Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap sap db vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2003-0944
Buffer overflow in the WAECHO default service in web-tools in SAP DB prior to 7.4.03.30 allows remote malicious users to execute arbitrary code via a URL with a long requestURI.
Sap Sap Db
668
VMScore
CVE-2003-0945
The Web Database Manager in web-tools for SAP DB prior to 7.4.03.30 generates predictable session IDs, which allows remote malicious users to conduct unauthorized activities.
Sap Sap Db
641
VMScore
CVE-2003-1033
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that ...
Sap Sap Db 7.3.00
Sap Sap Db 7.4
641
VMScore
CVE-2003-0938
vos24u.c in SAP database server (SAP DB) 7.4.03.27 and previous versions allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLA...
Sap Sap Db
625
VMScore
CVE-2003-0265
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local malicious users to gain root privileges by modifying the files before the permissions are changed.
Sap Sap Db 7.4.3.7 Beta
Sap Sap Db 7.3.29
1 EDB exploit
578
VMScore
CVE-2015-7725
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) se...
Sap Hana 1.00.091.00
578
VMScore
CVE-2015-7727
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfigura...
Sap Hana 1.00.73.00.389160
578
VMScore
CVE-2015-7729
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.
Sap Hana 1.00.091.00
445
VMScore
CVE-2016-3639
SAP HANA DB 1.00.091.00.1418659308 allows remote malicious users to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.
Sap Hana Db 1.00.091.00.1418659308
445
VMScore
CVE-2016-6142
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote malicious users to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.
Sap Hana 1.00.73.00.389160
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »