exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Oracle JD Edwards SawKernel Arbitrary File Read
Posted Feb 24, 2012
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the JDESAW Kernel is configured (it is by default), then it would be possible to read any file on the system.

tags | advisory, kernel, tcp
advisories | CVE-2011-3509
MD5 | b7b9aca3d36a0b1787038a6daaaa0bf7

Related Files

SAP HANA DB Encryption Issue
Posted Aug 20, 2016
Authored by Sergio Abraham | Site onapsis.com

An error in the implementation results in no authentication/encryption being done for tenants services in "high isolation" mode on SAP HANA DB.

tags | advisory
advisories | CVE-2016-6150
MD5 | beadb1f4c826a7d6b297928208442dd7
SAP HANA DB 1.00.73.00.389160 Remote Code Execution
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions a remote authenticated attacker with IMPORT system privileges could potentially execute arbitrary code on SAP HANA DB version 1.00.73.00.389160.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6148
MD5 | e4731a31c8e968e89c68e9cce1e44342
SAP TREX 7.10 Revision 63 Remote Command Execution
Posted Aug 20, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

SAP TREX version 7.10 revision 63 suffers from a remote command execution vulnerability.

tags | advisory, remote
advisories | CVE-2016-6147
MD5 | 811fc2b0b78356bd151035beb96b211c
SAP TREX 7.10 Revision 63 NameServer TNS Information Disclosure
Posted Aug 20, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

SAP TREX version 7.10 revision 63 suffers from a TNS information disclosure vulnerability in NameServer.

tags | advisory, info disclosure
advisories | CVE-2016-6146
MD5 | 387fad6fc67f859b5fc254aa15f3c4a4
SAP HANA DB 1.00.091.00.1418659308 Information Disclosure
Posted Aug 20, 2016
Authored by Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA DB version 1.00.091.00.1418659308 suffers from a user information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-6145
MD5 | 3c82062e77a5e4d731a67f4f85c4c71a
SAP HANA DB 1.00.73.00.389160 SYSTEM User Brute Force
Posted Aug 20, 2016
Authored by Pablo Artuso | Site onapsis.com

SAP HANA DB version 1.00.73.00.389160 fails to institute any brute force protections for gaining access to the SYSTEM user.

tags | advisory
advisories | CVE-2016-6144
MD5 | 2907da9d8edcedb04840c013e82974f2
SAP HANA DB 1.00.73.00.389160 HTTP Request Audit Injection
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6143
MD5 | c9a1e691580b255e9025a21dd835bd20
SAP HANA DB 1.00.73.00.389160 SAP Protocol Audit Injection
Posted Aug 20, 2016
Authored by Nahuel Sanchez | Site onapsis.com

Under certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2016-6142
MD5 | ed49b79d319107fd5826c3978a617374
SAP TREX 7.10 Revision 63 Arbitrary File Write
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP TREX 7.10 revision 63 suffers from an arbitrary file write vulnerability.

tags | advisory, arbitrary
advisories | CVE-2016-6140
MD5 | 1a9cea5a8fb624d6549f804de5968650
SAP TREX 7.10 Revision 63 Remote File Read
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP TREX 7.10 revision 63 suffers from a remote file read vulnerability.

tags | advisory, remote
advisories | CVE-2016-6139
MD5 | 9edc88bf7ada9c7d0e3d3c50524da454
SAP TREX 7.10 Revision 63 Directory Traversal
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP TREX 7.10 revision 63 suffers from a remote directory traversal vulnerability.

tags | advisory, remote
advisories | CVE-2016-6138
MD5 | 71456e59ea6617331fd05179a05f46d1
SAP TREX 7.10 Revision 63 Remote Command Execution
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP TREX 7.10 revision 63 suffers from a remote command execution vulnerability.

tags | advisory, remote
advisories | CVE-2016-6137
MD5 | 6a800f5701df3fa19e3d6ee4826acae5
SAP HANA DB 1.00.091.00.1418659308 Password Disclosure
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP HANA DB version 1.00.091.00.1418659308 suffers from a password disclosure vulnerability.

tags | advisory
advisories | CVE-2016-3640
MD5 | cfd728799bb467d4d07f503ceb4af4b2
SAP HANA 1.00.091.00.1418659308 Information Disclosure
Posted Aug 19, 2016
Authored by Fernando Russ, Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA version 1.00.091.00.1418659308 suffers from a get topology information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-3639
MD5 | 50b14b6845906266bc31100b321d5698
SAP HANA SQL Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2015-7994
MD5 | 87c6ab0d16d32f13512459ca2eab53b2
SAP HANA HTTP Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, web, denial of service, arbitrary
advisories | CVE-2015-7993
MD5 | bb998eaaeca8875d2a710e5f16aa6bba
SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

A remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote
advisories | CVE-2015-7992
MD5 | e79efb7a313fea4cc3ab554c5cafc302
SAP HANA Remote Trace Disclosure
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

Due to a flaw in SAP HANA DB version 1.00.73.00.389160, a remote unauthenticated attacker could read remote logs containing technical information about the system which could help to facilitate further attacks against the system.

tags | advisory, remote
advisories | CVE-2015-7991
MD5 | 20418d4337d05109892d3a3ffa53a6ae
SAP HANA TrexNet Command Execution
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

Using the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.

tags | advisory, remote, arbitrary, protocol, python
advisories | CVE-2015-7828
MD5 | 2bd2e126c0c597ab90ac3829e6b06ded
SAP HANA Drop Credentials SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.

tags | advisory, remote, sql injection
MD5 | a6402db475df87bf86651eba28bcfc30
SAP HANA getSqlTraceConfiguration SQL Injection
Posted Sep 29, 2015
Authored by Fernando Russ, Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.

tags | advisory, remote, sql injection
MD5 | b20efa4c19f514ba212c26e4867acf3b
SAP HANA User Creation Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.

tags | advisory, remote, xss
MD5 | b86e2ed0cc2b299df4a08b42a5822d83
SAP HANA Role Deletion Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
MD5 | c651aa147ccce1311dcfa1b7e63159b4
SAP HANA Trace Configuration SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.

tags | advisory, remote, sql injection
MD5 | 244a9eaacffd2aaf4635e6f0f3891656
SAP HANA setTraceLevelsForXsApps SQL Injection
Posted Sep 29, 2015
Authored by Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won't be able to perform their assigned business operations.

tags | advisory, remote, sql injection
MD5 | 14b82dac7dd55d54893d48fa2d6fde05
Page 1 of 4
Back1234Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close