CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2003-1036
https://notcve.org/view.php?id=CVE-2003-1036
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header. Múltiples desbordamientos de búfer en el componente AGate de SAP Internet Transaction Server (ITS) permite a atacantes remotos ejecutar código arbitrario mediante parámetros (1) ~command, (2) ~runtimemode, o (3) ~session largos, o mediante una cabecera HTTP Content-Type larga. • http://www.phenoelit.de/stuff/Phenoelit20c3.pd https://exchange.xforce.ibmcloud.com/vulnerabilities/14186 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1038
https://notcve.org/view.php?id=CVE-2003-1038
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. El componente AGate de SAP Internet Transaction Server (ITS) permite a atacantes remotos obtener información sensible mediante un parámetro ~command con un valor AgateInstallCheck, lo que proporciona una lista de DLLs instaladas y rutas completas. • http://www.phenoelit.de/stuff/Phenoelit20c3.pd https://exchange.xforce.ibmcloud.com/vulnerabilities/15516 •
CVSS: 5.0EPSS: 94%CPEs: 1EXPL: 3CVE-2003-0748 – sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal
https://notcve.org/view.php?id=CVE-2003-0748
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename. • https://www.exploit-db.com/exploits/23070 http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html http://www.securityfocus.com/bid/8516 https://exchange.xforce.ibmcloud.com/vulnerabilities/13066 •
CVSS: 5.0EPSS: 93%CPEs: 1EXPL: 3CVE-2003-0747 – SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure
https://notcve.org/view.php?id=CVE-2003-0747
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message. • https://www.exploit-db.com/exploits/23069 http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html http://www.securityfocus.com/bid/8515 https://exchange.xforce.ibmcloud.com/vulnerabilities/13063 •
CVSS: 6.8EPSS: 94%CPEs: 1EXPL: 3CVE-2003-0749 – SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0749
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter. The SAP Internet Transaction Server version 6.20 suffers from cross site scripting vulnerabilities. This is a really old vulnerability which just had its details released. • https://www.exploit-db.com/exploits/23071 http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html http://www.securityfocus.com/bid/8517 •