SAP® and Oracle® Security Advisories
Onapsis Research Labs is the world’s leading team of security experts who combine their deep knowledge of critical ERP applications and decades of threat research experience to deliver impactful security insights and threat intelligence focused on the business-critical applications from SAP, Oracle, and SaaS providers. Onapsis Research Labs is, far and away, the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team. No other research team comes close.
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REFRESH_IMPORT_USR_CLNT
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/21/2016
SAP OS Command Injection in SCTC_REORG_SPOOL
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
09/20/2016
SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
By exploiting this SAP Netweaver vulnerability, an authenticated user will be able to take full control of the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/28/2016
Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3439
By exploiting this Oracle E-Business Suite vulnerability, a remote attacker could steal sensitive business information by targeting other users connected to the system. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following…
07/28/2016
JD Edwards JDENET End of File DoS
Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:
07/28/2016
JD Edwards JDENET Password Disclosure
By exploiting this Oracle JD Edwards vulnerability, an unauthenticated attacker could achieve administrative rights and would be able to potentially compromise all information stored and processed on the JDE System. Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email….