CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 3CVE-2005-3635 – SAP Web Application Server 6.x/7.0 - 'frameset.htm?sap-syscmd' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3635
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. Múltiples vulnerabilidades de scripting en en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 a 7.00 permiten a atacantes remotos inyectar scritp web arbitrario o HTML mediante (1) sap-syscmd y (2) el campo BspApplication en la aplicación de prueba SYSTEM PUBLIC. • https://www.exploit-db.com/exploits/26487 http://marc.info/?l=bugtraq&m=113156601505542&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/162 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.osvdb.org/20716 http://www.osvdb.org/20717 http://www.securityfocus.com/bid/15361 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchan •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 3CVE-2005-3636 – SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3636
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 permite a atacantes remotos inyectar script web arbitrario o HTML mediante Error Pages. • https://www.exploit-db.com/exploits/26486 http://marc.info/?l=bugtraq&m=113156601505542&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/162 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.osvdb.org/20715 http://www.securityfocus.com/bid/15361 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities&#x •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 2CVE-2005-3634 – SAP Web Application Server 6.x/7.0 - Open Redirection
https://notcve.org/view.php?id=CVE-2005-3634
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. frameset.htm en soporte de tiempo de ejecución BSP de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos cerrar la sesión de otros usuarios y redirigirlos a sitios web arbitrarios mediante un comando de cierre en el parámetro sap-sessioncmd y una URL en el parámetro sap-exiturl. • https://www.exploit-db.com/exploits/26488 http://marc.info/?l=bugtraq&m=113156525006667&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/163 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.securityfocus.com/bid/15362 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2001-0366
https://notcve.org/view.php?id=CVE-2001-0366
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. • ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol http://www.securityfocus.com/archive/1/180498 http://www.securityfocus.com/bid/2662 https://exchange.xforce.ibmcloud.com/vulnerabilities/6487 •