Total
12 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1039 | 1 Sap | 1 Sap Web Application Server | 2018-10-18 | 6.4 MEDIUM | N/A |
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | |||||
CVE-2006-6011 | 1 Sap | 1 Sap Web Application Server | 2018-10-17 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. | |||||
CVE-2006-6010 | 1 Sap | 1 Sap Web Application Server | 2018-10-17 | 5.0 MEDIUM | N/A |
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. | |||||
CVE-2006-5785 | 1 Sap | 1 Sap Web Application Server | 2018-10-17 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. | |||||
CVE-2006-5784 | 1 Sap | 1 Sap Web Application Server | 2018-10-17 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. | |||||
CVE-2007-3615 | 2 Microsoft, Sap | 3 All Windows, Internet Communication Manager, Sap Web Application Server | 2018-10-15 | 7.8 HIGH | N/A |
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. | |||||
CVE-2008-2421 | 1 Sap | 2 Sap Web Application Server, Web Dynpro | 2018-10-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. | |||||
CVE-2005-3633 | 1 Sap | 1 Sap Web Application Server | 2017-07-10 | 5.0 MEDIUM | N/A |
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | |||||
CVE-2005-3634 | 1 Sap | 1 Sap Web Application Server | 2017-07-10 | 5.0 MEDIUM | N/A |
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | |||||
CVE-2005-3635 | 1 Sap | 1 Sap Web Application Server | 2017-07-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. | |||||
CVE-2005-3636 | 1 Sap | 1 Sap Web Application Server | 2017-07-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. | |||||
CVE-2009-4603 | 1 Sap | 3 Sap Kernel, Sap Netweaver, Sap Web Application Server | 2010-01-13 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. |