Vulnerabilities > SAP > Sapgui

DATE CVE VULNERABILITY TITLE RISK
2009-04-01 CVE-2007-4475 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui
Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.
network
sap CWE-119
critical
9.3
2008-11-10 CVE-2008-4387 Code Injection vulnerability in multiple products
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
9.3
2008-02-06 CVE-2008-0621 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui, Saplpd and Sapsprint
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
network
low complexity
sap CWE-119
7.5
2008-02-06 CVE-2008-0620 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui, Saplpd and Sapsprint
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.
network
low complexity
sap CWE-119
critical
10.0
2004-04-15 CVE-2003-1035 Unspecified vulnerability in SAP R 3 and Sapgui
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
network
low complexity
sap
7.5
2004-04-15 CVE-2002-1579 Denial of Service vulnerability in SAP SAPgui
SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.
network
low complexity
sap
5.0