CVE-2016-6140

SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591...

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

Microsoft Windows PowerShell Execution Policy

Nessus was able to collect and report the PowerShell execution policy for the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92367; scriptversion"1.6";...

Recycle Bin Files

Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92429; scriptversion"1.6"; scriptcvsdate"Date: 2018/11/15 20:50:27"; scriptnameenglish:"Recycle Bin Files"; scriptsummaryenglish:"Repo...

SAP NetWeaver AS JAVA 7.5 Information Disclosure

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: information disclosure Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn...

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016...

SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP...

SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016...

SAP NetWeaver AS JAVA 7.1 &lt; 7.5 - &#039;ctcprotocol Servlet&#039; XML External Entity

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2235994 Author: Vahagn Vardanyan ERPScan...

SAP NetWeaver Java 7.5 XXE

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2347439 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact: Denial of...

SAP NetWeaver AS JAVA 7.5 Directory Traversal

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2234971 Author: Vahagn...

SAP NetWeaver AS JAVA 7.5 Cross Site Scripting

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XSS Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan ERPScan...

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

SAP NetWeaver AS Java getUserUddiElements SQL Injection

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java ES UDDI 7.11 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 17.06.2016 Vendor response: 17.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2356504 Author: Vahagn Vardanyan ERPScan VULNERABILI...

SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection

SAP NetWeaver AS JAVA 7.1 7.5 - SQL Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP...

SAP NetWeaver AS JAVA 7.1 < 7.5 - SQL Injection

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016...

SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure

Exploit for java platform in category web applications Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: information disclosure Sent: 15.09.2015 Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016...

SAP NetWeaver AS JAVA 7.1 &lt; 7.5 - SQL Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan...

SAP xMII 15.0 - Directory Traversal

Exploit for php platform in category web applications Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 22309...

SAP xMII 15.0 - Directory Traversal

SAP xMII 15.0 - Directory Traversal Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry...