what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 40 of 40 RSS Feed

Files from Vahagn Vardanyan

First Active2015-06-11
Last Active2019-04-19
SAP NetWeaver J2EE Engine 7.40 Cryptographic Issue
Posted Apr 15, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver J2EE Engine version 7.40 suffers from a cryptographic issue that can lead to information disclosure.

tags | advisory, info disclosure
SHA-256 | 4a8752f48a5fa73baa980c9abecb1d2a2c71088e4ae41dc5af67c4faa1a59f5b
SAP NetWeaver J2EE Engine 7.40 Cross Site Scripting
Posted Apr 15, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver J2EE engine version 7.40 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 4d45bc8c91a6d3d36af7f90ad4341ee0314fc7fffe6fbc4ec7d2cfe5c83dab9f
SAP NetWeaver J2EE Engine 7.40 SQL Injection
Posted Dec 14, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver J2EE engine version 7.40 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-7239
SHA-256 | b8ba26b8f5b9d0f92e607106034454f1bc8b74eff9a4d560a2a111acb23b6525
SAP Mobile Platform 2.3 XXE Injection
Posted Nov 23, 2015
Authored by Vahagn Vardanyan

SAP Mobile Platform version 2.3 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-6664
SHA-256 | 763ac979871c176d5a9e6b1f185a1e6109b4d7b5f4517066de0a8a2a92f8f153
SAP Mobile Platform 3 XXE Injection
Posted Sep 10, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver AS Java version 7.4 suffers from multiple XXE vulnerabilities. An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. An attacker can perform a DoS attack (for example, XML Entity Expansion). An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access.

tags | exploit, java, arbitrary, vulnerability, xxe
advisories | CVE-2015-5068
SHA-256 | 02e1d0a4e09aea20fa9d257a9bab83f794b1d6fbe455cfe78e609b89f08f57bd
SAP NetWeaver AS Java XXE Injection
Posted Aug 18, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver AS Java version 7.4 suffers from an XXE injection vulnerability. Related CVE Number: CVE-2015-4091.

tags | advisory, java, xxe
SHA-256 | 6cfc59352a8bee96dd51e5b8172b86529f4d78b89fc4d04fbb33af78e0cd1d52
Google Admin WebView Sandbox Bypass
Posted Aug 14, 2015
Authored by Vahagn Vardanyan

An issue was found when the Google Admin application received a URL via an IPC call from any other application on the same device. The Admin application would load this URL in a webview within its own activity. If an attacker used a file:// URL to a file that they controlled, then it is possible to use symbolic links to bypass Same Origin Policy and retrieve data out of the Google Admin sandbox.

tags | advisory, bypass
SHA-256 | fe1cf8309000f17cec08e939b1bf7ce76af4a964b50042b4e935fea7d6db7d68
SAP Security Notes August 2015
Posted Aug 13, 2015
Authored by Dmitry Chastuhin, Vahagn Vardanyan, Roman Bejan

SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is cross site scripting.

tags | advisory, vulnerability, xss
SHA-256 | ee31bc13be4242371858e63b399fe7e6e376803421f553b15b566f75b404d801
SAP Mobile Platform 3.0 XXE Injection
Posted Jun 19, 2015
Authored by Vahagn Vardanyan, Vahagn Vardanyan (ERPScan)

SAP Mobile Platform version 3.0 suffers from an XXE injection vulnerability. The problem is caused by a program error due to the incorrect use of an XML parser (/mobiliser servlet). By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.

tags | advisory, denial of service, xxe
SHA-256 | e89aaed13c5a2c5ac4e974c044a080f19bad90ce384d9fca4ba8d2c791e1c274
SYBASE SQL Anywhere 12 / 16 Denial Of Service
Posted Jun 19, 2015
Authored by Vahagn Vardanyan

SYBASE SQL Anywhere versions 12 and 16 suffer from a denial of service vulnerability. An attacker can trigger a condition in which the process ceases to run. This condition can be intentionally provoked by an attacker to cause denial of service.

tags | advisory, denial of service
advisories | CVE-2015-2819
SHA-256 | ef63dab3201ae56b98a3747344e684a2c732c5d74e07e8556040954ed9c8255f
SAP Afaria 7 Missing Authorization Check
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP Afaria version 7 suffers from a missing authorization check vulnerability. An attacker can use a missing authorization check to access the service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks.

tags | advisory, info disclosure
advisories | CVE-2015-2816
SHA-256 | c31ed536e135ffd5dbbb2b9995e77c71bf0e3b40facee2e84ca09d91541fb8f9
SAP Afaria 7 Denial Of Service
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP Afaria version 7 suffers from a denial of service vulnerability in the XcListener module XeClient.Dll.

tags | advisory, denial of service
advisories | CVE-2015-2820
SHA-256 | 4503c9ec3011161fd5c3290385f680e3e08aa75980cccaccad5ba5c7f657478f
SAP NetWeaver Portal 7.31 XXE Injection
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.

tags | advisory, denial of service, xxe
advisories | CVE-2015-2811
SHA-256 | b46458ceeb29478ddffbd1e176b6e2695088708178f75445d879b1a591dbce9f
SAP NetWeaver Portal 7.31 XXE Injection
Posted Jun 18, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. The problem is caused by a program error in 'ValidationComponent' due to the incorrect use of an XML parser. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.

tags | advisory, denial of service, xxe
advisories | CVE-2015-2812
SHA-256 | 9756bc993b8745281faa7c356860f96edc0f791cd1ec7201932b24da9da7b059
SAP XXE / Hardcoded Credentials / SQL Injection / Overflow
Posted Jun 11, 2015
Authored by Darya Maenkova, Diana Grigorieva, Rustem Gazizov, Vahagn Vardanyan

SAP has released the monthly critical patch update for June 2015. This patch update closes buffer overflow, remote SQL injection, XML eXternal Entity, and hardcoded credentials vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection, xxe
advisories | CVE-2015-0204
SHA-256 | 19387f24cc2e3fc9d5721e3adda4e660354e12481fa568f2e559c14584e13347
Page 2 of 2
Back12Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close