exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

Files from Nahuel D. Sanchez

First Active2014-04-28
Last Active2021-06-15
SAP Solution Manager 7.20 Missing Authorization
Posted Jun 15, 2021
Authored by Nahuel D. Sanchez, Pablo Artuso, Yvan Genuer | Site onapsis.com

Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.

tags | advisory, remote
advisories | CVE-2020-6207
SHA-256 | ad2a546198819c5e3808faa124d00d50475caa98031463ff99dd70806f19a4fd
SAP HANA test-net.xsjs Code Injection
Posted Sep 29, 2015
Authored by Nahuel D. Sanchez, Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.

tags | advisory, remote
SHA-256 | 536c2f5bd066d0dd00d1598734d6f710d8be3e982bbd78bef9d75361bc5754eb
SAP HANA hdbsql Memory Corruption
Posted Sep 29, 2015
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA hdbsql suffers from multiple memory corruption vulnerabilities. By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the system.

tags | advisory, vulnerability
advisories | CVE-2015-6507
SHA-256 | 368ce04e67548cdb573e6df82ff6477de56a2a3d247070855e42496c9c199e7f
SAP HANA Log Injection
Posted May 27, 2015
Authored by Fernando Russ, Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - Under certain conditions, the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be used to corrupt log files or add fake content misleading an administrator.

tags | advisory, remote, arbitrary
advisories | CVE-2015-3994
SHA-256 | 5ca7d3e9291f057648e9f6f695e85a6ed4865966ffa4228700ba29b2884a76f7
SAP HANA Information Disclosure
Posted May 27, 2015
Authored by Fernando Russ, Nahuel D. Sanchez, Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from an information disclosure vulnerability via SQL IMPORT FROM statements.

tags | advisory, info disclosure
advisories | CVE-2015-3995
SHA-256 | bb14e2959b52d187e9b6acc4384e410e0927c0d33b3653e304b8da39ef6615f8
SAP Business Warehouse Missing Authorization Check
Posted Oct 8, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - The RFC function 'RSDU_CCMS_GET_PROFILE_PARAM' in SAP NetWeaver Business Warehouse does not perform any authorization check prior to retrieving the profile parameter value.

tags | advisory
SHA-256 | 3c233c38c81809ef00b14c725f0450fa3f1b614cdc114e9d7e1072e437a12d1c
SAP Netweaver Business Warehouse Missing Authorization
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.

tags | advisory, remote
SHA-256 | 51b510290e9cdab39a4eb560d76f8a1a92ad4e2479c00ecb93a399c7bd8fc80a
SAP_JTECHS HTTP Verb Tampering
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.

tags | advisory, remote, web
SHA-256 | 6580ff640350c05f48f65976b0b95f4281af8ee4134bb35be5c0dfed235ecb75
SAP Profile Maintenance Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.

tags | advisory
SHA-256 | b7c303f7bf2fdf075bdc1e6b7520a92fcb05d90222559301ac050e06fa65efc3
SAP Background Processing RFC Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.

tags | advisory, remote
SHA-256 | 59f5fd063cd638475b56911c3f860c68eb3d9222d3f786d79c7538b9fdef6595
SAP Software Lifecycle Manager Information Disclosure
Posted Apr 28, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.

tags | advisory, info disclosure
SHA-256 | 66175ddf4ff1b483f9589574588c2c2d8333d5951f8f26a85a6a946dc17690be
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close