CVE-2006-1039 – SAP Web Application Server 6.x/7.0 - Input Validation
https://notcve.org/view.php?id=CVE-2006-1039
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. • https://www.exploit-db.com/exploits/27887 http://secunia.com/advisories/19085 http://securitytracker.com/id?1015702 http://www.securityfocus.com/archive/1/426449/100/0/threaded http://www.securityfocus.com/bid/18006 http://www.vupen.com/english/advisories/2006/0810 https://exchange.xforce.ibmcloud.com/vulnerabilities/25003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-3633
https://notcve.org/view.php?id=CVE-2005-3633
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. Vulnerabilidad de separación de respuesta HTTP en frameset.htm de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos inyectar cabeceras HTML de su elección mediante el parámetro sap-exiturl. • http://marc.info/?l=bugtraq&m=113156438708932&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/164 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf http://www.osvdb.org/20714 http://www.securityfocus.com/bid/15360 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23030 •
CVE-2005-3635 – SAP Web Application Server 6.x/7.0 - 'frameset.htm?sap-syscmd' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3635
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. Múltiples vulnerabilidades de scripting en en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 a 7.00 permiten a atacantes remotos inyectar scritp web arbitrario o HTML mediante (1) sap-syscmd y (2) el campo BspApplication en la aplicación de prueba SYSTEM PUBLIC. • https://www.exploit-db.com/exploits/26487 http://marc.info/?l=bugtraq&m=113156601505542&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/162 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.osvdb.org/20716 http://www.osvdb.org/20717 http://www.securityfocus.com/bid/15361 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchan •
CVE-2005-3634 – SAP Web Application Server 6.x/7.0 - Open Redirection
https://notcve.org/view.php?id=CVE-2005-3634
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. frameset.htm en soporte de tiempo de ejecución BSP de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos cerrar la sesión de otros usuarios y redirigirlos a sitios web arbitrarios mediante un comando de cierre en el parámetro sap-sessioncmd y una URL en el parámetro sap-exiturl. • https://www.exploit-db.com/exploits/26488 http://marc.info/?l=bugtraq&m=113156525006667&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/163 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.securityfocus.com/bid/15362 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 •