Author: Onapsis

Country:

Reported research: 25

Advisories

Risk	Topic & Details
Med.	SAP HANA SQL Login Remote Code Execution (CVE assigned) Remote \| 2015-11-10
High	SAP HANA HTTP Login Remote Code Execution (CVE assigned) Remote \| 2015-11-10
Med.	SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption (CVE assigned) Remote \| 2015-11-10
High	SAP HANA TrexNet Command Execution (CVE assigned) Remote \| 2015-11-10
Low	SAP HANA Remote Trace Disclosure (CVE assigned) Remote \| 2015-11-10
High	SAP Business Objects Memory Corruption Local \| 2015-09-23
Low	SAP HANA Log Injection (CVE assigned) Remote \| 2015-05-28
Med.	SAP HANA Information Disclosure (CVE assigned) Remote \| 2015-05-28
Low	SAP Business Objects Unauthorized Audit Information Access (CVE assigned) Remote \| 2015-02-26
Med.	SAP Business Objects Unauthorized Audit Information Delete (CVE assigned) Remote \| 2015-02-26
Med.	SAP Business Objects Unauthorized File Repository Server Read (CVE assigned) Remote \| 2015-02-26
Med.	SAP Business Objects Unauthorized File Repository Server Write (CVE assigned) Remote \| 2015-02-26
Low	SAP Netweaver Business Warehouse Missing Authorization (CVE assigned) Remote \| 2014-07-30
Low	SAP HANA XS Administration Tool Cross Site Scripting (CVE assigned) Remote \| 2014-07-30
Low	SAP HANA XS Missing Encryption (CVE assigned) Remote \| 2014-07-30
Low	SAP FI Manager Self-Service Hardcoded Username (CVE assigned) Remote \| 2014-07-30
Med.	SAP_JTECHS HTTP Verb Tampering (CVE assigned) Remote \| 2014-07-30
High	SAP HANA IU5 SDK Authentication Bypass (CVE assigned) Remote \| 2014-07-30
Med.	SAP SLD Information Tampering Remote \| 2014-06-07
Med.	SAP Software Lifecycle Manager Information Disclosure Remote \| 2014-04-29
Low	SAP Background Processing RFC Missing Authorization Remote \| 2014-04-29
High	SAP NW Portal WD Information Disclosure Remote \| 2014-04-29
Low	SAP BASIS Missing Authorization Check Local \| 2014-04-29
Low	SAP BusinessObjects InfoView Cross Site Scripting Remote \| 2014-04-29
Low	SAP Profile Maintenance Missing Authorization Remote \| 2014-04-29

Author: Onapsis

Reported research: 25

Advisories

Med.

SAP HANA SQL Login Remote Code Execution (CVE assigned)

Remote | 2015-11-10

High

SAP HANA HTTP Login Remote Code Execution (CVE assigned)

Remote | 2015-11-10

Med.

SAP HANA EXECUTE_SEARCH_RULE_SET Stored Procedure Memory Corruption (CVE assigned)

Remote | 2015-11-10

High

SAP HANA TrexNet Command Execution (CVE assigned)

Remote | 2015-11-10

Low

SAP HANA Remote Trace Disclosure (CVE assigned)

Remote | 2015-11-10

High

Local | 2015-09-23

Low

SAP HANA Log Injection (CVE assigned)

Remote | 2015-05-28

Med.

SAP HANA Information Disclosure (CVE assigned)

Remote | 2015-05-28

Low

SAP Business Objects Unauthorized Audit Information Access (CVE assigned)

Remote | 2015-02-26

Med.

SAP Business Objects Unauthorized Audit Information Delete (CVE assigned)

Remote | 2015-02-26

Med.

SAP Business Objects Unauthorized File Repository Server Read (CVE assigned)

Remote | 2015-02-26

Med.

SAP Business Objects Unauthorized File Repository Server Write (CVE assigned)

Remote | 2015-02-26

Low

SAP Netweaver Business Warehouse Missing Authorization (CVE assigned)

Remote | 2014-07-30

Low

SAP HANA XS Administration Tool Cross Site Scripting (CVE assigned)

Remote | 2014-07-30

Low

SAP HANA XS Missing Encryption (CVE assigned)

Remote | 2014-07-30

Low

SAP FI Manager Self-Service Hardcoded Username (CVE assigned)

Remote | 2014-07-30

Med.

SAP_JTECHS HTTP Verb Tampering (CVE assigned)

Remote | 2014-07-30

High

SAP HANA IU5 SDK Authentication Bypass (CVE assigned)

Remote | 2014-07-30

Med.

Remote | 2014-06-07

Med.

Remote | 2014-04-29

Low

Remote | 2014-04-29

High

Remote | 2014-04-29

Low

Local | 2014-04-29

Low

Remote | 2014-04-29

Low

Remote | 2014-04-29

Do you know.. we can display your:

- Twitter Link - Website Link - Zone-H Link - Description of profile - email (let us know if you want show public)

Let's us know! submit@cxsec.org

- Twitter Link
- Website Link
- Zone-H Link
- Description of profile
- email (let us know if you want show public)