Published: 30/08/2006 Updated: 17/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in SAP DB and MaxDB prior to 7.6.00.30 allows remote malicious users to execute arbitrary code via a long database name when connecting via a WebDBM client.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mysql maxdb
sap-db sap-db

Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code For the stable distribution (sarge) this problem has been fixed in version 750024-4 For the unstable distribution (sid) this problem will be fixed soon We recomme ...

## # $Id: maxdb_webdbm_databaserb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

NVD-CWE-Other http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html http://www.securityfocus.com/bid/19660 http://secunia.com/advisories/21677 http://securitytracker.com/id?1016766 http://www.debian.org/security/2006/dsa-1190 http://secunia.com/advisories/22518 http://www.vupen.com/english/advisories/2006/3410 https://exchange.xforce.ibmcloud.com/vulnerabilities/28636 http://www.securityfocus.com/archive/1/444601/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1190 https://www.exploit-db.com/exploits/16765/

CVE-2006-4305

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect