Version Française [x_custom_headline type=”none” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] Security researchers, from ERPScan, discover a vulnerability on SAP Gui and disclose it during last Troopers Conference. The vulnerability doesn’t impact directly the SAP …
Insomni’Hack write-up : “The Secr3tMgr Lock” challenge
The following write-up details a solution to one of the Insomni’Hack Capture The Flag challenge. Insomni’Hack is a Swiss security conference in Geneva which hosts an on-site CTF competition. https://insomnihack.ch/ …
One year of SAP vulnerabilities
Version Française [x_custom_headline type=”left” level=”h4″ looks_like=”h4″]Quick review[/x_custom_headline] This 13 December was the last ‘SAP Security Tuesday patch’ of the year. Now it is possible to make some reviews and comments …
[ALERT CERT] – Multiple WordPress vulnerabilities versions < 4.7.2
Three wordpress vulnerabilities have been disclosed those last few days : CVE-2017-5610 : Authorization bypass CVE-2017-5611 : SQL Injection CVE-2017-5612 : XSS Versions below 4.7.2 are concerned. The main conerne …
SAP with Oracle – Authentication problem
Version Française [x_custom_headline type=”left” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] In SAP version prior SAP Netweaver 7.40, for communication between Oracle and SAP purpose, the Oracle database is installed with the remote_os_authent parameter enable. …
Compromising SAP by exploiting the RFC Gateway
Version Française [x_custom_headline type=”none” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] Some of SAP vulnerabilities couldn’t be ‘patched’, because they do not concern a bug in a program but a bad configuration of a service …
SAP is -also- vulnerable to injections
Version Française [x_custom_headline type=”none” level=”h4″ looks_like=”h4″]Introduction[/x_custom_headline] In July 2016, SAP has corrected a vulnerability in SAP Netweaver, every versions concerned : a SQL and Code injection, SAP Note 2311011 and …