OSNEXUS QuantaStor version 4 suffers from multiple information disclosure vulnerabilities including user enumeration.
0762c7d4aa2b0a1660c63fde56c7e91b852dcdf5a6a1019d3e8ed62845a1049fThe SAP SLD Registration Program suffers from a memory corruption vulnerability.
6613992a8db68e022fadcfa82d295027ac7dfc10434063952bbd3805c4a0744fSAP Console version 7.30 suffers from an insecure password storage vulnerability.
15549212a42e06cbf90b62f838891fe78927981e3ff983ba5baa76bf21aa875cSAP HANA SPS09 version 1.00.091.00.1418659308 suffers from an information disclosure vulnerability in EXPORT.
4a5f8342b24325e43b5343b266af9c9b8acc91107d4a6b28357e158112cec19fUnder certain conditions a remote authenticated attacker with IMPORT system privileges could potentially execute arbitrary code on SAP HANA DB version 1.00.73.00.389160.
837a43738fa05ae4c66c0884d724e8afff46e553af7b6eed1b6a5848bf68571eSAP TREX version 7.10 revision 63 suffers from a remote command execution vulnerability.
0819be6c462080645727510772e93d336c75a8827da0a93033522577a8a61c8cSAP TREX version 7.10 revision 63 suffers from a TNS information disclosure vulnerability in NameServer.
7b9adee861d5e668126c4a179eb39eaad2ab92fa481b23b056ff2cb62d5297a1SAP HANA DB version 1.00.091.00.1418659308 suffers from a user information disclosure vulnerability.
bdc9caa13cd84ad00e89d70d09818e47227a940de378774fee051e8ed6f20745Under certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.
90846e12e72d1c8e36bcc61d734f33cd6afd8c1e4ac21415a97d5ee087539cbbUnder certain conditions the SAP HANA platform is vulnerable to arbitrary injection in the audit trail, allowing remote authenticated attackers to write arbitrary fields in the SYSLOG. SAP HANA DB version 1.00.73.00.389160 is affected.
4fde45560f871d006837d95c07be63adc51799cd430904259656550cf718ae3fSAP HANA version 1.00.091.00.1418659308 suffers from a get topology information disclosure vulnerability.
e75c9fed09b354564d28969a1389e8b9410fd2173c6b155ffb2381ac96e43e93Sending a crafted packet to the SAP HANA SQL interface, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.
452d1a9996ba393f6b9c5cf4b5b001a36702b192a2e336e89d2fffbec3daa5b4By sending a crafted HTTP packet to the SAP HANA XS Server, a remote unauthenticated attacker could fully compromise the platform executing arbitrary code or performing a denial of service, thus rendering the platform unavailable until the next process restart. SAP HANA DB version 1.00.73.00.389160 is affected.
0595dbe7a6cdc3d86d9fb8380d5ccd7e90d4f8a5331a6fe9508210b22452807fA remote authenticated attacker could render the SAP HANA Platform unavailable to other users until the next process restart due to a memory corruption vulnerability. SAP HANA DB version 1.00.73.00.389160 is affected.
df42acef48541c11c82cd7957ac153921812129c88dc7ce09ffb9228bde5244eUsing the multiple methods available in the TrexNet protocol, a remote unauthenticated attacker could execute arbitrary operating system commands, python modules, read, write and delete files and directories, read environment information and also completely shut down the SAP HANA instance. The attacker could also send TMS queries to the NameSever component, which could allow him to retrieve technical information of the remote system such as configuration files. SAP HANA Database versions 1.00 SPS10 and below are affected.
e4cccb6ea9d715363678d97b705a3ed4cfae92d173b1157c598542160cec7a0eOnapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.
d444a5ba1af38fd63f1e5f5e68d842b9592909177de11dc45575d4678f9cd8c4Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.
eb43d022e8fddd6eecbc5626bd6c632f0e9e075f3e94ea6552a956f95eaf9793Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.
093745f32867efd7e25fa4d1c9f8e459a0b267da21290b330cd5539db3fe4689Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.
6755cf7f8153415edfc191048e8bdf9b8ee3cf270ab9a887093629b129a6311cOnapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.
28e3ad290a4fc8f5f373142a21e20d0d46d3545bc5d3b66532fee4c38b603644
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed