CVE-2024-27902 – Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)
https://notcve.org/view.php?id=CVE-2024-27902
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system Las aplicaciones basadas en SAP GUI para HTML en SAP NetWeaver AS ABAP (versiones 7.89, 7.93) no codifican suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de cross-site scripting (XSS). Un ataque exitoso puede permitir que un atacante malintencionado acceda y modifique datos a través de su capacidad para ejecutar código en el navegador de un usuario. No hay impacto en la disponibilidad del sistema. • https://me.sap.com/notes/3377979 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4475 – SAP AG SAPgui EAI WebViewer3D - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4475
Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method. Desbordamiento de búfer basado en pila en el control ActiveX de EAI WebViewer3D (webviewer3d.dll) en SAP AG SAPgui versiones anteriores a v7.10 Patch Level 9 permite a atacantes remotos ejecutar código de su elección a través de un argumento largo del método SaveViewToSessionFile. • https://www.exploit-db.com/exploits/16575 https://www.exploit-db.com/exploits/32879 http://secunia.com/advisories/34559 http://www.kb.cert.org/vuls/id/985449 http://www.securityfocus.com/bid/34310 http://www.vupen.com/english/advisories/2009/0892 https://exchange.xforce.ibmcloud.com/vulnerabilities/49543 https://service.sap.com/sap/support/notes/1153794 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4387
https://notcve.org/view.php?id=CVE-2008-4387
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. Vulnerabilidad no especificada en el control ActiveX MDrmSap de Simba en mdrmsap.dll en SAP SAPgui permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos que involucran la instanciación por Internet Explorer. • http://osvdb.org/49721 http://www.kb.cert.org/vuls/id/277313 http://www.securityfocus.com/bid/32186 http://www.vupen.com/english/advisories/2008/3106 https://exchange.xforce.ibmcloud.com/vulnerabilities/46440 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0620
https://notcve.org/view.php?id=CVE-2008-0620
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. SAPLPD 6.28 y anteriores incluidas en SAP GUI 7.10 y SAPSprint antes de 1018. permite a atacantes remotos provocar una denegación de servicio (caída) a través de un comando 0x53 LPD, lo que provoca que el servidor termine. • http://secunia.com/advisories/28786 http://secunia.com/advisories/28811 http://securityreason.com/securityalert/3619 http://www.securityfocus.com/archive/1/487508/100/0/threaded http://www.securityfocus.com/archive/1/487575/100/0/threaded http://www.securityfocus.com/bid/27613 http://www.securitytracker.com/id?1019300 http://www.vupen.com/english/advisories/2008/0409 http://www.vupen.com/english/advisories/2008/0438 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0621 – SapLPD 6.28 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0621
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. Desbordamiento de búfer en SAPLPD 6.28 y anteriores incluidas en SAP GUI 7.10 y SAPSprint antes de 1018. Permite a atacantes remotos ejecutar código de su elección a través de argumentos largos a los comandos 1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04 y (5) 0x05 LPD. • https://www.exploit-db.com/exploits/16338 https://www.exploit-db.com/exploits/5079 http://secunia.com/advisories/28786 http://secunia.com/advisories/28811 http://securityreason.com/securityalert/3619 http://www.securityfocus.com/archive/1/487508/100/0/threaded http://www.securityfocus.com/archive/1/487575/100/0/threaded http://www.securityfocus.com/bid/27613 http://www.securitytracker.com/id?1019300 http://www.vupen.com/english/advisories/2008/0409 http://www.vupen.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •