CVSS: 9.8EPSS: 91%CPEs: 13EXPL: 2CVE-2007-4475 – SAP AG SAPgui EAI WebViewer3D - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4475
01 Apr 2009 — Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method. Desbordamiento de búfer basado en pila en el control ActiveX de EAI WebViewer3D (webviewer3d.dll) en SAP AG SAPgui versiones anteriores a v7.10 Patch Level 9 permite a atacantes remotos ejecutar código de su elección a través de un argumento largo del método SaveViewToSessionFile. • https://www.exploit-db.com/exploits/16575 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 93%CPEs: 3EXPL: 3CVE-2008-0621 – SapLPD 6.28 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0621
06 Feb 2008 — Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. Desbordamiento de búfer en SAPLPD 6.28 y anteriores incluidas en SAP GUI 7.10 y SAPSprint antes de 1018. Permite a atacantes remotos ejecutar código de su elección a través de argumentos largos a los comandos 1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04 y (5) 0x05 LPD. • https://www.exploit-db.com/exploits/16338 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 1CVE-2008-0620
https://notcve.org/view.php?id=CVE-2008-0620
06 Feb 2008 — SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. SAPLPD 6.28 y anteriores incluidas en SAP GUI 7.10 y SAPSprint antes de 1018. permite a atacantes remotos provocar una denegación de servicio (caída) a través de un comando 0x53 LPD, lo que provoca que el servidor termine. • http://secunia.com/advisories/28786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2003-1035
https://notcve.org/view.php?id=CVE-2003-1035
16 Mar 2004 — The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. La instalación por defecto de SAP R/3 46C/D permite a atacantes remotos saltarse bloqueos de cuentas usando la API RFC en lugar de SAPGUI para hacer ataques de fuerza bruta para averiguar la contraseña, lo cual no bloquea las cuentas como lo hace SAPGUI. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-1579
https://notcve.org/view.php?id=CVE-2002-1579
16 Mar 2004 — SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. SAP GUI (Sapgui) 4.6D permite a atacantes remotos causar una denegación de servicio mediante una conexión a un puerto con un número alto, que genera un un error "conexión de datos desconocida". • http://archives.neohapsis.com/archives/bugtraq/2002-01/0334.html •