CVE-2018-11415 – SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-11415
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. SAP Internet Transaction Server (ITS) 6200.X.X tiene Cross-Site Scripting (XSS) reflejado mediante ciertos URI wgate. NOTA: el fabricante ha indicado que no se lanzarán más versiones de este producto. SAP Internet Transaction Server 6200.x suffers from session fixation and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44755 http://www.securityfocus.com/bid/104311 https://github.com/0xd0m7/SAP • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-5114 – SAP Internet Transaction Server 6.10/6.20 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5114
Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en wgate en SAP Internet Transaction Server (ITS) 6.1 y 6.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través de lo parámetros (1)~urlmime o (2) ~command, diferentes vectores que CVE-2003-0749. • https://www.exploit-db.com/exploits/28725 http://secunia.com/advisories/22171 http://securityreason.com/securityalert/1665 http://www.securityfocus.com/archive/1/447262/100/0/threaded http://www.securityfocus.com/bid/20244 http://www.vupen.com/english/advisories/2006/3894 https://exchange.xforce.ibmcloud.com/vulnerabilities/29245 •
CVE-2003-1037
https://notcve.org/view.php?id=CVE-2003-1037
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level." Vulnerabilidad de cadena de formato en el componente WGate de SAP Internet Transaction Server (ITS) permite a atacantes remotos ejecutar código arbitrario mediante un "nivel de traza" alto. • http://securitytracker.com/id?1009453 http://www.phenoelit.de/stuff/Phenoelit20c3.pd https://exchange.xforce.ibmcloud.com/vulnerabilities/15514 •
CVE-2003-1036
https://notcve.org/view.php?id=CVE-2003-1036
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header. Múltiples desbordamientos de búfer en el componente AGate de SAP Internet Transaction Server (ITS) permite a atacantes remotos ejecutar código arbitrario mediante parámetros (1) ~command, (2) ~runtimemode, o (3) ~session largos, o mediante una cabecera HTTP Content-Type larga. • http://www.phenoelit.de/stuff/Phenoelit20c3.pd https://exchange.xforce.ibmcloud.com/vulnerabilities/14186 •
CVE-2003-1038
https://notcve.org/view.php?id=CVE-2003-1038
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. El componente AGate de SAP Internet Transaction Server (ITS) permite a atacantes remotos obtener información sensible mediante un parámetro ~command con un valor AgateInstallCheck, lo que proporciona una lista de DLLs instaladas y rutas completas. • http://www.phenoelit.de/stuff/Phenoelit20c3.pd https://exchange.xforce.ibmcloud.com/vulnerabilities/15516 •