CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2011-5260
https://notcve.org/view.php?id=CVE-2011-5260
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de comandos en sitio remoto (XSS) en SAP/BW/DOC/METADATA de SAP NetWeaver permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de página. • http://dsecrg.com/pages/vul/show.php?id=337 http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4 http://www.securityfocus.com/archive/1/520555/100/0/threaded https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2011-5263
https://notcve.org/view.php?id=CVE-2011-5263
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RetrieveMailExamples en SAP NetWeaver v7.30 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "server". • http://dsecrg.com/pages/vul/show.php?id=330 http://secunia.com/advisories/45708 http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4 http://www.securityfocus.com/archive/1/520551/100/0/threaded http://www.securityfocus.com/bid/49266/info https://exchange.xforce.ibmcloud.com/vulnerabilities/69331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 10%CPEs: 3EXPL: 0CVE-2012-4341
https://notcve.org/view.php?id=CVE-2012-4341
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, en msg_server.exe en SAP NetWeaver ABAP v7.x permite a atacantes remotos causar una denegación de servicio (crash) y ejecutar código arbitrario a través de (1) un valor grande en un parámetro, (2) un campo de cadena manipulado, o (3) una cadena larga como nombre de parámetro en un paquete con (opcode) 0x43 y (sub opcode 0x4) a un puerto TCP 3900. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/49744 http://www.securitytracker.com/id?1027211 http://www.zerodayinitiative.com/advisories/ZDI-12-104 http://www.zerodayinitiative.com/advisories/ZDI-12-111 http://www.zerodayinitiative.com/advisories/ZDI-12-112 https://service.sap.com/sap/support/notes/1649838 https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 12%CPEs: 2EXPL: 3CVE-2012-2612 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2612
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagTraceHex en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 https://www.exploit-db.com/exploits/18853 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://www.securitytracker.com/id?1027052 https://exchange.xforce.ibmcloud.com/vulnerabilities/75452 https://service.sap.com/sap/support/notes/1687910 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 2EXPL: 4CVE-2012-2611 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2611
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. La función DiagTraceR3Info en el procesador Dialog en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el Dispatcher en SAP NetWeaver v7.0 EHP1 y EHP2, cuando está activada una configuración concreta de Developer Trace, permite a atacantes remotos ejecutar código a través de un paquete SAP Diag manipulado. • https://www.exploit-db.com/exploits/20705 https://www.exploit-db.com/exploits/18853 https://www.exploit-db.com/exploits/21034 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://www.securitytracker.com/id?1027052 https://service.sap.com/sap/support/notes/1687910 • CWE-20: Improper Input Validation •