exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Will Vandevanter

First Active2010-08-30
Last Active2015-09-23
SAP Business Objects Memory Corruption
Posted Sep 23, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.

tags | advisory
SHA-256 | 38f5d4c8882c9a29b1c46ec18ce9b8b283de108c7ffe457c455f9e65e781276c
SAP Business Objects Unauthorized Audit Information Access
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.

tags | advisory, remote
advisories | CVE-2015-2076
SHA-256 | 92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecd
SAP Business Objects Unauthorized Audit Information Delete
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.

tags | advisory, remote
advisories | CVE-2015-2075
SHA-256 | 525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0
SAP Business Objects Unauthorized File Repository Server Write
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2074
SHA-256 | 6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
SAP Business Objects Unauthorized File Repository Server Read
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2073
SHA-256 | b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
SAP HANA Web-based Development Workbench Cross Site Scripting
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.

tags | advisory, xss
advisories | CVE-2015-2072
SHA-256 | 5119b84d53c0c30a40ccbbf28464d82d82fe294a2f8499c0d10ba47627e64dc2
SAP Business Objects Search Token Privilege Escalation
Posted Dec 16, 2014
Authored by Will Vandevanter, Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.

tags | advisory, remote
advisories | CVE-2014-9320
SHA-256 | 572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6b
SAP HANA Web-based Development Workbench Code Injection
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - HANA Developer Edition contains a command injection vulnerability. Specifically, the page /sap/hana/ide/core/base/server/net.xsjs contains an eval call that is vulnerable to code injection. This allows an attacker to run arbitrary XSJS code in the context of the user logged in.

tags | advisory, arbitrary
SHA-256 | ad3e31557ce091efdac803b0fc631729b8952bdd6890a585f33c38a640073cb9
SAP BusinessObjects Persistent Cross Site Scripting
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - BusinessObjects BI "Send to Inbox" functionality can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
SHA-256 | fc6e3481d6a10b46f5b352e541dfd8aec324cca7559e359688ccf436f187c5b0
SAP Business Objects Information Disclosure Via CORBA
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - Business Objects CORBA listeners include the ability to run unauthenticated InfoStore queries via CORBA. Although some authorization is enforced, it is possible to obtain a considerable amount of information by making requests to the InfoStore via CORBA.

tags | advisory
SHA-256 | 1233021ed4ff9727768afcdb541cde12e5ea7d8e35d63148a89dec3c926c99a7
SAP HANA Reflective Cross Site Scripting
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA Developer Edition contains multiple reflected cross site scripting vulnerabilities (XSS) in the democontent area.

tags | advisory, vulnerability, xss
SHA-256 | d98ec0c662aa2e76ea7c61dcd491019b639f2b4fe8e0fc31991ae7f856d4d36a
SAP Business Objects Denial Of Service Via CORBA
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The CMS CORBA listener includes functions in the OSCAFactory::Session ORB that allows any user to remotely turn off that Business Objects server without authentication.

tags | advisory
SHA-256 | 015c719c07e543bf80326a0b0b90e68c039c96019a5f995a8b35d3ad683fea66
SAP Business Objects Information Disclosure
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - A malicious user can discover information relating to valid users using a vulnerable Business Objects Enterprise instance. This information could be used to allow the malicious user to specialize their attacks against the system.

tags | advisory
SHA-256 | 337ba40a7bd0ab6b8eb40dc9d8ae9c8aaf58f85ede87867ef98e421c0f7f094f
SAP HANA XS Administration Tool Cross Site Scripting
Posted Jul 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
SHA-256 | c6ed0fc760014885e4e1f29f5add689e261aa09131bbce902c5032d4d1638bfd
SAP BusinessObjects InfoView Cross Site Scripting
Posted Apr 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 4d161054fd847d69430573900f5115a49e4c02cca4ed535d5cd5fc6a1576f55b
Rapid7 Security Advisory 37
Posted Oct 15, 2010
Authored by H D Moore, Rapid7, Joshua D. Abraham, Will Vandevanter | Site rapid7.com

Rapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2010-0219
SHA-256 | 226db62066f2c56c87818ee78e4d00164861cd9e8d34858c75dc772b294bbff8
Rapid7 Security Advisory 36
Posted Aug 30, 2010
Authored by H D Moore, Rapid7, Will Vandevanter | Site rapid7.com

Rapid7 Security Advisory - FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulnerability has been confirmed on FCKEditor 2.5.1 and 2.6.6.

tags | exploit, remote, code execution, asp
advisories | CVE-2009-4444
SHA-256 | d7ff7819bc5c1b9397d022f19065769fe00e58d1169b50c1ef3b83d03e7b2950
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close