CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 1CVE-2005-3633
https://notcve.org/view.php?id=CVE-2005-3633
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. Vulnerabilidad de separación de respuesta HTTP en frameset.htm de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos inyectar cabeceras HTML de su elección mediante el parámetro sap-exiturl. • http://marc.info/?l=bugtraq&m=113156438708932&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/164 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf http://www.osvdb.org/20714 http://www.securityfocus.com/bid/15360 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23030 •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 2CVE-2005-3634 – SAP Web Application Server 6.x/7.0 - Open Redirection
https://notcve.org/view.php?id=CVE-2005-3634
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. frameset.htm en soporte de tiempo de ejecución BSP de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos cerrar la sesión de otros usuarios y redirigirlos a sitios web arbitrarios mediante un comando de cierre en el parámetro sap-sessioncmd y una URL en el parámetro sap-exiturl. • https://www.exploit-db.com/exploits/26488 http://marc.info/?l=bugtraq&m=113156525006667&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/163 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.securityfocus.com/bid/15362 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 3CVE-2005-3636 – SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3636
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 permite a atacantes remotos inyectar script web arbitrario o HTML mediante Error Pages. • https://www.exploit-db.com/exploits/26486 http://marc.info/?l=bugtraq&m=113156601505542&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/162 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.osvdb.org/20715 http://www.securityfocus.com/bid/15361 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities&#x •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2001-0366
https://notcve.org/view.php?id=CVE-2001-0366
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. • ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol http://www.securityfocus.com/archive/1/180498 http://www.securityfocus.com/bid/2662 https://exchange.xforce.ibmcloud.com/vulnerabilities/6487 •