exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

SAP Enterprise Portal iviewCatcherEditor Server-Side Request Forgery
Posted Jan 27, 2022
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal with EP-RUNTIME component versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 suffer from a iviewCatcherEditor server-side request forgery vulnerability.

tags | advisory
advisories | CVE-2021-33705
SHA-256 | 05b826d203ad0d9639e1eddd559c1655d47d3c184d59c75033d4f4a70566519d

Related Files

SAP Enterprise Portal XSLT Injection
Posted Jan 27, 2022
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal with ENGINEAPI versions 7.10, 7.30, 7.31, 7.40, and 7.50 suffers from an XSLT injection vulnerability.

tags | advisory
advisories | CVE-2021-37531
SHA-256 | da6ac9ab738f2080b02cc97608aef6a101c7d751b2f8886505ca291243379d5f
SAP Enterprise Portal Open Redirect
Posted Jan 27, 2022
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from an open redirection vulnerability.

tags | advisory
advisories | CVE-2021-33707
SHA-256 | 31e789c3fc612f938cd56d5fab9f4d359a5679a1c9bc3ae446b98afd67ad0c83
SAP Enterprise Portal RunContentCreation Cross Site Scripting
Posted Jan 27, 2022
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from a RunContentCreation cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2021-33703
SHA-256 | df15ae63bb5d2b8fdb14db62a9d66eaecfae3239f8b258e8b84c90806fe26742
SAP Enterprise Portal NavigationReporter Cross Site Scripting
Posted Jan 27, 2022
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal with EP-RUNTIME component versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 suffer from a NavigationReporter cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2021-33702
SHA-256 | ee2d0a75bef9c35261f7c80c337b71a54f659bac383ea7ae746759f207a06a8c
SAP Enterprise Portal Sensitive Data Disclosure
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal suffers from an sensitive information disclosure vulnerability in the com.sapportals.navigation.testComponent.NavigationRequestSniffer servlet.

tags | advisory, info disclosure
advisories | CVE-2021-33687
SHA-256 | 4a8db7aa8f258b1769fbf97ddef33a9c7b31c57775fc5b0aaae9d89f1808d5c0
SAP Enterprise Portal 7.50 Cross Site Scripting
Posted Sep 29, 2017
Authored by Imran Khan

SAP Enterprise Portal versions 7.50 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2017-10701
SHA-256 | 4503b81eaafa421596f9ee7c02f6584b28692f5ce5d6d382856e0da15b47ab1b
SAP SLDREG Memory Corruption
Posted Oct 12, 2016
Authored by Nahuel Sanchez | Site onapsis.com

The SAP SLD Registration Program suffers from a memory corruption vulnerability.

tags | advisory
advisories | CVE-2016-3638
SHA-256 | 6613992a8db68e022fadcfa82d295027ac7dfc10434063952bbd3805c4a0744f
SAP Console 7.30 Insecure Password Storage
Posted Oct 11, 2016
Authored by Nahuel Sanchez | Site onapsis.com

SAP Console version 7.30 suffers from an insecure password storage vulnerability.

tags | advisory
advisories | CVE-2016-3946
SHA-256 | 15549212a42e06cbf90b62f838891fe78927981e3ff983ba5baa76bf21aa875c
SAP Netweaver 7.4 UCON Security Protection Bypass
Posted Oct 11, 2016
Authored by Sergio Abraham, Pablo Muller | Site onapsis.com

SAP Netweaver version 7.4 suffers from a UCON security protection bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2016-3635
SHA-256 | b6b6da161f5f6d99d64676628f359e1d03196f8e0db85b8e37097dc37b2fefce
Oracle E-Business Suite 12.2 Cross Site Scripting
Posted Aug 30, 2016
Authored by Matias Mevied | Site onapsis.com

Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-3436
SHA-256 | 4dbd32f1e827b9fbc232549a7899763b8c70b67a7074a0a1624dd746f94353b4
Oracle E-Business Suite 12.2 Cross Site Scripting
Posted Aug 30, 2016
Authored by Matias Mevied | Site onapsis.com

Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-3439
SHA-256 | 4248daa0121eaa86e6b714139fadeeeec921c2b5e1fca28b45f54bf775e87f96
Oracle E-Business Suite 12.2 Cross Site Scripting
Posted Aug 30, 2016
Authored by Matias Mevied | Site onapsis.com

Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-3438
SHA-256 | d4ca9abf8207c6975fcc66ecc45a548f67b27bb8793df0a127fb71210092aeea
Oracle E-Business Suite 12.2 Cross Site Scripting
Posted Aug 30, 2016
Authored by Matias Mevied | Site onapsis.com

Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-3437
SHA-256 | 554e04de0e954a1d4192207c20fc07b4bd10869bb459eb7fde19ec15034a2eec
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0424
SHA-256 | 889f5e3dd07c7308e8658794c8da5c0f5284acb131eb8f9f9a5633ddc0a01a18
JD Edwards 9.1 EnterpriseOne Server Create Users
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

Unauthenticated attackers could create users in the JD Edwards 9.1 EnterpriseOne Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes.

tags | advisory
advisories | CVE-2016-0420
SHA-256 | ca565817d3ce7b6ada51f79927008a327710729db5d5e96af07939a94de5a0bd
JD Edwards 9.1 EnterpriseOne Server JDENet Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability in JDENET.

tags | advisory
advisories | CVE-2016-0422
SHA-256 | 4f1e778e88e221bb4ce3c6afa9a34ba2a2c2b9ca7fc096f5c96232f9c74fe045
JD Edwards 9.1 EnterpriseOne Server JDENET Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0423
SHA-256 | c8d127427c2da707a52dde5b0e9cf0feca87adcede5955d36f02c566422d65b7
JD Edwards 9.1 EnterpriseOne Server Manager Shutdown
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a shutdown vulnerability.

tags | advisory
advisories | CVE-2016-0421
SHA-256 | f554646aa3f6dfa37e5cf970dfccc59f2a82098df1f7e66dec5919c9d1c7de0d
JD Edwards 9.1 EnterpriseOne Server Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability.

tags | advisory
advisories | CVE-2016-0425
SHA-256 | f62b06ca46ce6a950bf75e81bcd7d1a68c1c5faa0828341fcfd2c92b0be3d0e8
SAP HANA DB 1.00.091.00.1418659308 Password Disclosure
Posted Aug 19, 2016
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

SAP HANA DB version 1.00.091.00.1418659308 suffers from a password disclosure vulnerability.

tags | advisory
advisories | CVE-2016-3640
SHA-256 | 20d119aebb419f9c23fcacb993de3aea0f03fe535415bd530f18ffac68545a77
SAP HANA 1.00.091.00.1418659308 Information Disclosure
Posted Aug 19, 2016
Authored by Fernando Russ, Pablo Artuso, Nahuel Sanchez | Site onapsis.com

SAP HANA version 1.00.091.00.1418659308 suffers from a get topology information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-3639
SHA-256 | e75c9fed09b354564d28969a1389e8b9410fd2173c6b155ffb2381ac96e43e93
SAP HANA SQL Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2015-7994
SHA-256 | 452d1a9996ba393f6b9c5cf4b5b001a36702b192a2e336e89d2fffbec3daa5b4
SAP HANA HTTP Login Remote Code Execution
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote, web, denial of service, arbitrary
advisories | CVE-2015-7993
SHA-256 | 0595dbe7a6cdc3d86d9fb8380d5ccd7e90d4f8a5331a6fe9508210b22452807f
SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption
Posted Nov 9, 2015
Authored by Nahuel Sanchez | Site onapsis.com

A remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.

tags | advisory, remote
advisories | CVE-2015-7992
SHA-256 | df42acef48541c11c82cd7957ac153921812129c88dc7ce09ffb9228bde5244e
SAP HANA Remote Trace Disclosure
Posted Nov 9, 2015
Authored by Juan Pablo Perez Etchegoyen, Sergio Abraham | Site onapsis.com

Due to a flaw in SAP HANA DB version 1.00.73.00.389160, a remote unauthenticated attacker could read remote logs containing technical information about the system which could help to facilitate further attacks against the system.

tags | advisory, remote
advisories | CVE-2015-7991
SHA-256 | fd289a49117a0a823798ba0eed96cdc41815b67bc8c0a02046f5482b8e5ad75b
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close