Sap: Security Vulnerabilities
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
CVSS Score
10.0
EPSS Score
0.898
Published
2008-01-12
Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.8
EPSS Score
0.007
Published
2007-07-10
Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.
CVSS Score
10.0
EPSS Score
0.661
Published
2007-07-09
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.
CVSS Score
7.6
EPSS Score
0.872
Published
2007-07-06
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.
CVSS Score
7.6
EPSS Score
0.205
Published
2007-07-06
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.202
Published
2007-07-06
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.122
Published
2007-07-06
Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.
CVSS Score
4.3
EPSS Score
0.128
Published
2007-07-06
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
CVSS Score
7.5
EPSS Score
0.841
Published
2007-07-06
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
CVSS Score
7.8
EPSS Score
0.022
Published
2007-07-06