exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 72 RSS Feed

Files from Sh2kerr

Email addressalexandr.polyakov at dsec.ru
First Active2007-10-23
Last Active2011-11-17
SAP NetWeaver CTC Authentication Bypass
Posted Nov 17, 2011
Authored by Sh2kerr

SAP NetWeaver suffers from an authentication bypass vulnerability in the CTC service.

tags | advisory, bypass
SHA-256 | acd1799151dd58a8e541f3f7f81d871ec30f13688f6df45a6dc99cabf056f139
SAP NetWeaver SPML Cross Site Request Forgery
Posted Nov 17, 2011
Authored by Sh2kerr

The SAP NetWeaver SPML service suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 322ab3a2b0d5f55c5b57691f980918122aa961043519cd3ac848bdaa88e9ca1b
SAP NetWeaver BW Doc Cross Site Scripting
Posted Nov 17, 2011
Authored by Sh2kerr, Dmitriy Chastuchin

SAP NetWeaver BW DOC metadata suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 68d97d678e3c0fdb4545781101c9713cebe198b3b21c2030417b80a51a588341
SAP NetWeaver MI 2 Information Disclosure
Posted Nov 17, 2011
Authored by Sh2kerr

SAP NetWeaver Mobile Engine suffers from an information disclosure vulnerability that discloses version and username information.

tags | advisory, info disclosure
SHA-256 | f887bedbaf6328e9e0090370a2ef1d312367550062ad97dcd452fb137b15cb06
SAP NetWeaver SLD Information Disclosure
Posted Jun 28, 2011
Authored by Sh2kerr

SAP NetWeaver suffers from a version information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | b22b17c91f8bbca4c55e92c62cfe94d4fcb66501a137984af9813c6c9627064d
SAP GUI DLL Hijacking
Posted Mar 16, 2011
Authored by Sh2kerr, Alexey Sintsov

SAP Front End applications (SAPGui.exe) are vulnerable to DLL hijacking attacks allowing for remote code execution.

tags | advisory, remote, code execution
SHA-256 | 28ae63b22ea645e5c51c549e98085f2be91b625a787181783ae2e6a8a3c0929e
SAP NetWeaver Runtime Cross Site Scripting
Posted Mar 16, 2011
Authored by Sh2kerr, Dmitriy Evdokimov

SAP NetWeaver Runtime suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 9181483e340b92a0eba8cbdc85b2d7b41fe702b11953196d7adeec92089118b9
SAP NetWeaver Integration Directory Cross Site Scripting
Posted Mar 16, 2011
Authored by Sh2kerr, Dmitriy Evdokimov

Multiple cross site scripting vulnerabilities have been discovered in the SAP NetWeaver Integration Directory.

tags | advisory, vulnerability, xss
SHA-256 | 6c1f10b4919499bf8e2eb3a38ba5b4c505670c59ce701c4a2769af93a5d72d82
SAP Crystal Reports 2008 Cross Site Scripting
Posted Mar 16, 2011
Authored by Sh2kerr, Dmitry Chastuhin

Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.

tags | exploit, vulnerability, xss
SHA-256 | 51f030365393b65a3456ecb53c5f5e39b1847584605dc54abbe2141bcba154a8
Forgotten World - Corporate Business Application Systems
Posted Feb 18, 2011
Authored by Val Smith, Sh2kerr

Whitepaper called Forgotten World - Corporate Business Application Systems. This paper will describe some basic and advanced threats and attacks on Enterprise Business Applications – the core of many companies. Both the paper and Blackhat DC presentation are included in this archive.

tags | paper
systems | linux
SHA-256 | 2e70cc9c883bdf948194b3801a4b9fe5f07f8e73912c291bd5c5b643e993e4a6
Oracle Document Capture 10.1.3.5 Insecure Method / Buffer Overflow
Posted Jan 26, 2011
Authored by Sh2kerr | Site dsecrg.com

Oracle Document Capture version 10.1.3.5 suffers from buffer overflow and insecure method vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2010-3599
SHA-256 | d8de28a03cf63e8eb852fd978524155069a598269f9adfa1fc15fb5c2f8912fa
Oracle Document Capture Actbar2.ocx Insecure Method
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitriy Evdokimov | Site dsecrg.com

Oracle Document Capture suffers from an insecure method vulnerability in Actbar2.ocx.

tags | exploit
advisories | CVE-2010-3591
SHA-256 | 03b34491ba00cddad42d1df6075c24902828638e56eeebc8ded920c1e03e8609
SAP Crystal Report Server 2008 Active-X Insecure Methods
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.

tags | advisory
SHA-256 | 29926d9586641116eb339bef4f9eb33eae55dfcd24cd7eb87a02a1fbbd8d02b7
SAP Crystal Report Server 2008 Directory Traversal
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 5bebb637d7e51e2a0d9d84df5f7b28a6a33af536f8f0ea29e3bf80b431a7af0a
SAP Crystal Report Server 2008 Cross Site Scripting
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5bb33dcb865e51328736f78871bcaf01a2e663aac535fd2aa2d1af81cdfe13cd
Progress OpenEdge Enterprise RDBMS 10.2A Bypass
Posted Jan 25, 2011
Authored by Sh2kerr, Alexey Sintsov, Alexey Troshichev | Site dsecrg.com

Progress OpenEdge Enterprise RDBMS version 10.2A has some vulnerabilities that make it possible to enumerate UserID and bypass authentication.

tags | advisory, vulnerability
SHA-256 | 94f3ea7ac21edb9e58b5237ff7c2a7826e37b408dbacdbff22fb5468c6bdec38
Oracle Document Capture empop3.dll Insecure Methods
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitriy Evdokimov | Site dsecrg.com

Oracle Document Capture contains ActiveX components that contains insecure methods in empop3.dll.

tags | exploit, activex
advisories | CVE-2010-3591
SHA-256 | d17d07c5e57b563c011ed3d0796b9e0b84d6136526dcd7ca890a49dc34f3c55b
Oracle Document Capture Insecure READ Method
Posted Jan 25, 2011
Authored by Sh2kerr, Alexey Sintsov | Site dsecrg.com

EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in target system. The vulnerable method is "ImportBodyText()".

tags | exploit, activex
advisories | CVE-2010-3595
SHA-256 | e0290533ffa0e0be9cb707947d2fe37461961f3b2e54f7eb0baa68b865261ae8
SAP NetWeaver 7.0 Denial Of Service
Posted Nov 18, 2010
Authored by Sh2kerr | Site dsecrg.com

SAP NetWeaver version 7.0 suffers from a denial of service vulnerability in the Metamodel Repository.

tags | advisory, denial of service
SHA-256 | 5e2e562201a583c2c83faeee154e85b823b0642aff4fe38ac6116e1056d89383
SAP NetWeaver Administrator Panel ECC 6.0 Cross Site Scripting
Posted Nov 17, 2010
Authored by Sh2kerr, Alexey Troshichev | Site dsecrg.com

The SAP NetWeaver administrator panel from ECC version 6.0 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3d805721f30788cc734b4cca6025ed61f899f4240facd6d677bd99feb4a472b9
Oracle BPEL Console 10.1.3.3.0 Cross Site Scripting
Posted Oct 28, 2010
Authored by Sh2kerr | Site dsecrg.com

Oracle BPEL Console version 10.1.3.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-3581
SHA-256 | 8b80837fd9c12c060f51e80f3ef5cf3cb1543ef6936db9fd039e3765f60d152d
Oracle BI Publisher HTTP Response Splitting
Posted Oct 28, 2010
Authored by Sh2kerr | Site dsecrg.com

Oracle BI Publisher suffers from a HTTP response splitting vulnerability.

tags | exploit, web
SHA-256 | a16b4a5d2e42764c015a89ca8d14b3e7d1594fc9ccef544177abbde6f3759df3
SAP NetWeaver SLD 6.4 - 7.02 Cross Site Scripting
Posted Jul 23, 2010
Authored by Sh2kerr, Alexey Troshichev | Site dsecrg.com

SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 8b641e06e58f7c35d9140a710b83cde908ed39795c6e2eedaaa58b596a3b8385
SAP Netweaver 6.4 - 7.0 Cross Site Scripting
Posted Jul 23, 2010
Authored by Sh2kerr | Site dsecrg.com

SAP Netweaver versions 6.4 through 7.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3a33cbd84a9db933f995cbae70e001e3a89be10e4fa30b160c720ca941a9066e
Symantec Antivirus Client Proxy Buffer Overflow
Posted Feb 20, 2010
Authored by Sh2kerr | Site dsecrg.com

An Active-X component in CLIproxy.dll from Symantec Antivirus Client Proxy suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2010-0108
SHA-256 | 01e4fed6a5192be5896fea6d73e2571c3e0946b13d52fefe04ff31a16cedd628
Page 1 of 3
Back123Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close