CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 3CVE-2012-2512 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2512
15 May 2012 — The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función DiagTraceStreamI en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el Dispatcher en SAP NetWeaver v7.0 EHP1 EHP2 permite a atacantes remotos causar una denegación de servicio (caída del servicio) mediante un paquete SAP Diag manipulado. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 15%CPEs: 2EXPL: 3CVE-2012-2513 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2513
15 May 2012 — The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de Diaginput en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver v7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un paquete diseñado SAP Diag. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 3CVE-2012-2514 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2514
15 May 2012 — The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagiEventSource en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 77%CPEs: 2EXPL: 4CVE-2012-2611 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2611
15 May 2012 — The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. La función DiagTraceR3Info en el procesador Dialog en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el Dispatcher en SAP NetWeaver v7.0 EHP1 y EHP2, cuando está activada una configuración concreta de Dev... • https://www.exploit-db.com/exploits/20705 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 3CVE-2012-2612 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2612
15 May 2012 — The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagTraceHex en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2012-1289
https://notcve.org/view.php?id=CVE-2012-1289
23 Feb 2012 — Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. Múltiples vulnerabilidades de salto de directorio en la plataforma SAP NetWeaver v7.0 permite a usuarios remotos auten... • http://dsecrg.com/pages/vul/show.php?id=412 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1290
https://notcve.org/view.php?id=CVE-2012-1290
23 Feb 2012 — Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en b2b/auction/container.jsp en las ventas por Internet (crm.b2b) módulo en la plataforma SAP NetWeaver v7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro _loadPage. • http://dsecrg.com/pages/vul/show.php?id=414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1291
https://notcve.org/view.php?id=CVE-2012-1291
23 Feb 2012 — Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. Una vulnerabilidad no especificada en el servlet com.sap.aii.mdt.amt.web.AMTPageProcessor en SAP NetWeaver v7.0 permite a atacantes remotos obtener información sensible sobre el "Adapter Monitor" a través de vect... • http://dsecrg.com/pages/vul/show.php?id=415 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1292
https://notcve.org/view.php?id=CVE-2012-1292
23 Feb 2012 — Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. Vulnerabilidad no especificada en el servlet MessagingSystem en SAP NetWeaver v7.0 permite a atacantes remotos obtener información sensible acerca de los datos de rendimiento a través de vectores no especificados MessagingSystem. • http://dsecrg.com/pages/vul/show.php?id=416 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2904
https://notcve.org/view.php?id=CVE-2010-2904
28 Jul 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente System Landscape Directory (SLD) v6.4 hasta v7.02 en SAP NetWeaver, permite a atacantes remotos inyectar secuencia... • http://dsecrg.com/pages/vul/show.php?id=168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •