CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Metasploit Modules Related To SAP

CVE-2006-6010  SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering
This module makes use of the RFC_SYSTEM_INFO Function to obtain the operating system version, SAP version, IP address and other information through the use of the /sap/bc/soap/rfc SOAP service.
Module type : auxiliary Rank : normal
CVE-2007-3605  EnjoySAP SAP GUI ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41) provided by EnjoySAP GUI. By sending an overly long string to the "PrepareToPostHTML()" method, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : normal Platforms : Windows
CVE-2007-3614  SAP DB 7.4 WebTools Buffer Overflow
This module exploits a stack buffer overflow in SAP DB 7.4 WebTools. By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code.
Module type : exploit Rank : great Platforms : Windows
CVE-2007-4475  SAP AG SAPgui EAI WebViewer3D Buffer Overflow
This module exploits a stack buffer overflow in Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control that is bundled with SAPgui. When passing an overly long string the SaveViewToSessionFile() method, arbitrary code may be executed.
Module type : exploit Rank : normal Platforms : Windows
CVE-2008-0244  SAP MaxDB cons.exe Remote Command Injection
SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
Module type : auxiliary Rank : normal
CVE-2008-0621  SAP SAPLPD 6.28 Buffer Overflow
This module exploits a stack buffer overflow in SAPlpd 6.28 (SAP Release 6.40) . By sending an overly long argument, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2008-4830  EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
This module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
Module type : exploit Rank : excellent Platforms : Windows
CVE-2009-4988  SAP Business One License Manager 2005 Buffer Overflow
This module exploits a stack buffer overflow in the SAP Business One 2005 License Manager 'NT Naming Service' A and B releases. By sending an excessively long string the stack is overwritten enabling arbitrary code execution.
Module type : exploit Rank : great Platforms : Windows
CVE-2010-0219  Axis2 / SAP BusinessObjects Authenticated Code Execution (via SOAP)
This module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.
Module type : exploit Rank : excellent Platforms : Java,Linux,Windows
CVE-2010-0219  Apache Axis2 Brute Force Utility
This module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It has been verified to work on at least versions 1.4.1 and 1.6.2.
Module type : auxiliary Rank : normal
CVE-2010-2590  Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
This module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.
Module type : exploit Rank : normal Platforms : Windows
CVE-2012-2611  SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
This module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info() function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer Traces have been configured at levels 2 or 3. The module has been successfully tested on SAP Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass).
Module type : exploit Rank : normal Platforms : Windows
CVE-2013-3319  SAP Host Agent Information Disclosure
This module attempts to retrieve Computer and OS info from Host Agent through the SAP HostControl service.
Module type : auxiliary Rank : normal

Please note: Metasploit modules are only matched by CVE numbers. There may be other modules related to this product. Visit metasploit web site for more details
Total number of modules found = 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.