VYPR

Sapgui

by SAP

CVEs (13)

  • CVE-2016-10079HigFeb 1, 2017
    risk 0.52cvss 7.5epss 0.07

    SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.

  • CVE-2024-45285MedSep 10, 2024
    risk 0.35cvss 5.4epss 0.00

    The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have…

  • CVE-2008-0621Feb 6, 2008
    risk 0.09cvss epss 0.73

    Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.

  • CVE-2007-3605Jul 6, 2007
    risk 0.09cvss epss 0.70

    Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.

  • CVE-2007-4475Apr 1, 2009
    risk 0.06cvss epss 0.40

    Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.

  • CVE-2008-4830Apr 16, 2009
    risk 0.05cvss epss 0.28

    Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files…

  • CVE-2008-4827Jan 8, 2009
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8,…

  • CVE-2008-4387Nov 10, 2008
    risk 0.01cvss epss 0.15

    Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.

  • CVE-2022-41205Nov 8, 2022
    risk 0.00cvss epss 0.00

    SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.

  • CVE-2011-5154Sep 6, 2012
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap…

  • CVE-2008-0620Feb 6, 2008
    risk 0.00cvss epss 0.03

    SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.

  • CVE-2003-1035Apr 15, 2004
    risk 0.00cvss epss 0.02

    The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

  • CVE-2002-1579Apr 15, 2004
    risk 0.00cvss epss 0.02

    SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.