Published: 16/02/2016 Updated: 20/04/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 761

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Netweaver Application Server Java

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver application server java 7.40

SAP NetWeaver J2EE Engine version 740 suffers from a remote SQL injection vulnerability ...

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 71 - 75 Vendor URL: SAPcom Bugs: SQL injection Send: 04122015 Reported: 04122015 Vendor response: 05122015 Date of Public Advisory: 09022016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan (ERPScan) Description 1 ADV ...

#!/usr/bin/env python # coding=utf-8 """ Author: Vahagn Vardanyan twittercom/vah_13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection (CVE-2016-2386) vulnerability in SAP NetWeaver AS Java UDDI 711-750 POST /UD ...

Here you can get full exploit for SAP NetWeaver AS JAVA

SAP_exploit Author: Vahagn Vardanyan twittercom/vah_13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection (CVE-2016-2386) vulnerability in SAP NetWeaver AS Java UDDI 711-750 POST /UDDISecurityService/UDDISecurityImplBean HTTP/11 User-Agent:

[CVE-2016-2386] SAP NetWeaver AS JAVA UDDI Component SQL Injection

[CVE-2016-2386] SAP NetWeaver AS JAVA UDDI Component SQL Injection POST /UDDISecurityService/UDDISecurityImplBean HTTP/11 Host: host Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozilla/50 (Macintosh; Intel Mac OS X 1015; rv:780) Gecko/20100101 Firefox/780 Content-Type: text/xml;charset=UTF-8 SOAPAction: Content-Length: 340 <soapenv:Env

Microsoft fixes under-attack Windows zero-day Follina

The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild. Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so t...

CVE-2016-2386

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect