what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

Files from Nahuel D. Sanchez

First Active2014-04-28
Last Active2015-09-29
SAP HANA test-net.xsjs Code Injection
Posted Sep 29, 2015
Authored by Nahuel D. Sanchez, Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.

tags | advisory, remote
MD5 | 7f83f90bb6c3a098c918f18b05dd9086
SAP HANA hdbsql Memory Corruption
Posted Sep 29, 2015
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA hdbsql suffers from multiple memory corruption vulnerabilities. By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the system.

tags | advisory, vulnerability
advisories | CVE-2015-6507
MD5 | d84bc960430406fcac7cb19e5e9fdeb2
SAP HANA Log Injection
Posted May 27, 2015
Authored by Fernando Russ, Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - Under certain conditions, the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be used to corrupt log files or add fake content misleading an administrator.

tags | advisory, remote, arbitrary
advisories | CVE-2015-3994
MD5 | f61f953240b5537345769fd6473f266e
SAP HANA Information Disclosure
Posted May 27, 2015
Authored by Fernando Russ, Nahuel D. Sanchez, Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from an information disclosure vulnerability via SQL IMPORT FROM statements.

tags | advisory, info disclosure
advisories | CVE-2015-3995
MD5 | f3332116db5d93bd6af0acc157bad3e2
SAP Business Warehouse Missing Authorization Check
Posted Oct 8, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - The RFC function 'RSDU_CCMS_GET_PROFILE_PARAM' in SAP NetWeaver Business Warehouse does not perform any authorization check prior to retrieving the profile parameter value.

tags | advisory
MD5 | 842fb4679d40fb25a9706e7aad8081bb
SAP Netweaver Business Warehouse Missing Authorization
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.

tags | advisory, remote
MD5 | e6120198a501de2772eebced4b6a0641
SAP_JTECHS HTTP Verb Tampering
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.

tags | advisory, remote, web
MD5 | 5fec465828338309c90177042deed4d4
SAP Profile Maintenance Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.

tags | advisory
MD5 | 860e252e5719dddb9aef9bf61ee472fe
SAP Background Processing RFC Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.

tags | advisory, remote
MD5 | 97299c20a11ae86f6f1d45c826fd0513
SAP Software Lifecycle Manager Information Disclosure
Posted Apr 28, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.

tags | advisory, info disclosure
MD5 | d4e40349eeb166e5f859efe555dd0504
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    11 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close