Lucene search
K

198 matches found

Prion
Prion
added 2015/06/02 2:59 p.m.23 views

Stack overflow

Stack-based buffer overflow in the LZC decompression implementation CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows...

7.5CVSS8.9AI score0.03518EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2015/06/02 2:59 p.m.18 views

Out-of-bounds

The LZH decompression implementation CsObjectInt::BuildHufTree function in vpa108csulzh.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers t...

5CVSS7AI score0.02131EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2015/06/02 2:0 p.m.26 views

CVE-2015-2282

Stack-based buffer overflow in the LZC decompression implementation CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows...

8.3AI score0.03518EPSS
Exploits1References6
CVE
CVE
added 2015/06/02 2:0 p.m.56 views

CVE-2015-2282

CVE-2015-2282 is a stack-based buffer overflow in SAP’s LZC/LZH decompression code used across SAP MaxDB 7.5/7.6, NetWeaver AS ABAP/Java, RFC/GUI SDKs, SAPCAR, and related tools. The flaw (CsObjectInt::CsDecomprLZC and related LZH handling) can cause denial of service (crash) and may allow arbitr...

7.5CVSS8.5AI score0.03518EPSS
Exploits1References6Affected Software6
CVE
CVE
added 2015/06/02 2:0 p.m.55 views

CVE-2015-2278

CVE-2015-2278 and CVE-2015-2282 affect SAP products via the LZH/LZC decompression paths. The root causes are in the LZH BuildHufTree function (vpa108csulzh.cpp) and the LZC decompression logic (vpa106cslzc.cpp), where attacker-controlled indices can trigger out-of-bounds reads/writes. Affected so...

5CVSS6.7AI score0.02131EPSS
Exploits1References6Affected Software6
securityvulns
securityvulns
added 2015/05/17 12:0 a.m.60 views

[CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last update: 2015-05-12 Vendors contacted: SAP Release...

7.5CVSS0.03518EPSS
Exploits2
Core Security
Core Security
added 2015/05/12 12:0 a.m.572 views

SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory ID Internal CORE-2015-0009 1. Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last...

7.5CVSS7.9AI score0.03518EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

MySQL MaxDB 7.5 WAHTTP Server Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11843/info A remote denial of service vulnerability has been reported to affect the MySQL MaxDB WAHTTP server. This issue is due to a failure of the server to handle malformed requests. An attacker may leverage this issue...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.8 views

SAP MaxDB 7.4/7.6 'webdbm' Multiple Cross Site Scripting Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

MaxDB WebDBM GET Buffer Overflow

No description provided by source. $Id: maxdbwebdbmgetoverflow.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

MaxDB WebDBM Database Parameter Overflow

No description provided by source. $Id: maxdbwebdbmdatabase.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

SAP MaxDB <= 7.6.03.07 pre-auth Remote Command Execution Exploit

No description provided by source. Luigi Auriemma Application: SAP MaxDB https://www.sdn.sap.com/irj/sdn/maxdb http://www.sap.com Versions: = 7.6.03 build 007 Platforms: Windows, Linux and Solaris Bug: pre-auth remote commands execution Exploitation: remote Date: 09 Jan 2008 Author: Luigi Auriemm...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

MySQL MaxDB Webtool <= 7.5.00.23 Remote Stack Overflow Exploit

No description provided by source. / MySQL MaxDB Webtool Remote Stack Overflow Exploit cybertronicatgmxdotnet 04/27/2005 / / / / / / / / / / / / / / / / / / / // // / // / / / / // / / // / / / / / / /, /./// // // //// // -- exploit by : cybertronic - cybertronicatgmxdotnet -- select...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/12/02 12:0 a.m.12 views

SAP-Server-MaxDB

Sap Server 7.7.06.09 is vulnerable to a remote buffer overflow attack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/04/11 1:15 p.m.16 views

Sqlmap v.0.9 - automatic SQL injection and database takeover tool !

Sqlmap v.0.9 - automatic SQL injection and database takeover tool ! sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for...

8.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/11/11 12:0 a.m.22 views

MaxDB User Login Detection (deprecated)

Binary data 5707.prm...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2010/09/20 12:0 a.m.28 views

MaxDB WebDBM - &#039;Database&#039; Remote Overflow (Metasploit)

$Id: maxdbwebdbmdatabase.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

10CVSS7AI score0.70468EPSS
Exploits7
Exploit DB
Exploit DB
added 2010/05/09 12:0 a.m.33 views

MaxDB WebDBM - GET Buffer Overflow (Metasploit)

$Id: maxdbwebdbmgetoverflow.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

10CVSS7AI score0.68504EPSS
Exploits7
NVD
NVD
added 2010/03/29 10:30 p.m.19 views

CVE-2010-1185

Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information...

10CVSS8AI score0.15218EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2010/03/29 10:30 p.m.29 views

CVE-2010-1185

Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information...

10CVSS6.5AI score0.15218EPSS
Exploits1References1
Rows per page
Query Builder