CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2007-1913
https://notcve.org/view.php?id=CVE-2007-1913
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. La función TRUSTED_SYSTEM_SECURITY en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos verificar la existencia de usuarios y grupos en sistemas y dominios mediante vectores no especificados, una vulnerabilidad diferente que CVE-2006-6010. NOTA: esta información está basada en revelaciones iniciales imprecisas. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2535 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf http://www.securityfocus.com/archive/1/464669/100/0/threaded http://www.securityfocus.com/bid/23305 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33423 •
CVSS: 10.0EPSS: 13%CPEs: 13EXPL: 0CVE-2007-1917
https://notcve.org/view.php?id=CVE-2007-1917
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Desbordamiento de búfer en la función SYSTEM_CREATE_INSTANCE en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: esta información está basada en revelaciones iniciales imprecisas. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2536 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.securityfocus.com/archive/1/464683/100/0/threaded http://www.securityfocus.com/bid/23307 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33416 •
CVSS: 10.0EPSS: 13%CPEs: 13EXPL: 0CVE-2007-1916
https://notcve.org/view.php?id=CVE-2007-1916
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Desbordamiento de búfer en la función RFC_START_GUI en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20061211 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. NOTA: Esta información se basa en una vaga descripción general. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2537 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.securityfocus.com/archive/1/464680/100/0/threaded http://www.securityfocus.com/bid/23304 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33420 •
CVSS: 5.0EPSS: 4%CPEs: 12EXPL: 0CVE-2007-1918
https://notcve.org/view.php?id=CVE-2007-1918
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. La función RFC_SET_REG_SERVER_PROPERTY en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20070109 implementa una opción para acceso exclusivo a un servidor RFC, lo cual permite a atacantes remotos provocar denegación de servico (cierre del cliente) a través de vectores no especificados. NOTA: Esta información se basa en una vaga descripción inicial. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2540 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.securityfocus.com/archive/1/464685/100/0/threaded http://www.securityfocus.com/bid/23309 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33418 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2006-7034
https://notcve.org/view.php?id=CVE-2006-7034
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat. • http://securityreason.com/securityalert/2285 http://www.securityfocus.com/archive/1/435166/30/4680/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 •