CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2005-3636 – SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3636
16 Nov 2005 — Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 permite a atacantes remotos inyectar script web arbitrario o HTML mediante Error Pages. • https://www.exploit-db.com/exploits/26486 •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 3CVE-2005-3635 – SAP Web Application Server 6.x/7.0 - 'frameset.htm?sap-syscmd' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3635
16 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. Múltiples vulnerabilidades de scripting en en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 a 7.00 permiten a atacantes remotos inyectar scritp web arbitrario o HTML mediante (1) sap-syscmd y (2) el campo BspApplicatio... • https://www.exploit-db.com/exploits/26487 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2005-3633
https://notcve.org/view.php?id=CVE-2005-3633
16 Nov 2005 — HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. Vulnerabilidad de separación de respuesta HTTP en frameset.htm de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos inyectar cabeceras HTML de su elección mediante el parámetro sap-exiturl. • http://marc.info/?l=bugtraq&m=113156438708932&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2001-0366
https://notcve.org/view.php?id=CVE-2001-0366
27 Jun 2001 — saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. • ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol •