769 matches found
SAP NetWeaver Message Server – DoS
Application: SAP NetWeaver Message Server Versions Affected: SAP KERNEL 7.20 32BIT Vendor URL: http://www.sap.com Bugs: Improper Input Validation Exploits: PoC Reported: 10.07.2013 Vendor response: 11.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1773912 Author: George...
SAP CRM crm_flex_data - XXE
Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...
SAP NetWeaver ECATT_DISPLAY_XMLSTRING_REMOTE - XXE
Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.31, probably others Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 20.01.2015 Reference: SAP Security Note 2016638 Authors: Nikolay...
SAP CRM gwsync - XXE
Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1917054 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:N 5.0 Authors: Alexey Tyurin, Nikolay...
SAP Portal - Unvalidated redirect
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...
SAP Portal WebDynPro - Path disclosure
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1852146 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:...
SAP NetWeaver J2EE DAS service - Unauthorized Access
Application: SAP NetWeaver JAVA Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.07.2015 Reference: SAP Security Note 1945215 Authors: Alexander Polyakov ERPScan VULNERABILITY INFORMATION Class: Unauthorized Acce...
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date...
SAP NetWeaver Message Server - Multiple Vulnerabilities
SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...
SAP NetWeaver ABAD0_DELETE_DERIVATION_TABLE - SQL Injection
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 25.01.2013 Vendor response: 26.01.2013 Date of Public Advisory: 30.08.2013 Reference: SAP Security Note 1840249 Author: Nikolay Mescheri...
SAP NetWeaver PFL - SMB Relay
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: NO Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 09.04.2013 Date of Public Advisory: 20.04.2013 Reference: SAP...
SAP NetWeaver BAPI - SMB Relay vulnerability
Application: SAP NetWeaver ABAP Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...
SAP NetWeaver DI - Arbitrary file upload
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Arbitrary file upload/Security bypass Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...
SAP NetWeaver SDM Admin - information disclosure
Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPSc...
SAP NetWeaver Mobile - XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: XSS Exploits: no Reported: 10.02.2012 Vendor response: 10.03.2012 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1669031 Author: Alexander Polyakov ERPScan Description SAP NetWeaver...
SAP DevInfPage - Security Bypass
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2013 Date of Public Advisory: 09.07.2013 Reference: SAP Security Note 1831053 Author: Dmitry Chastukhin ERPScan Descripti...
SAP NetWeaver SAPHostControl Command Injection
Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...
SAP NetWeaver SAPHostControl Command Injection
Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...
SAP NetWeaver SAPHostControl Command Injection
Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...
SAP Netweaver Dispatcher 7.0 EHP1/2 Multiple Vulnerabilities
Exploit for multiple platform in category dos / poc 1. Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of...