[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
Security vulnerability was founded in sap EPS_DELETE_FILE RFC function allows
attacker to delete files remotely or steal hashes of SAP server account in
windows environment using SMBRelay attack.
Digital Security
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
com.sap.ipc.webapp.ipcpricing application has information disclose
vulnerability
Digital Security Research Group [DSecRG] Advisory DSECRG-11-032 (Internal
DSecRG-00197)
Application: SAP NetWeaver
Versions Affected:
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose
Attacker can get information about mobile engine version and sometimes the name
of the technical user.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver MI 2
Vendor URL: http://www.SAP.com
Bugs:
: 16.03.2011
Date of Public Advisory:11.11.2011
CVSS:4.3
CVE-number:
Author: Alexandr Polyakov and Dmitriy Chastuchin from DSecRG (research center
of ERPScan)
Description
***
BW DOC metadata in SAP NetWeaver is vulnerable to XSS attack.
Details
***
XSS found in page /SAP/BW/DOC
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability
SAP RSTXSCRP Report has path traversal vulnerability which can lead to SMB
relay attack and full control on system.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL:
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability
(NEW)
TH_GREP report is vulnerable for command execution vulnerability which is
working with previous patch (note 1433101). Remote OS command execution is
possible
Application: SAP NetWeaver
:14.03.2011
Vendor response: 15.03.2011
Date of Public Advisory:11.11.2011
CVSS:7.3
CVE-number:
Author: Alexandr Polyakov from DSecRG (research center of ERPScan)
Description
***
Attacker can create a new user in J2EE Engine using CSRF attack on SPML service
URL: http://www.SAP.com
Bugs:Auth bypass, Verb tampering
Reported:14.03.2011
Vendor response: 15.03.2011
Date of Public Advisory:11.11.2011
CVSS:7.3 by SAP (10 by ERPSCAN)
CVE-number:
Author: Alexandr Polyakov from DSecRG (research center of ERPScan
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability
XSS vulnerability found in pubDBLogon.jsp page of SAP Crystal Report Server
2008.
Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://www.sap.com
http://zeronights.org/request
Saint-Petersburg, Russia, 25th of November
CFP consist of 2 steps
Participation requests admission of the first step is till 20.09.11
Program committee decision about the first part of speakers will be available
on the 30.09.11
Participation requests admission
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability
Digital Security Research Group [DSecRG] Advisory DSECRG-11-032 (Internal
DSecRG-00197)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Digital Security Research Group [DSecRG] Advisory #DSECRG-11-018
Application: Kaspersky Administration Kit
Versions Affected: from 6.0
Vendor URL: http://www.kaspersky.com
Bug: Design flaw
Exploits:YES
Reported:
[DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS
SAP NetWeaver Integration Directory has linked XSS vulnerability.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-013 (Internal
DSecRG-00163)
Application: SAP NetWeaver Runtime
Versions Affected: SAP
[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS
SAP NetWeaver Integration Directory has multiple linked XSS vulnerabilities.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-012 ( Internal
DSecRG-00159)
Application: SAP NetWeaver XI
Versions
GUI
Versions Affected: 6.4 - 7.2
Vendor URL: http://www.sap.com
Bugs:DLL hijacking
Exploits:YES
Reported:24.08.2010
Vendor response: 26.08.2010
Date of Public Advisory:09.03.2011
CVE-number:
Author: Alexey Sintsov, Alexandr Polyakov
Digital Security
[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS
SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities.
SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities.
[DSecRG-11-011] (Internal DSECRG-00147)
Multiple XSS vulnerabilities found
[DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS
SAP NetWeaver 7.0 application XI SOAP Adapter has linked XSS vulnerability
Digital Security Research Group [DSecRG] Advisory DSecRG-11-009 (Internal
DSecRG-00120)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver XI SOAP
[DSECRG-11-010] SAP NetWeaver logon.html - XSS
SAP NetWeaver BSP logon page has linked XSS vulnerability.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-010 (Internal
DSecRG-00127)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver SAP_BASIS 620-730
ActiveX components contain insecure methods.
Digital Security Research Group [DSecRG] Advisory #DSECRG-00153
Application:Oracle Document Capture
Versions Affected: Release 10gR3
Vendor URL: www.oracle.com
Bugs: insecure method, File overwriting
: Alexandr Polyakov from DSecRG
Description
***
Insecure method was founded in NCSECWLib ActiveX control component which is a
part of Oracle Document Capture .
One of the methods (WriteJPG) can be used to overwrite files on users system
and also affected to buffer
Digital Security Research Group [DSecRG] Advisory DSECRG-11-007 (Internal
#DSECRG-00117)
Application:Oracle Document Capture
Versions Affected: 10.1350.0005
Vendor URL:
[DSECRG-11-002] (Internal DSECRG-00143) SAP Crystal Report Server 2008
scriptinghelpers.dll ActiveX component - Insecure methods
The component contains insecure methods by which you can overwrite any file in
the OS, run the executable file, kill process, delete the file.
Application:
ActiveX components contain insecure methods.
Digital Security Research Group [DSecRG] Advisory DSECRG-11-005 (internal
#DSECRG-00154)
Application:Oracle Document Capture
Versions Affected: Release 10gR3
Vendor URL: www.oracle.com
Bugs: insecure
ÇDSECRG-11-003 (Internal DSECRG-00145) SAP Crystal Report Server 2008 -
Directory Traversal
Directory traversal vulnerability discovered in the module
PerformanceManagement application SAP Crystal Report Server 2008, which allows
you to read any file on the OS.
Application:
Digital Security Research Group [DSecRG] Advisory #DSECRG-11-008
Application:Progress OpenEdge Enterprise RDBMS
Versions Affected: 10.2A and maybe others
Vendor URL: http://web.progress.com
Bug:Authentication bypass, UserID enumerate
XSS vulnerability found in SAP Crystal Report Server 2008
Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://sap.com
Bugs: Linked XSS Vulnerability
Exploits: YES
Reported: 04.03.2010
Vendor response: 05.03.2010
Date of
: YES
Reported: 26.05.2009
Vendor response:27.05.2009
Date of Public Advisory:13.07.2010
CVE-number:
Author: Alexandr Polyakov
Digital Security Research Group [DSecRG]
(research
Digital Security Research Group [DSecRG] Advisory DSECRG-09-053
Application:VMware Remoute Console
Version:e.x.p build-158248
Vendor URL: http://vmware.com
Bugs: Format String Vulnerabilitys
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-049
Application: IBM BladeCenter Managmet Module
Versions Affected: before BPET50G
Vendor URL: http://www-03.ibm.com/systems/bladecenter/
Bug: DoS
Exploits:YES
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-064
Application:SAP GUI
Versions Affected: SAP GUI (SAP GUI 7.1)
Vendor URL: http://SAP.com
Bugs: Insecure method. Code Execution.
Exploits:
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-039
Application:Symantec Antivirus Client Proxy
Versions Affected: Version 10
Vendor URL: http://symantec.com
Bugs: Buffer Overflow
Exploits:
ActiveX component contains insecure method that can overwrite any file in
system
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-065
Application: TVUPlayer
Versions Affected: Tested on v2.4.9beta1[build1797]
Vendor URL: www.tvunetworks.com
Bugs:
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-011
Application:HP StorageWorks 1/8 G2 Tape Autoloader
Versions Affected: firmware v 2.30 and earlier
Vendor URL: http://hp.com/
Bug:Privilege
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-044
Application:EnjoySAP, SAP GUI for Windows 6.4 and 7.1
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL: http://SAP.com
Bugs:
: insecure method, File owervriting
Exploits: YES
Reported: 02.07.2009
Vendor response:02.07.2009
Date of Public Advisory:28.09.2009
CVE-number:
Author: Alexandr Polyakov
http://www.dsecrg.com/pages/vul/show.php?id=133
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-033
Application:SAP NetWeaver Application Server (Java)
Versions Affected: Version 7.0
Vendor URL: http://SAP.com
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-015
Original Advisory: http://dsecrg.com/pages/vul/show.php?id=115
Application:SAP GUI for Windows, EnjoySAP
Versions Affected: Version 6.4
Vendor URL: http://SAP.com
Bugs:
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-016
!!! original advisory !!!
http://dsecrg.com/pages/vul/DSECRG-09-016.html
Application:SAPDB
Versions Affected: Last
Vendor URL: http://SAP.com
Bugs:
Здравствуйте, Vladimir.
Вы писали 26 февраля 2009 г., 21:46:28:
Dear Digital Security Research Group,
--Thursday, February 26, 2009, 7:40:50 PM, you wrote to
bugtraq@securityfocus.com:
DSRG Application:APC PowerChute Network Shutdown's Web
Interface
DSRG Vendor
: Alexandr Polyakov
Digital Security Reasearch Group [DSecRG]
(research [at] dsec [dot] ru)
Description
***
Linked XSS vulnerability found in BPEL module of Oracle Application Server
(Oracle SOA Suite).
Details
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-028
Application:Velocity web-server (a part of Velocity
Security Management System)
Versions Affected: Old version 1.0
Vendor URL: http://hirschelectronics.com
Bugs:
: Directory traversal File Download
Exploits: YES
Reported: 20.02.2008
Vendor response:22.02.2008
Solution: 03.03.2008
Date of Public Advisory:06.03.2008
Authors: Alexandr Polyakov
42 matches
Mail list logo