Sapgui
Sign in to watchby SAP
CVEs (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-0621 | 0.10 | — | 0.88 | Feb 6, 2008 | Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. | ||
| CVE-2008-4830 | 0.08 | — | 0.62 | Apr 16, 2009 | Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method. | ||
| CVE-2007-4475 | 0.08 | — | 0.68 | Apr 1, 2009 | Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method. | ||
| CVE-2008-4827 | 0.02 | — | 0.21 | Jan 8, 2009 | Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions. | ||
| CVE-2008-4387 | 0.01 | — | 0.18 | Nov 10, 2008 | Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. | ||
| CVE-2008-0620 | 0.00 | — | 0.06 | Feb 6, 2008 | SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. | ||
| CVE-2002-1579 | 0.00 | — | 0.01 | Apr 15, 2004 | SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | ||
| CVE-2003-1035 | 0.00 | — | 0.00 | Apr 15, 2004 | The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. |