CVE-2007-3613 – SAP Internet Graphics Server 7.0 - 'ADM:GETLOGFILE?PARAMS' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3613
Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ADM:GETLOGFILE de SAP Internet Graphics Service (IGS) permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro PARAMS. • https://www.exploit-db.com/exploits/30279 http://osvdb.org/36480 http://secunia.com/advisories/25950 http://securityreason.com/securityalert/2865 http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-sap-internet-graphics-server http://www.securityfocus.com/archive/1/472889/100/0/threaded http://www.securityfocus.com/bid/24775 http://www.securitytracker.com/id?1018339 http://www.vupen.com/english/advisories/2007/2452 https://exchange.xforce.ibmcloud.com/vulnerabilities/35280 •
CVE-2006-6346
https://notcve.org/view.php?id=CVE-2006-6346
Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134. • http://secunia.com/advisories/23262 http://securityreason.com/securityalert/1985 http://securitytracker.com/id?1017341 http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf http://www.securityfocus.com/archive/1/453560/100/0/threaded http://www.securityfocus.com/bid/21448 http://www.vupen.com/english/advisories/2006/4863 https://exchange.xforce.ibmcloud.com/vulnerabilities/30766 •
CVE-2006-6345
https://notcve.org/view.php?id=CVE-2006-6345
Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134. Vulnerabilidad de salto de directorio en SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 y anteriores, y 7.00 Patchlevel 6 y anteriores, permite a atacantes remotos borrar ficheros de su elección mediante secuencias de salto de directorios en una petición HTTP. • http://secunia.com/advisories/23262 http://securityreason.com/securityalert/1986 http://securitytracker.com/id?1017342 http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf http://www.securityfocus.com/archive/1/453561/100/0/threaded http://www.securityfocus.com/bid/21449 http://www.vupen.com/english/advisories/2006/4863 https://exchange.xforce.ibmcloud.com/vulnerabilities/30765 •
CVE-2006-4134
https://notcve.org/view.php?id=CVE-2006-4134
Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Vulnerabilidad no especificada relacionado con un "defecto de diseño" en SAP Internet Graphics Service (IGS) 6.40 y anteriores y 7.00 y anteriores permite a un atacante remoto provocar denegación de servicio (caida de servicio) a través de respuestas HTTP. NOTA: Esta información está basada en un acceso al sistema vago. • http://marc.info/?l=bugtraq&m=115524314804055&w=2 http://secunia.com/advisories/21448 http://securityreason.com/securityalert/1390 http://securitytracker.com/id?1016675 http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Denial_of_Service.pdf http://www.securityfocus.com/archive/1/442838/100/0/threaded http://www.securityfocus.com/bid/19469 http://www.vupen.com/english/advisories/2006/3267 https://exchange.xforce.ibmcloud.com/vulnerabilities/28328 •
CVE-2006-4133
https://notcve.org/view.php?id=CVE-2006-4133
Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. Desbordamiento de búfer en SAP Internet Graphics Service (IGS) 6.40 y anteriores, y 7.00 y anteriores, permite a un atacante remoto provocar denegación de servicio (caida) o ejecutar código de su elección a través de respuestas HTTP. NOTA: esta información se basa sobre una información vaga. Los detalles serán actualizados una vez que el período de gracia haya terminado. • http://secunia.com/advisories/21448 http://securityreason.com/securityalert/1386 http://securitytracker.com/id?1016675 http://securitytracker.com/id?1017534 http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf http://www.kb.cert.org/vuls/id/259540 http://www.securityfocus.com/archive/1/442840/100/0/threaded http://www.securityfocus.com/archive/1/457286/100/0/threaded http://www.securityfocus.com/archive/1/472889/100/0/threaded http:// •