what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files from Mariano Nunez Di Croce

Email addressmnunez at cybsec.com
First Active2005-12-18
Last Active2013-02-22
SAP SDM Denial Of Service
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce, Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.

tags | advisory, denial of service
SHA-256 | b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ec
SAP Portal PDC Information Disclosure
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.

tags | advisory
SHA-256 | ec578a095f1a6d51c543b8f60172c4da01037681852bb0569b01951f9eb78573
SAP WebAS Malicious SAP Shortcut Generation
Posted Sep 15, 2011
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - Weaknesses in the SAP WebAS system allow for malicious shortcut generation. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

tags | advisory, vulnerability
SHA-256 | 32765a43c85053cc199a128f6134c3af8ada30764b99921dd00412a849720679
SAP WebAS webrfc Cross Site Scripting
Posted Sep 15, 2011
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - SAP WebAS suffers from a cross site scripting vulnerability. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

tags | advisory, vulnerability, xss
SHA-256 | da774926d74eeaa735ada09954cd7b6d44b6f03c5ce42072d67b01799a0d56c5
SAP WebAS Remote Denial Of Service
Posted Sep 15, 2011
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

tags | advisory, denial of service
SHA-256 | de1a526a09377a0ed8182d857eb00916bfdd1fa815f7b172bc6f5c71f72ee65e
SAP WebAS Integrated ITS Remote Command Execution
Posted Jan 20, 2010
Authored by Mariano Nunez Di Croce

SAP WebAS Integrated ITS suffers from a remote command execution vulnerability.

tags | advisory, remote
SHA-256 | 6235e661b3b9fe406aecbd27c564491890152c26c55f0577cd6fc7e05d2762ae
SAP Penetration Testing With Sapyto
Posted Apr 17, 2009
Authored by Mariano Nunez Di Croce

Whitepaper called SAP Penetration Testing with Sapyto.

tags | paper
SHA-256 | 74600147b1192eff71ef757b0e9db5e7916f75dcbe26c2c40be69feabefd314e
CYBSEC-Whitepaper-Exploiting_SAP_Internals.pdf
Posted Apr 5, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

Whitepaper: Exploiting SAP Internals - A Security Analysis Of The RFC Interface Implementation.

tags | paper
SHA-256 | 0732519307bc916b1b18f10d66d1fd69f74362b7918402bd5d249ef1ba2705d2
CYBSEC-saprfssprfc.txt
Posted Apr 5, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP RFC_START_PROGRAM RFC function suffers from multiple vulnerabilities.

tags | advisory, vulnerability
SHA-256 | ac7ef1eac9ba811abdf99588177632db3f04369bb304d5674db0d799f8228970
CYBSEC-saprfssetreg.txt
Posted Apr 5, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP RFC_SET_REG_SERVER_PROPERTY RFC function suffers from a denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 09f1ece6c60c3b0e0bea1d3fd0ea49edb973f4c9c377c372328210861800014e
CYBSEC-sapscirfc.txt
Posted Apr 5, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP SYSTEM_CREATE_INSTANCE RFC function suffers from a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 6a447c9832bec0007019cc9acd2c0fb6f2ba529a1044018d6f1406eede127a6f
CYBSEC-saprfssgr.txt
Posted Apr 5, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP RFC_START_GUI RFC function suffers from a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 92e40159fe8d7ef5f7db52e7a033e3c69152e8936976c21c2295d2c8412b66c7
CYBSEC-saprfcstart.txt
Posted Apr 5, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP RFC_START_PROGRAM RFC function suffers from multiple vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 8c63eeebc53a49379d04e3a80f706807c750d399d670db9dec3308d3a570ba97
CYBSEC-stssrfc.txt
Posted Apr 5, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP TRUSTED_SYSTEM_SECURITY RFC function suffers from an information disclosure.

tags | advisory, info disclosure
SHA-256 | 6a52038918a95ee84b04a5f54bc086257f7d0863c0dc06dc534c043963763df5
CYBSEC-presapigsbo.txt
Posted Jan 20, 2007
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - A specially crafted HTTP request can trigger a remote buffer overflow in SAP IGS service.

tags | advisory, remote, web, overflow
SHA-256 | 140dce31f80c33f96fc4f5fb9d11c258d9cfcfeed32188954f44e87decf132c7
CYBSEC-Arbitrary.txt
Posted Dec 6, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - A specially crafted HTTP request can remove any file located in SAP IGS file-system. SAP IGS versions 6.40 Patchlevel 16 and below and 7.00 Patchlevel 6 and below are affected.

tags | advisory, web
SHA-256 | 992d1c3e589ee06443567d8375401c73114e94090b39202776695427f219875f
CYBSEC-SAP-IGS.txt
Posted Dec 6, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - Undocumented features have been discovered in SAP IGS service, some of which may signify security risks. SAP IGS versions 6.40 Patchlevel 15 and below and 7.00 Patchlevel 3 and below are affected.

tags | advisory
SHA-256 | a54d1cedef3e5d18339a313268d765c9d82972cf5f13660663dec05e76e801b6
CYBSEC-MSDHCP.txt
Posted Aug 30, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client Service. Affected products include Microsoft Windows 2000 SP4 and below, Microsoft Windows XP SP2 and below, and Microsoft Windows 2003 SP1 and below.

tags | advisory, remote, overflow
systems | windows
SHA-256 | 8272a8546f4126084dc45255ec9b3853da45de6ef9b21be144a6b6b8450aad68
CYBSEC-SAPIGSBO.txt
Posted Aug 27, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP Internet Graphics Service (IGS) suffers from a buffer overflow condition.

tags | advisory, overflow
SHA-256 | 823b0b5aa7b72a6a392e4e6d2319704ca685d846f6cec087d50131209bfffdf8
CYBSEC-SAPIGSDOS.txt
Posted Aug 27, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP Internet Graphics Service (IGS) suffers from a remote denial of service condition.

tags | advisory, remote, denial of service
SHA-256 | 560c9199e750ccd40c8e6ab6dc3c183fed036f528202e10c19ca1839423f997e
CYBSEC-mswinDHCP.txt
Posted Jul 12, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client service. Affected include Microsoft Windows 2000 SP4 and below, Microsoft Windows XP SP2 and below, and Microsoft Windows 2003 SP1 and below.

tags | advisory, remote, overflow
systems | windows
SHA-256 | f0b8a04ebf77fe02b596538c5c1cb68e368d924a0210b5216832db0dd11aeda9
AppScanQA-RemoteCodeExec-PoC.zip
Posted Dec 18, 2005
Authored by Mariano Nunez Di Croce | Site cybsec.com

Proof of concept exploit for AppScan QA versions 5.0.x that stages itself as a webserver and exploits a buffer overflow via the WWW-Authenticate header of a 401 HTTP response.

tags | exploit, web, overflow, proof of concept
SHA-256 | 8e6c615c470e86daee1e69fc755f9f8e66eaf7382354ecd5c7fd8dc9c81e3cba
cybsec-watchfire.txt
Posted Dec 18, 2005
Authored by Mariano Nunez Di Croce | Site cybsec.com

AppScan QA versions 5.0.x suffer from a buffer overflow vulnerability in the WWW-Authenticate header of a 401 HTTP response.

tags | advisory, web, overflow
SHA-256 | 104be83a892484026296785d17b54f2095e4f81aab9af133e34a48ec4a771b2f
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close