11 matches found
SAP MaxDB Multiple Vulnerabilities
The remote host is running MaxDB, a database server from SAP. According to its version, the remote server is affected by a multiple flaws : - A vulnerability in 'vserver' process could allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the user under which t...
SAP MaxDB Multiple Vulnerabilities
Binary data 4494.prm...
SAP MaxDB cons.exe Remote Command Injection
SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP MaxDB...
MySQL MaxDB cons.exe command injection
Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...
MySQL MaxDB cons.exe command injection
Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...
MySQL MaxDB cons.exe command injection
Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...
MySQL MaxDB cons.exe command injection
Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...
CVE-2008-0244
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in execsdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe...
CVE-2008-0244
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in execsdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe...
CVE-2008-0244
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in execsdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe...
SAP MaxDB cons.exe远程命令注入漏洞
BUGTRAQ ID: 27206 MaxDB是SAP应用中广泛使用的数据库管理系统。 MaxDB在处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 如果未经认证的远程攻击者执行了show或execsdbinfo等特殊命令的话,MaxDB服务器就会通过system执行cons.exe DATABASE COMMAND,而使用system执行cons程序允许外部攻击者通过传送&&或其他方式在服务器上执行任意命令。例如,可使用以下SAP命令查看Windows上C盘的内容: execsdbinfo && echo dir c:\ | cmd.exe SAP...