what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Nahuel Sanchez

First Active2015-09-29
Last Active2017-08-14
OSNEXUS QuantaStor 4 Information Disclosure
Posted Aug 14, 2017
Authored by Nahuel Sanchez | Site vvvsecurity.com

OSNEXUS QuantaStor version 4 suffers from multiple information disclosure vulnerabilities including user enumeration.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2017-9978, CVE-2017-9979
SHA-256 | 0762c7d4aa2b0a1660c63fde56c7e91b852dcdf5a6a1019d3e8ed62845a1049f
SAP SLDREG Memory Corruption
Posted Oct 12, 2016
Authored by Nahuel Sanchez | Site onapsis.com

The SAP SLD Registration Program suffers from a memory corruption vulnerability.

tags | advisory
advisories | CVE-2016-3638
SHA-256 | 6613992a8db68e022fadcfa82d295027ac7dfc10434063952bbd3805c4a0744f
SAP Console 7.30 Insecure Password Storage
Posted Oct 11, 2016
Authored by Nahuel Sanchez | Site onapsis.com

SAP Console version 7.30 suffers from an insecure password storage vulnerability.

tags | advisory
advisories | CVE-2016-3946
SHA-256 | 15549212a42e06cbf90b62f838891fe78927981e3ff983ba5baa76bf21aa875c
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
Posted Aug 21, 2016
Authored by Nahuel Sanchez | Site onapsis.com

SAP HANA SPS09 version 1.00.091.00.1418659308 suffers from an information disclosure vulnerability in EXPORT.

tags | advisory, info disclosure
advisories | CVE-2016-6149
SHA-256 | 4a5f8342b24325e43b5343b266af9c9b8acc91107d4a6b28357e158112cec19f
SAP HANA DB 1.00.73.00.389160 Remote Code Execution
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions a remote authenticated attacker with IMPORT system privileges could potentially execute arbitrary code on SAP HANA DB version 1.00.73.00.389160.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6148
SHA-256 | 837a43738fa05ae4c66c0884d724e8afff46e553af7b6eed1b6a5848bf68571e
SAP TREX 7.10 Revision 63 Remote Command Execution
Posted Aug 20, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

SAP TREX version 7.10 revision 63 suffers from a remote command execution vulnerability.

tags | advisory, remote
advisories | CVE-2016-6147
SHA-256 | 0819be6c462080645727510772e93d336c75a8827da0a93033522577a8a61c8c
SAP TREX 7.10 Revision 63 NameServer TNS Information Disclosure
Posted Aug 20, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

SAP TREX version 7.10 revision 63 suffers from a TNS information disclosure vulnerability in NameServer.

tags | advisory, info disclosure
advisories | CVE-2016-6146
SHA-256 | 7b9adee861d5e668126c4a179eb39eaad2ab92fa481b23b056ff2cb62d5297a1
SAP HANA DB 1.00.091.00.1418659308 Information Disclosure
Posted Aug 20, 2016
Authored by Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA DB version 1.00.091.00.1418659308 suffers from a user information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-6145
SHA-256 | bdc9caa13cd84ad00e89d70d09818e47227a940de378774fee051e8ed6f20745
SAP HANA DB 1.00.73.00.389160 HTTP Request Audit Injection
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6143
SHA-256 | 90846e12e72d1c8e36bcc61d734f33cd6afd8c1e4ac21415a97d5ee087539cbb
SAP HANA DB 1.00.73.00.389160 SAP Protocol Audit Injection
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6142
SHA-256 | 4fde45560f871d006837d95c07be63adc51799cd430904259656550cf718ae3f
SAP HANA 1.00.091.00.1418659308 Information Disclosure
Posted Aug 19, 2016
Authored by Fernando Russ, Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA version 1.00.091.00.1418659308 suffers from a get topology information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-3639
SHA-256 | e75c9fed09b354564d28969a1389e8b9410fd2173c6b155ffb2381ac96e43e93
SAP HANA SQL Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2015-7994
SHA-256 | 452d1a9996ba393f6b9c5cf4b5b001a36702b192a2e336e89d2fffbec3daa5b4
SAP HANA HTTP Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, web, denial of service, arbitrary
advisories | CVE-2015-7993
SHA-256 | 0595dbe7a6cdc3d86d9fb8380d5ccd7e90d4f8a5331a6fe9508210b22452807f
SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

A remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote
advisories | CVE-2015-7992
SHA-256 | df42acef48541c11c82cd7957ac153921812129c88dc7ce09ffb9228bde5244e
SAP HANA TrexNet Command Execution
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

Using the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.

tags | advisory, remote, arbitrary, protocol, python
advisories | CVE-2015-7828
SHA-256 | e4cccb6ea9d715363678d97b705a3ed4cfae92d173b1157c598542160cec7a0e
SAP HANA Drop Credentials SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.

tags | advisory, remote, sql injection
SHA-256 | d444a5ba1af38fd63f1e5f5e68d842b9592909177de11dc45575d4678f9cd8c4
SAP HANA getSqlTraceConfiguration SQL Injection
Posted Sep 29, 2015
Authored by Fernando Russ, Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.

tags | advisory, remote, sql injection
SHA-256 | eb43d022e8fddd6eecbc5626bd6c632f0e9e075f3e94ea6552a956f95eaf9793
SAP HANA User Creation Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.

tags | advisory, remote, xss
SHA-256 | 093745f32867efd7e25fa4d1c9f8e459a0b267da21290b330cd5539db3fe4689
SAP HANA Role Deletion Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
SHA-256 | 6755cf7f8153415edfc191048e8bdf9b8ee3cf270ab9a887093629b129a6311c
SAP HANA Trace Configuration SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.

tags | advisory, remote, sql injection
SHA-256 | 28e3ad290a4fc8f5f373142a21e20d0d46d3545bc5d3b66532fee4c38b603644
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close