18 matches found
EUVD-2013-3181
Malware in sbrugna...
CVE-2013-3244
Multiple unspecified vulnerabilities in the CJDBFILLMEMORYFROMPPB function in the Project System PS-IS module for SAP ERP Central Component ECC allow remote attackers to execute arbitrary code via a 1 RFC or 2 SOAP-RFC request...
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
SAP SOAP RFC EPS_GET_DIRECTORY_LISTING Directories Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
CVE-2013-3678
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance GRC allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted 1 RFC or 2 SOAP-RFC request...
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based...
CVE-2013-3244
Multiple unspecified vulnerabilities in the CJDBFILLMEMORYFROMPPB function in the Project System PS-IS module for SAP ERP Central Component ECC allow remote attackers to execute arbitrary code via a 1 RFC or 2 SOAP-RFC request...
Cross site request forgery (csrf)
Multiple unspecified vulnerabilities in the CJDBFILLMEMORYFROMPPB function in the Project System PS-IS module for SAP ERP Central Component ECC allow remote attackers to execute arbitrary code via a 1 RFC or 2 SOAP-RFC request...
CVE-2013-3244
Multiple unspecified vulnerabilities in the CJDBFILLMEMORYFROMPPB function in the Project System PS-IS module for SAP ERP Central Component ECC allow remote attackers to execute arbitrary code via a 1 RFC or 2 SOAP-RFC request...
SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution
Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...
SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution
Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...
SAP NetWeaver SOAP RFC SXPG_CALL_SYSTEM Command Execution
Added: 06/03/2013 OSVDB: 93537 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Remote Function Call RFC is the standard SAP interface for communication between SAP systems. Transaction SM69 is used to create and maintain external operating...
SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...
SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
This module abuses the SAP NetWeaver SXPGCOMMANDEXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64-bit and Linux 64-bi...
SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
This module abuses the SAP NetWeaver SXPGCALLSYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64-bit and Linux 64-bit...
SAP SOAP RFC PFL_CHECK_OS_FILE_EXISTENCE File Existence Check
This module abuses the SAP NetWeaver PFLCHECKOSFILEEXISTENCE function, on the SAP SOAP RFC Service, to check for files existence on the remote file system. The module can also be used to capture SMB hashes by using a fake SMB share as FILEPATH. This module requires Metasploit:...