Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2003-0940
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
CVSS Score
5.0
EPSS Score
0.009
Published
2003-12-15
CVE-2003-0941
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.
CVSS Score
7.5
EPSS Score
0.013
Published
2003-12-15
CVE-2003-0942
Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa.
CVSS Score
7.5
EPSS Score
0.032
Published
2003-12-15
CVE-2003-0943
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).
CVSS Score
7.5
EPSS Score
0.009
Published
2003-12-15
CVE-2003-0944
Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI.
CVSS Score
7.5
EPSS Score
0.032
Published
2003-12-15
CVE-2003-0945
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.
CVSS Score
7.5
EPSS Score
0.009
Published
2003-12-15
CVE-2003-0747
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
CVSS Score
5.0
EPSS Score
0.069
Published
2003-10-20
CVE-2003-0748
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
CVSS Score
5.0
EPSS Score
0.069
Published
2003-10-20
CVE-2003-0749
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
CVSS Score
6.8
EPSS Score
0.055
Published
2003-10-20
CVE-2003-0265
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
CVSS Score
6.2
EPSS Score
0.002
Published
2003-05-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved