exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

SAP TREX 7.10 Revision 63 Remote File Read
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP TREX 7.10 revision 63 suffers from a remote file read vulnerability.

tags | advisory, remote
advisories | CVE-2016-6139
SHA-256 | e3509536f1ca1b383605ab1ab9d476c85a741c1fa9c35209743c2a2e449c5690

Related Files

SAP SLDREG Memory Corruption
Posted Oct 12, 2016
Authored by Nahuel Sanchez | Site onapsis.com

The SAP SLD Registration Program suffers from a memory corruption vulnerability.

tags | advisory
advisories | CVE-2016-3638
SHA-256 | 6613992a8db68e022fadcfa82d295027ac7dfc10434063952bbd3805c4a0744f
SAP Console 7.30 Insecure Password Storage
Posted Oct 11, 2016
Authored by Nahuel Sanchez | Site onapsis.com

SAP Console version 7.30 suffers from an insecure password storage vulnerability.

tags | advisory
advisories | CVE-2016-3946
SHA-256 | 15549212a42e06cbf90b62f838891fe78927981e3ff983ba5baa76bf21aa875c
SAP Netweaver 7.4 UCON Security Protection Bypass
Posted Oct 11, 2016
Authored by Sergio Abraham, Pablo Muller | Site onapsis.com

SAP Netweaver version 7.4 suffers from a UCON security protection bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2016-3635
SHA-256 | b6b6da161f5f6d99d64676628f359e1d03196f8e0db85b8e37097dc37b2fefce
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0424
SHA-256 | 889f5e3dd07c7308e8658794c8da5c0f5284acb131eb8f9f9a5633ddc0a01a18
JD Edwards 9.1 EnterpriseOne Server Create Users
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

Unauthenticated attackers could create users in the JD Edwards 9.1 EnterpriseOne Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes.

tags | advisory
advisories | CVE-2016-0420
SHA-256 | ca565817d3ce7b6ada51f79927008a327710729db5d5e96af07939a94de5a0bd
JD Edwards 9.1 EnterpriseOne Server JDENet Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability in JDENET.

tags | advisory
advisories | CVE-2016-0422
SHA-256 | 4f1e778e88e221bb4ce3c6afa9a34ba2a2c2b9ca7fc096f5c96232f9c74fe045
JD Edwards 9.1 EnterpriseOne Server JDENET Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0423
SHA-256 | c8d127427c2da707a52dde5b0e9cf0feca87adcede5955d36f02c566422d65b7
JD Edwards 9.1 EnterpriseOne Server Manager Shutdown
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a shutdown vulnerability.

tags | advisory
advisories | CVE-2016-0421
SHA-256 | f554646aa3f6dfa37e5cf970dfccc59f2a82098df1f7e66dec5919c9d1c7de0d
JD Edwards 9.1 EnterpriseOne Server Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability.

tags | advisory
advisories | CVE-2016-0425
SHA-256 | f62b06ca46ce6a950bf75e81bcd7d1a68c1c5faa0828341fcfd2c92b0be3d0e8
SAP HANA DB 1.00.091.00.1418659308 Password Disclosure
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP HANA DB version 1.00.091.00.1418659308 suffers from a password disclosure vulnerability.

tags | advisory
advisories | CVE-2016-3640
SHA-256 | 20d119aebb419f9c23fcacb993de3aea0f03fe535415bd530f18ffac68545a77
SAP HANA 1.00.091.00.1418659308 Information Disclosure
Posted Aug 19, 2016
Authored by Fernando Russ, Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA version 1.00.091.00.1418659308 suffers from a get topology information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-3639
SHA-256 | e75c9fed09b354564d28969a1389e8b9410fd2173c6b155ffb2381ac96e43e93
SAP HANA SQL Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2015-7994
SHA-256 | 452d1a9996ba393f6b9c5cf4b5b001a36702b192a2e336e89d2fffbec3daa5b4
SAP HANA HTTP Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, web, denial of service, arbitrary
advisories | CVE-2015-7993
SHA-256 | 0595dbe7a6cdc3d86d9fb8380d5ccd7e90d4f8a5331a6fe9508210b22452807f
SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

A remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote
advisories | CVE-2015-7992
SHA-256 | df42acef48541c11c82cd7957ac153921812129c88dc7ce09ffb9228bde5244e
SAP HANA Remote Trace Disclosure
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

Due to a flaw in SAP HANA DB version 1.00.73.00.389160, a remote unauthenticated attacker could read remote logs containing technical information about the system which could help to facilitate further attacks against the system.

tags | advisory, remote
advisories | CVE-2015-7991
SHA-256 | fd289a49117a0a823798ba0eed96cdc41815b67bc8c0a02046f5482b8e5ad75b
SAP HANA TrexNet Command Execution
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham, Nahuel Sanchez | Site onapsis.com

Using the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.

tags | advisory, remote, arbitrary, protocol, python
advisories | CVE-2015-7828
SHA-256 | e4cccb6ea9d715363678d97b705a3ed4cfae92d173b1157c598542160cec7a0e
SAP HANA Drop Credentials SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.

tags | advisory, remote, sql injection
SHA-256 | d444a5ba1af38fd63f1e5f5e68d842b9592909177de11dc45575d4678f9cd8c4
SAP HANA getSqlTraceConfiguration SQL Injection
Posted Sep 29, 2015
Authored by Fernando Russ, Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.

tags | advisory, remote, sql injection
SHA-256 | eb43d022e8fddd6eecbc5626bd6c632f0e9e075f3e94ea6552a956f95eaf9793
SAP HANA User Creation Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.

tags | advisory, remote, xss
SHA-256 | 093745f32867efd7e25fa4d1c9f8e459a0b267da21290b330cd5539db3fe4689
SAP HANA Role Deletion Cross Site Scripting
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
SHA-256 | 6755cf7f8153415edfc191048e8bdf9b8ee3cf270ab9a887093629b129a6311c
SAP HANA Trace Configuration SQL Injection
Posted Sep 29, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.

tags | advisory, remote, sql injection
SHA-256 | 28e3ad290a4fc8f5f373142a21e20d0d46d3545bc5d3b66532fee4c38b603644
SAP HANA setTraceLevelsForXsApps SQL Injection
Posted Sep 29, 2015
Authored by Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won't be able to perform their assigned business operations.

tags | advisory, remote, sql injection
SHA-256 | 7869861a8cf7d5ac351d96a4bde8a820fc9cf69a49a6804cb69e0ab966bc97ce
SAP HANA test-net.xsjs Code Injection
Posted Sep 29, 2015
Authored by Nahuel D. Sanchez, Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.

tags | advisory, remote
SHA-256 | 536c2f5bd066d0dd00d1598734d6f710d8be3e982bbd78bef9d75361bc5754eb
SAP HANA _newUser SQL Injection
Posted Sep 29, 2015
Authored by Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - The SAP HANA _newUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.

tags | advisory, remote, sql injection
SHA-256 | f3b215fc645ed5adb73a39c5c8db51b7f63d88844aaeb6ee126baf1e0fc6ffda
SAP HANA _modifyUser SQL Injection
Posted Sep 29, 2015
Authored by Pablo Artuso | Site onapsis.com

Onapsis Security Advisory - The SAP HANA _modifyUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.

tags | advisory, remote, sql injection
SHA-256 | 2bf8dc1f0018c72dd7928ea2e39a57b4c7a243e7a5cde3f12425bfe6876cac15
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close