Vulnerabilities > CVE-2006-0731 - Unspecified vulnerability in SAP Business Connector
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SAP Business Connector 4.6/4.7 adapter-index.dsp url Variable Arbitrary Site Redirect. CVE-2006-0731. Remote exploit for linux platform id EDB-ID:27235 last seen 2016-02-03 modified 2006-02-15 published 2006-02-15 reporter Leandro Meiners source https://www.exploit-db.com/download/27235/ title SAP Business Connector 4.6/4.7 adapter-index.dsp url Variable Arbitrary Site Redirect description SAP Business Connector 4.6/4.7 chopSAPLog.dsp fullName Variable Arbitrary File Disclosure. CVE-2006-0731. Remote exploit for linux platform id EDB-ID:27233 last seen 2016-02-03 modified 2006-02-15 published 2006-02-15 reporter Leandro Meiners source https://www.exploit-db.com/download/27233/ title SAP Business Connector 4.6/4.7 chopSAPLog.dsp fullName Variable Arbitrary File Disclosure description SAP Business Connector 4.6/4.7 deleteSingle fullName Variable Arbitrary File Deletion. CVE-2006-0731. Remote exploit for linux platform id EDB-ID:27234 last seen 2016-02-03 modified 2006-02-15 published 2006-02-15 reporter Leandro Meiners source https://www.exploit-db.com/download/27234/ title SAP Business Connector 4.6/4.7 deleteSingle fullName Variable Arbitrary File Deletion
References
- http://secunia.com/advisories/18880
- http://securitytracker.com/id?1015639
- http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf
- http://www.securityfocus.com/archive/1/425056/100/0/threaded
- http://www.securityfocus.com/archive/1/434012/30/4980/threaded
- http://www.securityfocus.com/bid/16671
- http://www.vupen.com/english/advisories/2006/0611
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24751