Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-14 | CVE-2006-4134 | Remote Denial Of Service vulnerability in SAP Internet Graphics Server Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. | 5.0 |
| 2006-03-07 | CVE-2006-1039 | Code Injection vulnerability in SAP web Application Server 6.10/6.20/6.40 SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | 6.4 |
| 2006-02-16 | CVE-2006-0732 | Remote Arbitrary File Access And Deletion vulnerability in SAP Business Connector 4.6/4.7 Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. | 6.4 |
| 2006-02-16 | CVE-2006-0731 | Unspecified vulnerability in SAP Business Connector WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | 4.0 |
| 2005-11-16 | CVE-2005-3636 | Cross-Site Scripting vulnerability in SAP web Application Server 6.10 Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. network sap | 4.3 |
| 2005-11-16 | CVE-2005-3635 | Cross-Site Scripting vulnerability in SAP Web Application Server Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. network sap | 4.3 |
| 2005-11-16 | CVE-2005-3634 | Unspecified vulnerability in SAP web Application Server frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | 5.0 |
| 2005-11-16 | CVE-2005-3633 | Unspecified vulnerability in SAP web Application Server HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | 5.0 |
| 2005-07-26 | CVE-2005-1691 | Unspecified vulnerability in SAP R 3 Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. | 5.0 |
| 2004-04-15 | CVE-2003-1038 | Information Disclosure vulnerability in Internet Transaction Server 4620.2.0.323011 The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. | 5.0 |