CVE-2007-3615
https://notcve.org/view.php?id=CVE-2007-3615
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. El Internet Communication Manager (también conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente sólo bajo Windows, permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de un URI de cierta longitud que contenga el parámetro sap-isc-key, relacionado con la configuración del caché de la web. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html http://osvdb.org/38095 http://secunia.com/advisories/25964 http://securityreason.com/securityalert/2875 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos http://www.securityfocus.com/archive/1/472890/100/0/threaded http://www.securityfocus.com/bid/24774 http://www.securitytracker.com/id?1018336 http://www.vupen.com/english/advisories/2007/2450 https://exchange.xforce.ibmc •
CVE-2006-1039 – SAP Web Application Server 6.x/7.0 - Input Validation
https://notcve.org/view.php?id=CVE-2006-1039
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. • https://www.exploit-db.com/exploits/27887 http://secunia.com/advisories/19085 http://securitytracker.com/id?1015702 http://www.securityfocus.com/archive/1/426449/100/0/threaded http://www.securityfocus.com/bid/18006 http://www.vupen.com/english/advisories/2006/0810 https://exchange.xforce.ibmcloud.com/vulnerabilities/25003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-3633
https://notcve.org/view.php?id=CVE-2005-3633
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. Vulnerabilidad de separación de respuesta HTTP en frameset.htm de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos inyectar cabeceras HTML de su elección mediante el parámetro sap-exiturl. • http://marc.info/?l=bugtraq&m=113156438708932&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/164 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf http://www.osvdb.org/20714 http://www.securityfocus.com/bid/15360 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities/23030 •
CVE-2005-3635 – SAP Web Application Server 6.x/7.0 - 'frameset.htm?sap-syscmd' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3635
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. Múltiples vulnerabilidades de scripting en en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 a 7.00 permiten a atacantes remotos inyectar scritp web arbitrario o HTML mediante (1) sap-syscmd y (2) el campo BspApplication en la aplicación de prueba SYSTEM PUBLIC. • https://www.exploit-db.com/exploits/26487 http://marc.info/?l=bugtraq&m=113156601505542&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/162 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.osvdb.org/20716 http://www.osvdb.org/20717 http://www.securityfocus.com/bid/15361 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchan •
CVE-2005-3636 – SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3636
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 permite a atacantes remotos inyectar script web arbitrario o HTML mediante Error Pages. • https://www.exploit-db.com/exploits/26486 http://marc.info/?l=bugtraq&m=113156601505542&w=2 http://secunia.com/advisories/17515 http://securityreason.com/securityalert/162 http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf http://www.osvdb.org/20715 http://www.securityfocus.com/bid/15361 http://www.securitytracker.com/alerts/2005/Nov/1015174.html http://www.vupen.com/english/advisories/2005/2361 https://exchange.xforce.ibmcloud.com/vulnerabilities •