Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap-db sap-db vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-3614
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 up to and including 7.5, allow remote malicious users to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryS...
Sap Sap Db 7.4.3.7 Beta
Sap Sap Db 7.4.03.30
Sap Sap Db 7.4.03.29
Sap Sap Db 7.3.00
Sap Sap Db 7.3.29
Sap Sap Db 7.4
Sap Sap Db 7.4.3
Sap Sap Db 7.5
3 EDB exploits
NA
CVE-2006-4305
Buffer overflow in SAP DB and MaxDB prior to 7.6.00.30 allows remote malicious users to execute arbitrary code via a long database name when connecting via a WebDBM client.
Sap-db Sap-db
Mysql Maxdb
1 EDB exploit
NA
CVE-2005-0082
The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions prior to 7.5.0.21, allows remote malicious users to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent ...
Mysql Maxdb 7.5.00
Mysql Maxdb 7.5.00.18
Mysql Maxdb 7.5.00.15
Mysql Maxdb 7.5.00.12
Mysql Maxdb 7.5.00.16
Mysql Maxdb 7.5.00.14
Mysql Maxdb 7.5.00.19
Mysql Maxdb 7.5.00.11
Mysql Maxdb 7.5.00.08
NA
CVE-2003-1033
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that ...
Sap Sap Db 7.3.00
Sap Sap Db 7.4
NA
CVE-2003-1034
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
NA
CVE-2002-1576
lserver in SAP DB 7.3 and previous versions uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
Sap Sap Db 7.3.00
1 EDB exploit
NA
CVE-2003-0938
vos24u.c in SAP database server (SAP DB) 7.4.03.27 and previous versions allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLA...
Sap Sap Db
NA
CVE-2003-0940
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB prior to 7.4.03.30 allows remote malicious users to read arbitrary files via .. (dot dot) sequences in a URL.
Sap Sap Db
NA
CVE-2003-0942
Buffer overflow in Web Agent Administration service in web-tools for SAP DB prior to 7.4.03.30 allows remote malicious users to execute arbitrary code via a long Name parameter to waadmin.wa.
Sap Sap Db
NA
CVE-2003-0943
web-tools in SAP DB prior to 7.4.03.30 installs several services that are enabled by default, which could allow remote malicious users to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3)...
Sap Sap Db
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »