Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2006-0731

Published: 16/02/2006 Updated: 19/10/2018
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 415
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Summary

WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and previous versions allows remote malicious users to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.

Vulnerable Product Search on Vulmon Subscribe to Product

sap business connector

Exploits

Exploit DB: SAP Business Connector 4.6/4.7 - 'deleteSingle?fullName' Arbitrary File Deletion
source: wwwsecurityfocuscom/bid/16668/info SAP Business Connector is prone to a file-access/deletion vulnerability This issue arises due to an access-validation error A successful attack will result in the disclosure of sensitive or privileged information An attacker may also delete arbitrary files This often occurs with superuser ...
Exploit DB: SAP Business Connector 4.6/4.7 - 'adapter-index.dsp?url' Arbitrary Site Redirect
source: wwwsecurityfocuscom/bid/16671/info SAP Business Connector is susceptible to an input-validation vulnerability This issue is due to the application's failure to properly sanitize user-supplied input This issue allows remote attackers to execute phishing-style attacks against targeted SAP Business Connector administrators The f ...
Exploit DB: SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp?fullName' Arbitrary File Disclosure
source: wwwsecurityfocuscom/bid/16668/info SAP Business Connector is prone to a file-access/deletion vulnerability This issue arises due to an access-validation error A successful attack will result in the disclosure of sensitive or privileged information An attacker may also delete arbitrary files This often occurs with superuser pr ...

References

NVD-CWE-Otherhttp://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdfhttp://secunia.com/advisories/18880http://www.securityfocus.com/bid/16671http://securitytracker.com/id?1015639http://www.vupen.com/english/advisories/2006/0611https://exchange.xforce.ibmcloud.com/vulnerabilities/24751http://www.securityfocus.com/archive/1/434012/30/4980/threadedhttp://www.securityfocus.com/archive/1/425056/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/27234/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673CVE-2024-36674CVE-2024-27348unspecifiedCVE-2024-24919CVE-2024-4870malicious code‎CVE-2024-2019hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook