4977 matches found
CVE-2003-0943
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via 1 waecho, 2 Web SQL Interface websql, or 3 Web Database Manager webdbm...
CVE-2003-0945
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...
CVE-2003-0941
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa...
SAP DB / MaxDB Detection
SAP DB or MaxDB, an ERP software, is running on the remote port. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11929; scriptversion"1.26"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"SAP DB / MaxDB Detection";...
CVE-2003-0938
CVE-2003-0938 affects SAP DB (SAP database server) version 7.4.03.27 and earlier. The vulnerability arises when a local attacker places a malicious NETAPI32.DLL in the SAP DB working directory, which is loaded by SAP DB before the legitimate DLL, enabling privilege escalation to SYSTEM. The issue...
CVE-2003-0944
Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI...
CVE-2003-0942
Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa...
CVE-2003-0944
SAP DB web-tools : The vulnerability set includes a buffer overflow in the default waecho service of SAP DB’s web-tools, and related issues in Web Agent Administration, Web SQL, and Web DBM. The root cause is improper handling of long requestURIs and related inputs, enabling remote code execution...
CVE-2003-0941
The CVE-2003-0941 issue affects SAP DB’s web-tools/Web Agent component prior to version 7.4.03.30. The vulnerability allows remote attackers to access the Web Agent Administration pages (waadmin.wa) without authentication and modify configuration via a direct request, enabling potential remote ad...
CVE-2003-0940
SAP DB web-tools (web server component sqlfopenc) contains a directory traversal vulnerability that allows remote reading of arbitrary files via dot-dot sequences in URLs. Affected: SAP DB web-tools prior to 7.4.03.30; attack surface includes the web-server administration pages and default servic...
CVE-2003-0943
CVE-2003-0943 affects SAP DB web-tools prior to 7.4.03.30. The default-enabled services (waecho, Web SQL Interface websql, Web Database Manager webdbm) can enable remote attackers to view potentially sensitive information or redirect attacks against internal databases. Connected sources also desc...
CVE-2003-0945
CVE-2003-0945 affects SAP DB Web-tools Web Database Manager prior to 7.4.03.30. The vulnerability stems from generating predictable session IDs in the Web Database Manager, with IDs placed in the URL, enabling remote attackers to perform unauthorized activities. The issue is addressed by SAP with...
CVE-2003-0939
SAP DB (SAP database server) 7.4.03.27 and earlier is affected by a remote buffer overflow in the niserver/serv.exe interface. The flaw lies in eo420_GetStringFromVarPart (veo420.c): a 256-byte variable-sized segment is copied without bounds checking, potentially allowing remote code execution vi...
CVE-2003-0945
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...
CVE-2003-0940
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. dot dot sequences in a URL...
CVE-2003-0941
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa...
CVE-2003-0943
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via 1 waecho, 2 Web SQL Interface websql, or 3 Web Database Manager webdbm...
CVE-2003-0942
CVE-2003-0942 describes a buffer overflow in the Web Agent Administration component of SAP DB web-tools prior to 7.4.03.30. The vulnerability is triggered by a long Name parameter to waadmin.wa, allowing remote attackers to execute arbitrary code. Multiple sources (NVD, Red Hat, CVE listings, and...
SAP DB web-tools multiple issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: SAP DB web-tools multiple issues Release Date: 11/17/2003 Application: SAP DB 7.4.03.30 Platform: Linux IA32 Microsoft Windows NT4/2000/XP SUN Solaris HPUX Compaq True64 Severity: Remote fi...
SAP DB priv. escalation/remote code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: SAP DB priv. escalation/remote code execution Release Date: 11/17/2003 Application: SAP DB 7.4.03.27 23-June-2003 and before Platform: Microsoft Windows NT4/2000/XP 1 and 2 Linux IA32 2 SUN...