CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

PT-2023-4087 · Sap · Sap Ecc +1

Name of the Vulnerable Software and Affected Versions: SAP ECC and SAP S/4HANA affected versions not specified Description: The issue is related to a programming error in the function module and report of the IS-OIL component, allowing an authenticated attacker to inject an arbitrary operating...

Oneblog 2.0 Cross Site Scripting

Exploit Title :----------------- : Oneblog v2.0 - postsnew.php - Stored XSS Author :------------------------ : Nassim Asrir Author Company :------------------------ : HenceForth Author Email :------------------------ : [email protected] Google Dork :---------------- : - Date...

OpenDocMan 1.2.6.2 SQL Injection / Access Bypass vulnerabilities

OpenDocMan version 1.2.6.2 suffers from remote SQL injection and multiple access bypass vulnerabilities. 1 - Unprotected id parameter ----------------------------- In check-in.php the id variable is not filtered so that one can put in additional SQL statements. I have been able to get a UNION...