7 matches found
CVE-2008-0244
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/maxdb/maxdbconsexec.rb 2025-02-06 03:13:38+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:27+00:00| seen|...
SAP MaxDB Multiple Vulnerabilities
The remote host is running MaxDB, a database server from SAP. According to its version, the remote server is affected by a multiple flaws : - A vulnerability in 'vserver' process could allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the user under which t...
MySQL MaxDB cons.exe command injection
Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...
MySQL MaxDB cons.exe command injection
Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...
MySQL MaxDB cons.exe command injection
Added: 01/16/2008 CVE: CVE-2008-0244 BID: 27206 OSVDB: 40210 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem The MaxDB server handles the execsdbinfo command by invoking the cons.exe program through a system call without sufficiently checking the arguments for...
CVE-2008-0244
SAP MaxDB is affected by a remote command-injection in the exec_sdbinfo handling that invokes cons.exe via system() without proper input validation. This allows unauthenticated remote attackers to execute arbitrary commands on MaxDB servers (MaxDB 7.6.x and earlier; vulnerability noted for 7.6.0....
SAP DB / MaxDB Cons Program Arbitrary Command Execution
The version of SAP DB / MaxDB installed on the remote host fails to sanitize user-supplied input to the 'show' and 'execsdbinfo' commands before passing it to a 'system' call. An unauthenticated, remote attacker can leverage this issue to execute arbitrary commands on the affected host subject to...