Showing 1 - 7 of 7

Files from Jordan Santarsieri

First Active	2011-01-13
Last Active	2014-06-06

SAP SLD Information Tampering: Posted Jun 6, 2014; Authored by Jordan Santarsieri, Juan Pablo Perez Etchegoyen, Pablo Muller | Site onapsis.com; Onapsis Security Advisory - A remote unauthenticated attacker might be able to modify technical information about SAP systems potentially leading to a full compromise of all business information due to an SLD information tampering vulnerability.; tags | advisory, remote; SHA-256 | 38205de30d7077e9d7a6e240e956ac54d8c2700272a5830b5e2fc4a702ab4895; Download | Favorite | View

SAP BASIS Missing Authorization Check: Posted Apr 29, 2014; Authored by Jordan Santarsieri | Site onapsis.com; Onapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.; tags | advisory; SHA-256 | 256bd960fbdebcad59f543091e1b5400cedf42289a770e76797b5c696842db46; Download | Favorite | View

SAP NW Portal WD Information Disclosure: Posted Apr 29, 2014; Authored by Jordan Santarsieri | Site onapsis.com; Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.; tags | advisory, java; SHA-256 | f0232025c98889497fcb0c0b1d72442e16fc22b24d19905bd9ad64c3644c09bb; Download | Favorite | View

SAP Enterprise Portal Cross Site Scripting: Posted Feb 22, 2013; Authored by Jordan Santarsieri | Site onapsis.com; Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.; tags | advisory; SHA-256 | 90263b999fd3713c409e968fef5750efe496d3c670dd404aa00e7175cccf16df; Download | Favorite | View

SAP SDM Denial Of Service: Posted Feb 22, 2013; Authored by Mariano Nunez Di Croce, Jordan Santarsieri | Site onapsis.com; Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.; tags | advisory, denial of service; SHA-256 | b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ec; Download | Favorite | View

SAP Management Console Information Disclosure: Posted Jan 13, 2011; Authored by Jordan Santarsieri | Site onapsis.com; Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.; tags | advisory, remote; SHA-256 | f8e585a8af3d50d4d066bfa69bcef904e8d60df7cef2280ac90d36487128fbe9; Download | Favorite | View

SAP Management Console Unauthenticated Service Restart: Posted Jan 13, 2011; Authored by Jordan Santarsieri | Site onapsis.com; Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.; tags | advisory, denial of service; SHA-256 | 4ecd09a62c8bf85b0453c91f958d8c715681b0c176803619a09cecc86fceb506; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days