CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2011-5260
https://notcve.org/view.php?id=CVE-2011-5260
12 Feb 2013 — Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de comandos en sitio remoto (XSS) en SAP/BW/DOC/METADATA de SAP NetWeaver permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de página. • http://dsecrg.com/pages/vul/show.php?id=337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2011-5263
https://notcve.org/view.php?id=CVE-2011-5263
12 Feb 2013 — Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RetrieveMailExamples en SAP NetWeaver v7.30 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "server". • http://dsecrg.com/pages/vul/show.php?id=330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 14%CPEs: 2EXPL: 3CVE-2012-2511 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2511
15 May 2012 — The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagTraceAtoms en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver v7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un paquete diseñado SAP Diag. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 3CVE-2012-2512 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2512
15 May 2012 — The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función DiagTraceStreamI en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el Dispatcher en SAP NetWeaver v7.0 EHP1 EHP2 permite a atacantes remotos causar una denegación de servicio (caída del servicio) mediante un paquete SAP Diag manipulado. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 15%CPEs: 2EXPL: 3CVE-2012-2513 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2513
15 May 2012 — The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de Diaginput en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver v7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un paquete diseñado SAP Diag. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 3CVE-2012-2514 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2514
15 May 2012 — The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagiEventSource en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 77%CPEs: 2EXPL: 4CVE-2012-2611 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2611
15 May 2012 — The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. La función DiagTraceR3Info en el procesador Dialog en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el Dispatcher en SAP NetWeaver v7.0 EHP1 y EHP2, cuando está activada una configuración concreta de Dev... • https://www.exploit-db.com/exploits/20705 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 3CVE-2012-2612 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2612
15 May 2012 — The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagTraceHex en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2012-1289
https://notcve.org/view.php?id=CVE-2012-1289
23 Feb 2012 — Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. Múltiples vulnerabilidades de salto de directorio en la plataforma SAP NetWeaver v7.0 permite a usuarios remotos auten... • http://dsecrg.com/pages/vul/show.php?id=412 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1290
https://notcve.org/view.php?id=CVE-2012-1290
23 Feb 2012 — Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en b2b/auction/container.jsp en las ventas por Internet (crm.b2b) módulo en la plataforma SAP NetWeaver v7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro _loadPage. • http://dsecrg.com/pages/vul/show.php?id=414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •