Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files from Nahuel Sanchez

First Active2015-09-29
Last Active2017-08-14
OSNEXUS QuantaStor 4 Information Disclosure
Posted Aug 14, 2017
Authored by Nahuel Sanchez | Site vvvsecurity.com

OSNEXUS QuantaStor version 4 suffers from multiple information disclosure vulnerabilities including user enumeration.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2017-9978, CVE-2017-9979
MD5 | 1ab104b90ac93d362e31c87855d2ab18
SAP SLDREG Memory Corruption
Posted Oct 12, 2016
Authored by Nahuel Sanchez | Site onapsis.com

The SAP SLD Registration Program suffers from a memory corruption vulnerability.

tags | advisory
advisories | CVE-2016-3638
MD5 | e93042e0bc66a5879c5fd137132f8e0f
SAP Console 7.30 Insecure Password Storage
Posted Oct 11, 2016
Authored by Nahuel Sanchez | Site onapsis.com

SAP Console version 7.30 suffers from an insecure password storage vulnerability.

tags | advisory
advisories | CVE-2016-3946
MD5 | 0be7c34be13435a3ed5b481c81923886
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
Posted Aug 21, 2016
Authored by Nahuel Sanchez | Site onapsis.com

SAP HANA SPS09 version 1.00.091.00.1418659308 suffers from an information disclosure vulnerability in EXPORT.

tags | advisory, info disclosure
advisories | CVE-2016-6149
MD5 | d3433b5190718b7b1ab05a14bdb77402
SAP HANA DB 1.00.73.00.389160 Remote Code Execution
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions a remote authenticated attacker with IMPORT system privileges could potentially execute arbitrary code on SAP HANA DB version 1.00.73.00.389160.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6148
MD5 | e4731a31c8e968e89c68e9cce1e44342
SAP TREX 7.10 Revision 63 Remote Command Execution
Posted Aug 20, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

SAP TREX version 7.10 revision 63 suffers from a remote command execution vulnerability.

tags | advisory, remote
advisories | CVE-2016-6147
MD5 | 811fc2b0b78356bd151035beb96b211c
SAP TREX 7.10 Revision 63 NameServer TNS Information Disclosure
Posted Aug 20, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

SAP TREX version 7.10 revision 63 suffers from a TNS information disclosure vulnerability in NameServer.

tags | advisory, info disclosure
advisories | CVE-2016-6146
MD5 | 387fad6fc67f859b5fc254aa15f3c4a4
SAP HANA DB 1.00.091.00.1418659308 Information Disclosure
Posted Aug 20, 2016
Authored by Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA DB version 1.00.091.00.1418659308 suffers from a user information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-6145
MD5 | 3c82062e77a5e4d731a67f4f85c4c71a
SAP HANA DB 1.00.73.00.389160 HTTP Request Audit Injection
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6143
MD5 | c9a1e691580b255e9025a21dd835bd20
SAP HANA DB 1.00.73.00.389160 SAP Protocol Audit Injection
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6142
MD5 | ed49b79d319107fd5826c3978a617374
SAP HANA 1.00.091.00.1418659308 Information Disclosure
Posted Aug 19, 2016
Authored by Fernando Russ, Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA version 1.00.091.00.1418659308 suffers from a get topology information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-3639
MD5 | 50b14b6845906266bc31100b321d5698
SAP HANA SQL Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2015-7994
MD5 | 87c6ab0d16d32f13512459ca2eab53b2
SAP HANA HTTP Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, web, denial of service, arbitrary
advisories | CVE-2015-7993
MD5 | bb998eaaeca8875d2a710e5f16aa6bba
SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

A remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote
advisories | CVE-2015-7992
MD5 | e79efb7a313fea4cc3ab554c5cafc302
SAP HANA TrexNet Command Execution
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

Using the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.

tags | advisory, remote, arbitrary, protocol, python
advisories | CVE-2015-7828
MD5 | 2bd2e126c0c597ab90ac3829e6b06ded
SAP HANA Drop Credentials SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.

tags | advisory, remote, sql injection
MD5 | a6402db475df87bf86651eba28bcfc30
SAP HANA getSqlTraceConfiguration SQL Injection
Posted Sep 29, 2015
Authored by Fernando Russ, Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.

tags | advisory, remote, sql injection
MD5 | b20efa4c19f514ba212c26e4867acf3b
SAP HANA User Creation Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.

tags | advisory, remote, xss
MD5 | b86e2ed0cc2b299df4a08b42a5822d83
SAP HANA Role Deletion Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
MD5 | c651aa147ccce1311dcfa1b7e63159b4
SAP HANA Trace Configuration SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.

tags | advisory, remote, sql injection
MD5 | 244a9eaacffd2aaf4635e6f0f3891656
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close