34 matches found
EUVD-2005-3630
Malware in sbrugna...
EUVD-2006-5994
Malware in sbrugna...
EUVD-2006-1043
Malware in sbrugna...
EUVD-2006-5768
Malware in sbrugna...
EUVD-2008-2416
Malware in sbrugna...
EUVD-2005-3631
Malware in sbrugna...
EUVD-2006-5769
Malware in sbrugna...
SAP Web Application Server 6.x/7.0 Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18006/info SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied...
SAP Web Application Server 6.x/7.0 URI Redirection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl'...
SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...
SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
SAP Web Application Server 6.x/7.0 Error Page XSS
No description provided by source. source: http://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...
CVE-2008-2421
CVE-2008-2421 concerns a Cross-site Scripting (XSS) vulnerability in the Web GUI of SAP Web Application Server (WAS) 7.0, affecting Web Dynpro for ABAP (WD4A/WDA) and Web Dynpro for BSP. The issue allows remote attackers to inject arbitrary web script or HTML via PATH_INFO to the default URI unde...
CVE-2008-2421
Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...
DSECRG-08-023.txt
Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...
SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
SAP Web Application Server 7.0 - sapbcguisapitswebgui Cross-Site Scripting
SAP Web Application Server 7.0 - sapbcguisapitswebgui Cross-Site Scripting source: https://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may...
SAP 'enserver.exe' file downloader
No description provided by source. !/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple : ./r3-stealer-1.0.pl 192.168.2.22...
Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technical details)
Multiple vulnerabilities in SAP Web Application Server Technical details Application : SAP Web AS 6.40 patch 136 and 7.00 patch 66 Platform : All platforms except the third vulnerability Impacts : Remote file disclosure, remote DoS, local privilege escalation Release Date : 8 February 2007 Author...