exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

Files from Yvan Genuer

First Active2021-03-26
Last Active2021-10-22
SAP Enterprise Portal Sensitive Data Disclosure
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal suffers from an sensitive information disclosure vulnerability in the com.sapportals.navigation.testComponent.NavigationRequestSniffer servlet.

tags | advisory, info disclosure
advisories | CVE-2021-33687
MD5 | 61f49ec4e078bf89a71c995b274bd403
SAP NetWeaver ABAP IGS Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

The SAP NetWeaver ABAP IGS service suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-27620, CVE-2021-27622, CVE-2021-27624, CVE-2021-27625, CVE-2021-27626, CVE-2021-27627
MD5 | a1faa76c73eb95977c279bc7a00beab0
SAP NetWeaver ABAP Gateway Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

The SAP NetWeaver ABAP Gateway service suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-27597, CVE-2021-27633, CVE-2021-27634
MD5 | 61146f452932ba3f9a85618de0e61ace
SAP NetWeaver ABAP Enqueue Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP NetWeaver ABAP Enqueue service suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-27606, CVE-2021-27629, CVE-2021-27630, CVE-2021-27631, CVE-2021-27632
MD5 | 912e8b6998f6a856fc386f297ba25cdb
SAP NetWeaver ABAP Dispatcher Service Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP NetWeaver ABAP Dispatcher service suffers from memory corruption vulnerabilities. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable.

tags | advisory, vulnerability
advisories | CVE-2021-27607, CVE-2021-27628
MD5 | 193e1f65a754d8cc0b6e9c8b052b998f
SAP Solution Manager 7.20 Missing Authorization
Posted Jun 15, 2021
Authored by Nahuel D. Sanchez, Pablo Artuso, Yvan Genuer | Site onapsis.com

Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.

tags | advisory, remote
advisories | CVE-2020-6207
MD5 | 62aaf9c152dbff873c27f124cdf380f7
SAP Wily Introscope Enterprise Default Hard-Coded Credentials
Posted Jun 15, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from having default hard-coded credentials.

tags | advisory
advisories | CVE-2020-6369
MD5 | d13861d3e7212000e317b5eb1f5fb56a
SAP Wily Introscope Enterprise OS Command Injection
Posted Jun 15, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.

tags | advisory
advisories | CVE-2020-6364
MD5 | 4b0d282794d5c7c88267eac6caf02689
SAP Solution Manager 7.2 (ST 720) Open Redirection
Posted Jun 15, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Solution Manager version 7.2 (ST 720) suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2020-26836
MD5 | 0bceca4b1380d2874af8c29d32b034d7
SAP Solution Manager 7.2 Remote Command Execution
Posted Mar 26, 2021
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.

tags | exploit, java, remote, web, shell
advisories | CVE-2020-6207
MD5 | 1c233a9f84fe24a1f701e2b602123168
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close