 7.4.0 Denial Of Service

Exploit Title: SAPlpd 7.40 Denial of Service Date: 2016-12-28 Exploit Author: Peter Baris Exploit code: http://saptech-erp.com.au/resources/saplpddos.zip Version: 7.40 all patch levels as a part of SAPGui 7.40 Tested on: Windows Server 2008 R2 x64, Windows 7 Pro x64 import socket Opcodes 03h and...

SapLPD 7.40 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: SAPlpd 7.40 Denial of Service Date: 2016-12-28 Exploit Author: Peter Baris Exploit code: http://saptech-erp.com.au/resources/saplpddos.zip Version: 7.40 all patch levels as a part of SAPGui 7.40 Tested on: Windows Server 2008 R2 x6...

CVE-2016-9832

PricewaterhouseCoopers PwC ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via 1 SAPGUI or 2 Internet Communication Framework ICF over HTTP or HTTPS, as demonstrated by WEBGUI or Report...

SAP AG SAPgui EAI WebViewer3D Buffer Overflow

No description provided by source. $Id: sapguisaveviewtosessionfile.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

SAP GUI VSFlexGrid.VSFlexGridL sp <= 14 - Buffer Overflow

No description provided by source. Application: SAP GUI VSFlexGrid.VSFlexGridL Part of SAP GUI, SAP BO 2005, SAP BO 2007 Versions Affected: SAP GUI VSFlexGrid Activex Control sp=14 Vendor URL: http://SAP.com Bugs: Buffer Overflovw Exploits: YES Reported: 26.11.2008 Vendor response: 27.11.208 Publ...

SapGUI BI 7100.1.400.8 - Heap Corruption Exploit

No description provided by source. !-- Product: SapGUI BI File: c:\program files\sap\business explorer\bi\wadmxhtml.dl Version: 7100.1.400.8 ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for...

SAP GUI — Buffer overflow

Application: SAP GUI Versions Affected: 7.1, 7.2 Vendor URL: http://www.sap.com Bugs: Buffer Overflow Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 12.04.2011 Author: Dmitry Chastuhin Description Attacker can construct saplogon.ini file which contains vulnerable tag...

SapGUI BI 7100.1.400.8 - Heap Corruption

var buf = ''; while buf.length 64 buf += unescape"%u0a05"; function Check // windows/exec - 557 bytes // http://www.metasploit.com // Encoder: x86/alphamixed // EXITFUNC=process, CMD=c:\windows\system32\calc.exe var shellcode =...

SapGUI BI 7100.1.400.8 Heap Corruption

var buf = ''; while buf.length 64 buf += unescape"%u0a05"; function Check // windows/exec - 557 bytes // http://www.metasploit.com // Encoder: x86/alphamixed // EXITFUNC=process, CMD=c:\windows\system32\calc.exe var shellcode =...

SapGUI BI 7100.1.400.8 - Heap Corruption

SapGUI BI 7100.1.400.8 - Heap Corruption var buf = ''; while buf.length 64 buf += unescape"%u0a05"; function Check // windows/exec - 557 bytes // http://www.metasploit.com // Encoder: x86/alphamixed // EXITFUNC=process, CMD=c:\windows\system32\calc.exe var shellcode =...

SapGUI BI v7100.1.400.8 Heap Corruption Exploit

Exploit for windows platform in category remote exploits =============================================== SapGUI BI v7100.1.400.8 Heap Corruption Exploit =============================================== var buf = ''; while buf.length 64 buf += unescape"%u0a05"; function Check // windows/exec - 557...

SAP AG SAPgui EAI WebViewer3D - Remote Buffer Overflow (Metasploit)

$Id: sapguisaveviewtosessionfile.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

SAP AG SAPgui EAI WebViewer3D Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'SAP AG SAPgui EAI...

SAP GUI VSFlexGrid Active-X Buffer Overflow

Application: SAP GUI VSFlexGrid.VSFlexGridL Part of SAP GUI, SAP BO 2005, SAP BO 2007 Versions Affected: SAP GUI VSFlexGrid Activex Control sp=14 Vendor URL: http://SAP.com Bugs: Buffer Overflovw Exploits: YES Reported: 26.11.2008 Vendor response: 27.11.208 Public Advisory: 06.10.2009 Originaly...

SAPgui WebViewer2D.dll ActiveX控件任意文件覆盖漏洞

SAPgui是SAP软件的图形用户界面客户端。 SAP GUI所捆绑的EAI WebViewer2D ActiveX组件（WebViewer2D.dll，GUID = A76CEBEE-7364-11D2-AA6B-00E02924C34E）没有正确地验证用户对SaveToSessionFile函数所传送的参数。如果用户受骗访问了恶意网页并向该函数传送了超长参数的话，就可能覆盖任意系统文件。 SAP Sapgui 7.1 SAP Sapgui 6.4 厂商补丁： SAP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

SAP SAPgui SAPIrRfc ActiveX (sapirrfc.dll) Accept Function Overflow

The remote host contains the 'SAPIrRfc' ActiveX control included with SAP GUI version 6.40 for Windows. This control is reportedly affected by a heap-based overflow involving the 'Accept' method of 'IRfcServer' interface of the 'SAPIrRfc' control. If an attacker can trick a user on the affected...

SAP AG SAPgui sapirrfc.dll ActiveX控件缓冲区溢出漏洞

BUGTRAQ ID: 35256 SAPgui是SAP软件的图形用户界面客户端。 SAP GUI所捆绑的SAPIrRfc ActiveX组件（sapirrfc.dll，GUID = F6908F83-ADA6-11D0-87AA-00AA00198702）没有正确的验证用户对Accept函数所传送的参数。如果用户受骗访问了恶意网页并向该函数传送了超长参数的话，就可能触发缓冲区溢出，导致在目标系统上执行任意代码。 SAP Sapgui 6.4 厂商补丁： SAP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

SAPgui EAI WebViewer3D ActiveX control SaveViewToSessionFile buffer overflow

Added: 04/07/2009 CVE: CVE-2007-4475 BID: 34310 OSVDB: 53066 Background SAPgui for Windows registers the EAI WebViewer3D ActiveX control. Problem A buffer overflow vulnerability in the EAI WebViewer3D ActiveX control allows command execution when a user loads a web page which invokes the...