28 matches found
EUVD-2003-0931
Malware in sbrugna...
EUVD-2003-0933
Malware in sbrugna...
EUVD-2003-0928
Malware in sbrugna...
EUVD-2003-0260
Malware in sbrugna...
EUVD-2003-0929
Malware in sbrugna...
EUVD-2002-1557
Malware in sbrugna...
CVE-2003-0943
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via 1 waecho, 2 Web SQL Interface websql, or 3 Web Database Manager webdbm...
SAP SQL Anywhere 安全漏洞
SAP SQL Anywhere is a SAP-specific relational database management system from SAP, Germany. A security vulnerability exists in SAP SQL Anywhere, which originates from the ability to prevent legitimate users from accessing the service by crashing it...
SUSE CVE-2010-3389
The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
PT-2022-22698 · Sap · Sap Iq +1
Name of the Vulnerable Software and Affected Versions: SAP SQL Anywhere version 17.0 SAP IQ version 16.1 Description: The issue allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as a Stack-based buffer overflow. This can potentially lead to remo...
CVE-2016-10310
Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service resource consumption and process crash by sending a crafted packet several times, aka SAP Security Note 2308778...
SAP Adaptive Server Enterprise SQL Injection Vulnerability (CNVD-2016-08064)
SAP Adaptive Server Enterprise Sybase ASE is a relational database management system from SAP. The system can be used in data-intensive environments and is characterized by high speed and stable performance. An SQL injection vulnerability exists in SAP Adaptive Server Enterprise. Because the...
SAP Database 7.3/7.4 SDBINST Race Condition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7421/info SAP Database SDBINST has been reported prone to a race condition vulnerability. It has been reported that the SAP Database install tool SDBINST may perform operations non-atomically when installing the SAP...
rgmanager: insecure library loading vulnerability
The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2002-1576
lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program...
CVE-2003-0939
eo420GetStringFromVarPart in veo420.c for SAP database server SAP DB 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver aka serv.exe process on TCP port 7269, which prevents the server from NULL terminating the...
CVE-2003-0938
vos24u.c in SAP database server SAP DB 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure...
CVE-2003-0939
eo420GetStringFromVarPart in veo420.c for SAP database server SAP DB 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver aka serv.exe process on TCP port 7269, which prevents the server from NULL terminating the...
CVE-2003-0938
vos24u.c in SAP database server SAP DB 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure...
CVE-2003-0265
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed...