Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6345 | Directory Traversal vulnerability in SAP Internet Graphics Service Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. | 7.5 |
| 2006-11-21 | CVE-2006-6011 | Denial-Of-Service vulnerability in SAP web Application Server 6.40 Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. | 5.0 |
| 2006-11-21 | CVE-2006-6010 | Information Disclosure vulnerability in Sap Web Application Server SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. | 5.0 |
| 2006-11-07 | CVE-2006-5785 | Remote Denial of Service vulnerability in SAP web Application Server 6.40/7.00 Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. | 5.0 |
| 2006-11-07 | CVE-2006-5784 | Remote Information Disclosure vulnerability in SAP web Application Server 6.40/7.00 Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. | 4.6 |
| 2006-10-03 | CVE-2006-5114 | Cross-Site Scripting vulnerability in SAP Internet Transaction Server 6.1/6.2 Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. network sap | 6.8 |
| 2006-08-14 | CVE-2006-4134 | Remote Denial Of Service vulnerability in SAP Internet Graphics Server Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. | 5.0 |
| 2006-08-14 | CVE-2006-4133 | Remote Buffer Overflow vulnerability in SAP Internet Graphics Server Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. | 7.5 |
| 2006-05-23 | CVE-2006-2547 | Local Privilege Escalation vulnerability in SAP SAPDBA Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling. | 10.0 |
| 2006-03-07 | CVE-2006-1039 | Code Injection vulnerability in SAP web Application Server 6.10/6.20/6.40 SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | 6.4 |