Lucene search
K
ErpscanMost viewed

291 matches found

erpscan
erpscan
added 2011/08/04 12:0 a.m.16 views

SAP Netweaver - XML Entity Expansion DOS

Application: SAP NetWeaver Vendor URL: Bugs: DOS Risk: High Exploits: YES Reported: 08.04.2011 Vendor response: 10.04.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1594475 Author: Alexey Tyurin ERPScan Description SAP Netweaver – XML Entity Expansion It...

0.8AI score
Exploits0
erpscan
erpscan
added 2011/07/30 12:0 a.m.16 views

SAP NetWeaver servlet JavaDumpService - Multiple XSS

Application: SAP NetWeaver JavaDumpService Versions Affected: SAP NetWeaver JavaDumpService Vendor URL: Bugs: XSS Exploits: YES Reported: 30.07.2011 Vendor response: 02.08.2011 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1828801 CVSS: AV:N/AC:M/AU:N/C:N/I:P/A:N 4.3 Author:...

0.1AI score
Exploits0
erpscan
erpscan
added 2010/09/06 12:0 a.m.16 views

NetWeaver BCB – Missing Authorization / Information disclosure

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Business Communication Broker Vendor URL: http://www.sap.com Bugs: Information disclose Reported:09.06.2010 Vendor response: 10.06.2010 Date of Public Advisory: 17.06.2011 CVSS: 7.5 Reported:01.04.2010 Vendor response:02.04.2010 Date of...

0.3AI score
Exploits0
erpscan
erpscan
added 2010/09/03 12:0 a.m.16 views

SAP Crystal Reports 2008 — ActiveX Insecure Methods

Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Exploits: YES Bugs: Insecure methods Reported: 09.03.2010 Vendor response: 10.03.2010 Date of SAP Security Note Published: 8.10.2010 Date of Public Advisory: 14.01.2011...

7.5AI score
Exploits0
erpscan
erpscan
added 2010/08/20 12:0 a.m.16 views

SAP NetWeaver - Unauthorized logon page

Application: SAP NetWeaver Versions Affected: 7.00 7.0014.20050509144048.0000 Vendor URL: http://www.sap.com Bugs: Missing Authorization Check Exploits: NO Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 12.02.2014 Reference: SAP Security Note 1860923 Author: Alexander...

0.5AI score
Exploits0
erpscan
erpscan
added 2010/08/20 12:0 a.m.16 views

SAP NetWeaver J2EE Engine - Authentication bypass

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 17.06.2011 CVSS: 9.0 Author:Alexander Polyakov Description Authentication bypass vulnerability in SAP NetWeav...

1.6AI score
Exploits0
erpscan
erpscan
added 2010/05/02 12:0 a.m.16 views

SAP NetWeaver XSS Vulnerability in ICF

Application: SAP NetWeaver Versions Affected: SAP BASIS 6.4-7.2 Vendor URL: Bugs: Buffer Overflow Exploits: XSS Reported: 05.02.2010 Date of Public Advisory: 15.09.2010 Author: Alexey Sintsov Description SAP NetWeaver ICF BSP has linked XSS vulnerability. The vulnerability was found at...

6.2AI score
Exploits0
erpscan
erpscan
added 2009/02/07 12:0 a.m.16 views

SAP GUI 7.1 WebViewer3D ActiveX — Insecure Methods

Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: Bugs: Insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Date of Public Advisory: 28.09.2009 Author: Alexandr Polyakov Description SAP G...

0.3AI score
Exploits0
erpscan
erpscan
added 2015/04/12 12:0 a.m.15 views

SAP NetWeaver directory creation outside of the JVM

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan VULNERABILITY...

7.3AI score
Exploits0
erpscan
erpscan
added 2015/01/09 12:0 a.m.15 views

SAP NetWeaver 7.4 - cryptographic issues

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: cryptographic issues Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2191290 Author: Vahagn Vardanyan ERPScan VULNERABILITY...

Exploits0
erpscan
erpscan
added 2015/01/09 12:0 a.m.15 views

SAP NetWeaver 7.4 (Pmitest servlet) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2234918 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

0.2AI score
Exploits0
erpscan
erpscan
added 2013/09/07 12:0 a.m.15 views

SAP CRM crm_flex_data - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...

0.9AI score
Exploits0
erpscan
erpscan
added 2011/03/14 12:0 a.m.15 views

SAP BW Doc - Multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 14.03.2011 Vendor response:16.03.2011 Date of Public Advisory:11.11.2011 CVSS: 4.3 Author: Alexandr Polyakov and Dmitriy Chastuchin Description BW DOC...

6.5AI score
Exploits0
erpscan
erpscan
added 2010/09/06 12:0 a.m.15 views

SAP NetWeaver SLD - Information Disclosure

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Information disclose Exploits: YES Reported: 09.06.2010 Vendor response: 10.06.2010 Date of Public Advisory: 17.06.2011 CVSS: 5.0 Author:Alexander Polyakov Description Information disclosure...

0.3AI score
Exploits0
erpscan
erpscan
added 2010/01/25 12:0 a.m.15 views

SAP NetWeaver ExchangeProfile — XSS

Application: SAP NetWeaver Versions Affected:SAP NetWeaver SLD ExchangeProfile application 6.40-7.30 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexandr Polyakov...

6.1AI score
Exploits0
erpscan
erpscan
added 2010/01/04 12:0 a.m.15 views

SAP NetWeaver Component Build Service — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver JDI 6.4 SP23-26 Vendor URL: Bugs: XSS Exploits: YES Reported: 01.04.2010 Vendor response: 02.04.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Dmitriy Evdokimov Description SAP NetWeaver...

6.1AI score
Exploits0
erpscan
erpscan
added 2009/10/16 12:0 a.m.15 views

SAP GUI 7.1 — Insecure Method, Code execution

Application: SAP GUI Versions Affected: SAP GUI SAP GUI 7.1 Vendor URL: Bugs: Insecure method, Code Execution Exploits: YES Reported: 16.10.2009 Vendor response: 27.10.2009 Date of Public Advisory: 23.03.2010 Author: Sintsov Alexey Description Insecure method was founded in SAPBExCommonResources...

0.8AI score
Exploits0
erpscan
erpscan
added 2009/03/18 12:0 a.m.15 views

Oracle BEA Weblogic — Linked ХSS vulnerability

Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: Bugs:Linked XSS Vulnerability Exploits:YES Reported:18.03.2009 Vendor response:19.03.2009 Description: XSS in Search Date of Public Advisory: 16.07.2009 Author: Alexandr Polyakov Description A linked XSS...

Exploits0
erpscan
erpscan
added 2008/07/16 12:0 a.m.15 views

Oracle BEA Weblogic 10 — Multiple Linked ХSS vulnerabilities

Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response: 30.10.2008 Description: Review Service sample of WebLogic Server. Date of Public...

0.1AI score
Exploits0
erpscan
erpscan
added 2013/04/20 12:0 a.m.14 views

SAP Mobile .healthcare.emr.v2 - Unauthorized access

Application: SAP EMR Unwired com.sap.mobile.healthcare.emr.v2, SAP Clinical Task Tracker com.sap.mobile.healthcare.ctt Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.02.2015 Reference: SAP Security Note 2117079...

0.1AI score
Exploits0
erpscan
erpscan
added 2012/10/02 12:0 a.m.14 views

SAP NetWeaver SDM Admin - information disclosure

Application: SAP NetWeaver SDM Versions Affected: SAP NetWeaver SDM Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 10.02.2012 Vendor response: 11.02.2012 Date of Public Advisory: 10.10.2012 Reference: SAP Security Note 1724516 Authors: Alexander Polyakov ERPSc...

0.6AI score
Exploits0
erpscan
erpscan
added 2011/05/13 12:0 a.m.14 views

SAP NetWeaver PFL_CHECK_OS_FILE_EXISTENCE - missing authorization check and SMB Relay vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 13.05.2011 Vendor response:15.05.2011 Date of Public Advisory:20.01.2011 Author: Alexey Tyurin Description Missing authorization check in FRC functio...

0.7AI score
Exploits0
erpscan
erpscan
added 2010/11/05 12:0 a.m.14 views

SAP NetWeaver Trust Center Service - XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:XSS Exploits: YES Reported: 11.05.2010 Vendor response: 12.05.2011 Date of Public Advisory: 17.06.2011 CVSS: 5.0 Author: Dmitriy Evdokimov Description SAP NetWeaver Trust Center Service has linked XSS...

6.1AI score
Exploits0
erpscan
erpscan
added 2009/07/09 12:0 a.m.14 views

SAP Netweaver SQL Monitors — Multiple XSS

Application: SAP Netweaver Administrator panel Versions Affected: SAP Netweaver Administrator panel from ECC 6.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 07.09.2009 Vendor response: 08.09.2009 Date of Public Advisory: 09.11.2010 Author: Alexandr Polyakov and Alexey Troshichev Description Ope...

6.7AI score
Exploits0
erpscan
erpscan
added 2009/02/07 12:0 a.m.14 views

SAP GUI 7.1 WebViewer2D ActiveX — Insecure Methods

Application: EAI WebViewer2D EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected:Tested on 7100.2.7.1038 PL 7 Vendor URL: Bugs: Insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Date of Public Advisory: 28.09.2009 Author: Alexandr Polyakov...

0.3AI score
Exploits0
erpscan
erpscan
added 2015/09/29 12:0 a.m.13 views

SAP NetWeaver Java AS - multiple XSS vulnerabilities

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: SAP Bugs: XSS Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Impact: leakage...

0.2AI score
Exploits0
erpscan
erpscan
added 2014/06/16 12:0 a.m.13 views

SAP NetWeaver AS Java - XXE

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java Vendor URL: http://www.sap.com Bugs: XXE Reported: 16.06.2014 Vendor response: 17.06.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2045176 Authors: Vahagn Vardanyan ERPScan Description SAP XML pars...

1.2AI score
Exploits0
erpscan
erpscan
added 2014/01/07 12:0 a.m.13 views

SAP NetWeaver - SMB Relay

Application: SAP Vendor URL: http://www.sap.com Bugs: Security Bypass, Directory Traversal, SMB Relay Exploits: YES Reported: 01.07.2014 Vendor response: 02.07.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2056333 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...

0.3AI score
Exploits0
erpscan
erpscan
added 2013/09/07 12:0 a.m.13 views

SAP NetWeaver ECATT_DISPLAY_XMLSTRING_REMOTE - XXE

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.31, probably others Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 20.01.2015 Reference: SAP Security Note 2016638 Authors: Nikolay...

0.3AI score
Exploits0
erpscan
erpscan
added 2013/03/23 12:0 a.m.13 views

SAProuter - Authentication Bypass

Application: SAP Network Interface Router SAProuter Versions Affected: 39.3 SP4 7100.0.0.201 – Win64/Linux x8664, 40.4 Vendor URL: http://www.sap.com Bugs: Authentication bypass Exploits: NO Reported: 23.03.2013 Vendor response: 24.03.2013 Date of Public Advisory: 25.11.2013 Reference: SAP Securi...

0.3AI score
Exploits0
erpscan
erpscan
added 2012/11/12 12:0 a.m.13 views

SAP NetWeaver PFL - SMB Relay

Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: NO Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 09.04.2013 Date of Public Advisory: 20.04.2013 Reference: SAP...

6.6AI score
Exploits0
erpscan
erpscan
added 2012/11/12 12:0 a.m.13 views

SAP NetWeaver DI - Arbitrary file upload

Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Arbitrary file upload/Security bypass Exploits: YES Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 12.02.2013 Date of Public Advisory: 20.02.2013 Reference:...

0.2AI score
Exploits0
erpscan
erpscan
added 2011/05/13 12:0 a.m.13 views

SAP Netweaver CCMS - XML Entity Expansion DOS

Application: SAP NetWeaver Vendor URL: Bugs: DOS Risk: High Exploits: YES Reported: 13.05.2011 Vendor response: 15.05.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1594475 Author: Alexey Tyurin ERPScan Description SAP Netweaver – XML Entity Expansion It...

0.8AI score
Exploits0
erpscan
erpscan
added 2010/11/05 12:0 a.m.13 views

SAP NetWeaver Data Archiving Service — Multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Data Archiving Service 6.4-7.3 Vendor URL: http://www.sap.com Bugs: Linked XSS and Stored XSS Exploits: YES Reported: 11.05.2010 Vendor response: 11.05.2010 Date of Public Advisory: 12.04.2011 Author: Dmitriy Evdokimov Description SAP...

6AI score
Exploits0
erpscan
erpscan
added 2010/03/29 12:0 a.m.12 views

SAP Netweaver XRFC — Stack Overflow

Application: SAP BASIS Versions Affected: SAP XRFC 6.40/7.00 may be others Vendor URL: Bugs: Stack Overflow Exploits: YES DoS PoC Reported: 29.03.2010 Vendor response: 29.03.2010 Date of Public Advisory: 09.11.2010 Author: Alexey Sintsov Description It is possible to call stack overflow via RFC...

2.8AI score
Exploits0
erpscan
erpscan
added 2009/12/14 12:0 a.m.12 views

SAP NetWeaver DTR — Multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Design Time Repository 6.4-7.2 Vendor URL: Bugs: XSS Exploits: YES Reported: 14.12.2009 Vendor response: 14.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexander Polyakov and Alexey...

6.1AI score
Exploits0
erpscan
erpscan
added 2009/12/01 12:0 a.m.12 views

SAP Cfolders Multiple Linked XSS Vulnerabilities

Application: SAP Cfolders SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms collaboration rooms Vendor URL: Bugs: Multiple Liked XSS Risk: High Exploits: YES Reported: 12.01.2009 Vendor response: 13.01.2009 patched: 21.01.2009 Date of Public Advisory: 21.04.2009 Reference: SAP...

0.1AI score
Exploits0
erpscan
erpscan
added 2012/11/12 12:0 a.m.11 views

SAP NetWeaver PFL - SMB Relay

Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SMB Relay Exploits: NO Reported: 11.12.2012 Vendor response: 12.12.2012 Date of SAP Security Note Published: 09.04.2013 Date of Public Advisory: 20.04.2013 Reference: SAP...

6.6AI score
Exploits0
erpscan
erpscan
added 2012/07/13 12:0 a.m.10 views

SAP NetWeaver Performance Provider - XSS

Application: SAP NetWeaver Performance Provider Versions Affected: SAP NetWeaver Performance Provider Vendor URL: http://www.sap.com Bugs: XSS Exploits: YES Reported: 13.07.2012 Vendor response: 14.07.2012 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 14.03.2013...

6.5AI score
Exploits0
erpscan
erpscan
added 2012/07/13 12:0 a.m.10 views

SAP NetWeaver PIP - XSS

Application: SAP NetWeaver Integration Repository Versions Affected: SAP NetWeaver Integration Repository Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2012 Vendor response: 14.07.2012 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1442517 CVSS:...

0.3AI score
Exploits0
erpscan
erpscan
added 2011/08/19 12:0 a.m.9 views

SAP NetWeaver Exportability Check Service - unauthorized directory traversal

Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs:Directory Traversal, File Read Exploits: YES Reported: 19.08.2011 Vendor response: 20.08.2011 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 28.01.2013 Reference: SA...

0.2AI score
Exploits0
Total number of security vulnerabilities291