exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Jordan Santarsieri

First Active2011-01-13
Last Active2014-06-06
SAP SLD Information Tampering
Posted Jun 6, 2014
Authored by Jordan Santarsieri, Juan Pablo Perez Etchegoyen, Pablo Muller | Site onapsis.com

Onapsis Security Advisory - A remote unauthenticated attacker might be able to modify technical information about SAP systems potentially leading to a full compromise of all business information due to an SLD information tampering vulnerability.

tags | advisory, remote
SHA-256 | 38205de30d7077e9d7a6e240e956ac54d8c2700272a5830b5e2fc4a702ab4895
SAP BASIS Missing Authorization Check
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.

tags | advisory
SHA-256 | 256bd960fbdebcad59f543091e1b5400cedf42289a770e76797b5c696842db46
SAP NW Portal WD Information Disclosure
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.

tags | advisory, java
SHA-256 | f0232025c98889497fcb0c0b1d72442e16fc22b24d19905bd9ad64c3644c09bb
SAP Enterprise Portal Cross Site Scripting
Posted Feb 22, 2013
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.

tags | advisory
SHA-256 | 90263b999fd3713c409e968fef5750efe496d3c670dd404aa00e7175cccf16df
SAP SDM Denial Of Service
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce, Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.

tags | advisory, denial of service
SHA-256 | b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ec
SAP Management Console Information Disclosure
Posted Jan 13, 2011
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.

tags | advisory, remote
SHA-256 | f8e585a8af3d50d4d066bfa69bcef904e8d60df7cef2280ac90d36487128fbe9
SAP Management Console Unauthenticated Service Restart
Posted Jan 13, 2011
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.

tags | advisory, denial of service
SHA-256 | 4ecd09a62c8bf85b0453c91f958d8c715681b0c176803619a09cecc86fceb506
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close