Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-16 | CVE-2005-3636 | Cross-Site Scripting vulnerability in SAP web Application Server 6.10 Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. network sap | 4.3 |
2005-11-16 | CVE-2005-3635 | Cross-Site Scripting vulnerability in SAP Web Application Server Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. network sap | 4.3 |
2005-11-16 | CVE-2005-3634 | Unspecified vulnerability in SAP web Application Server frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | 5.0 |
2005-11-16 | CVE-2005-3633 | Unspecified vulnerability in SAP web Application Server HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | 5.0 |
2005-07-26 | CVE-2005-1691 | Unspecified vulnerability in SAP R 3 Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. | 5.0 |
2004-04-15 | CVE-2003-1039 | Remote Security vulnerability in Mysap Business Suite Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server. | 7.5 |
2004-04-15 | CVE-2003-1038 | Information Disclosure vulnerability in Internet Transaction Server 4620.2.0.323011 The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. | 5.0 |
2004-04-15 | CVE-2003-1037 | Remote Security vulnerability in Internet Transaction Server 4620.2.0.323011 Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level." | 7.5 |
2004-04-15 | CVE-2003-1036 | Remote Security vulnerability in Internet Transaction Server 4620.2.0.323011 Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header. | 7.5 |
2004-04-15 | CVE-2003-1035 | Unspecified vulnerability in SAP R 3 and Sapgui The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. | 7.5 |