4562 matches found
CVE-2008-3358
Cross-site scripting XSS vulnerability in Web Dynpro WD in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document...
CVE-2008-3358
CVE-2008-3358 is an XSS vulnerability in SAP NetWeaver Portal’s Web DynPro component. A crafted URI can reflect arbitrary script/HTML in a text/plain response when using Internet Explorer 7.0.5730, enabling remote attackers to execute client-side code in the victim’s browser. Root cause is unenco...
CVE-2008-3358
Cross-site scripting XSS vulnerability in Web Dynpro WD in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document...
SAP NetWeaver XSS Vulnerability
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: NetWeaver/Web DynPro Vendor: SAP www.sap.com CVD ID: CVE-2008-3358 Subject: Cross-Site Scripting Vulnerability Risk: High Effect: Remotely exploitable Author: Martin Suess [email protected] Date: January 27th 20...
Errata: [TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Pointer Dereference
Errata : Products listed but not affected : AVIRA WebProtector for KEN! - Reason: Does not use the Scan Engine Avira AntiVir Mobile - Reason: Does not use the same AV Engine Avira requested the following products to be removed from the list, for the reason that they are license models and not...
Cross site scripting
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" aka Editor Security or Secure Editing parameter, which allows remote attackers to conduct cross-site scripting XSS attacks by entering feedback for a file...
CVE-2008-1846
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" aka Editor Security or Secure Editing parameter, which allows remote attackers to conduct cross-site scripting XSS attacks by entering feedback for a file...
CVE-2008-1846
The CVE affects SAP NetWeaver prior to 7.0 SP15 where the Always Use Secure HTML Editor (Editor Security) parameter is not enabled by default. This configuration allows remote attackers to perform cross-site scripting (XSS) by entering feedback for a file, as described in the public records. No a...
CVE-2008-1846
The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" aka Editor Security or Secure Editing parameter, which allows remote attackers to conduct cross-site scripting XSS attacks by entering feedback for a file...
SAP Cfolders Multiple Stored XSS Vulnerabilies
Application: SAP Cfolders included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms Vendor URL: Bugs: Multiple Stored XSS Risk: High Exploits: YES Reported: 04.12.2008 Vendor response: 05.12.2008 Vulnerability patched: 15.12.2008 Date of Public Advisory: 21.04.2009 Referenc...
SAP Netweaver 6.40-7.0 Cross-Site-Scripting
Title: SAP Netweaver 6.40-7.0 Persistent Cross-Site-Scripting Author: Jaime Blasco at aitsec.com http://www.aitsec.com Description: SAP Netweaver have a web interface for accesing filesystem of the portal, users can make "feedbacks" of files, input passed to the content of these feedbacks is not...
Design/Logic Flaw
Internet Communication Manager aka ICMAN.exe or ICM in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service process crash via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web...
CVE-2007-3615
Internet Communication Manager aka ICMAN.exe or ICM in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service process crash via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web...
CVE-2007-3615
Internet Communication Manager aka ICMAN.exe or ICM in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service process crash via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web...
CVE-2007-3615
SAP NetWeaver Application Server’s Internet Communication Manager (ICM/ICMAN.exe) in 6.x–7.x (Windows possibly) is vulnerable to a denial-of-service via a long URI containing sap-isc-key, related to web cache configuration. The connected documents do not provide additional technical details, expl...
CVE-2007-3496
Cross-site scripting XSS vulnerability in SAP Web Dynpro Java BC-WD-JAV in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web...
CVE-2007-3496
Cross-site scripting XSS vulnerability in SAP Web Dynpro Java BC-WD-JAV in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web...
CVE-2007-3496
SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15–SP19 and Nw04s SP7–SP11 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via the User-Agent HTTP header. Affected components include SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Co...
SAP NetWeaver和Web Dynpro Java跨站脚本漏洞
SAP Web Dynpro Java是一款Java的WEB应用服务程序。 SAP Web Dynpro Java不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 NetWeaver Application包含的User-Agent-Header内容在服务器应答时没有采用正确的编码,伪造User-Agent-Header可触发跨站脚本问题,构建恶意WEB页,诱使用户访问,可导致获得目标用户敏感信息。 SAP NetWeaver Nw04s SP9 SAP NetWeaver Nw04s SP8 SAP NetWeaver Nw04s SP7 SAP...
SAP Web Dynpro Java (BC-WD-JAV) Vulnerability
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: NetWeaver, Web Dynpro Java BC-WD-JAV Vendor: SAP Subject: Multiple XSS, HTML Injection Risk: Medium Effect: Remotely exploitable Author: Cyrill Brunschwiler [email protected] Date: June, 17th 2007 Introduction: ------------- Compass...