exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

Files from Jordan Santarsieri

First Active2011-01-13
Last Active2014-06-06
SAP SLD Information Tampering
Posted Jun 6, 2014
Authored by Jordan Santarsieri, Juan Pablo Perez Etchegoyen, Pablo Muller | Site onapsis.com

Onapsis Security Advisory - A remote unauthenticated attacker might be able to modify technical information about SAP systems potentially leading to a full compromise of all business information due to an SLD information tampering vulnerability.

tags | advisory, remote
MD5 | 39161a785bc588e9912655d522ce324b
SAP BASIS Missing Authorization Check
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.

tags | advisory
MD5 | 08aba0292ad0cd72b3c7184e63334d04
SAP NW Portal WD Information Disclosure
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.

tags | advisory, java
MD5 | 1685a904c8138ef95ff27aa8e27e4eee
SAP Enterprise Portal Cross Site Scripting
Posted Feb 22, 2013
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.

tags | advisory
MD5 | f21c0fd588c3c3e6de43249511b857ca
SAP SDM Denial Of Service
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce, Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.

tags | advisory, denial of service
MD5 | 81264124fb915a0bf5718671139c00f1
SAP Management Console Information Disclosure
Posted Jan 13, 2011
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.

tags | advisory, remote
MD5 | c2114cbaeba62b4d66d0f42cc591ca5a
SAP Management Console Unauthenticated Service Restart
Posted Jan 13, 2011
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.

tags | advisory, denial of service
MD5 | 39144aaea03618e7d6647941aa04c5c8
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close