769 matches found
Code injection
The 1 SAPBASIS and 2 SAPABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621...
CVE-2016-7435
The 1 SCTCREFRESHEXPORTTABCOMP, 2 SCTCREFRESHCHECKENV, and 3 SCTCTMSMAINTAINALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security...
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection Vulnerability
Exploit for windows platform in category remote exploits Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTCREFRESHEXPORTTABCOMP 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the...
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection Vulnerability
Exploit for windows platform in category remote exploits Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTCREFRESHCHECKENV 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system...
SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection Vulnerability
Exploit for windows platform in category remote exploits Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTCTMSMAINTAINALOG 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system...
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection
Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTCREFRESHEXPORTTABCOMP 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information...
CVE-2016-6146
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226...
CVE-2016-6146
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226...
CVE-2016-6137
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591...
Information disclosure
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226...
Design/Logic Flaw
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591...
CVE-2016-6137
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591...
CVE-2016-6137
SAP TREX 7.10 Revision 63 is affected by CVE-2016-6137, a remote command execution vulnerability stemming from an unspecified function that enables arbitrary OS command execution via unknown vectors (aka SAP Security Note 2203591). The public documents do not reveal the exact vulnerable component...
CVE-2016-6142
SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459...
Design/Logic Flaw
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...
Code injection
SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459...
CVE-2016-3639
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...
CVE-2016-6142
Vulnerability summary (CVE-2016-6142): SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) is susceptible to remote injection of arbitrary audit-trail fields into the SYSLOG via SQL protocol-related vectors (as described by SAP Security Note 2197459). Affected component is SAP HANA DB; root cause involv...
CVE-2016-3639
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...
CVE-2016-6142
SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459...