CVE-2011-5260
https://notcve.org/view.php?id=CVE-2011-5260
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de comandos en sitio remoto (XSS) en SAP/BW/DOC/METADATA de SAP NetWeaver permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de página. • http://dsecrg.com/pages/vul/show.php?id=337 http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4 http://www.securityfocus.com/archive/1/520555/100/0/threaded https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2611 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2611
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. La función DiagTraceR3Info en el procesador Dialog en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el Dispatcher en SAP NetWeaver v7.0 EHP1 y EHP2, cuando está activada una configuración concreta de Developer Trace, permite a atacantes remotos ejecutar código a través de un paquete SAP Diag manipulado. • https://www.exploit-db.com/exploits/20705 https://www.exploit-db.com/exploits/18853 https://www.exploit-db.com/exploits/21034 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://www.securitytracker.com/id?1027052 https://service.sap.com/sap/support/notes/1687910 • CWE-20: Improper Input Validation •
CVE-2012-2612 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2612
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagTraceHex en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 https://www.exploit-db.com/exploits/18853 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://www.securitytracker.com/id?1027052 https://exchange.xforce.ibmcloud.com/vulnerabilities/75452 https://service.sap.com/sap/support/notes/1687910 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1517
https://notcve.org/view.php?id=CVE-2011-1517
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. SAP NetWeaver versión 7.0, permite una ejecución de código remota y una denegación de servicio causada por un error en la función DiagTraceHex(). Mediante el envío de un paquete especialmente diseñado, un atacante podría explotar esta vulnerabilidad para causar que la aplicación se bloquee. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0061.html http://www.securityfocus.com/bid/53424 https://exchange.xforce.ibmcloud.com/vulnerabilities/75452 •
CVE-2012-2514 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2514
The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagiEventSource en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 https://www.exploit-db.com/exploits/18853 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://www.securitytracker.com/id?1027052 https://exchange.xforce.ibmcloud.com/vulnerabilities/75456 https://service.sap.com/sap/support/notes/1687910 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •