CVSS: 7.8EPSS: 5%CPEs: 7EXPL: 0CVE-2007-3615
https://notcve.org/view.php?id=CVE-2007-3615
06 Jul 2007 — Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. El Internet Communication Manager (también conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente sólo bajo Windows, permite a atacantes remotos provocar una denegac... • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2006-1039 – SAP Web Application Server 6.x/7.0 - Input Validation
https://notcve.org/view.php?id=CVE-2006-1039
07 Mar 2006 — SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. • https://www.exploit-db.com/exploits/27887 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 5%CPEs: 4EXPL: 2CVE-2005-3634 – SAP Web Application Server 6.x/7.0 - Open Redirection
https://notcve.org/view.php?id=CVE-2005-3634
16 Nov 2005 — frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. frameset.htm en soporte de tiempo de ejecución BSP de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos cerrar la sesión de otros usuarios y redirigirlos a sitios web arbitrarios mediante un comando de cierre en el parámetro sap-... • https://www.exploit-db.com/exploits/26488 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2005-3636 – SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3636
16 Nov 2005 — Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 permite a atacantes remotos inyectar script web arbitrario o HTML mediante Error Pages. • https://www.exploit-db.com/exploits/26486 •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 3CVE-2005-3635 – SAP Web Application Server 6.x/7.0 - 'frameset.htm?sap-syscmd' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3635
16 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. Múltiples vulnerabilidades de scripting en en sitios cruzados (XSS) en SAP Web Application Server (WAS) 6.10 a 7.00 permiten a atacantes remotos inyectar scritp web arbitrario o HTML mediante (1) sap-syscmd y (2) el campo BspApplicatio... • https://www.exploit-db.com/exploits/26487 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2005-3633
https://notcve.org/view.php?id=CVE-2005-3633
16 Nov 2005 — HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. Vulnerabilidad de separación de respuesta HTTP en frameset.htm de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos inyectar cabeceras HTML de su elección mediante el parámetro sap-exiturl. • http://marc.info/?l=bugtraq&m=113156438708932&w=2 •