21 matches found
EUVD-2013-7024
Malware in sbrugna...
Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in...
CVE-2013-7245
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...
CVE-2013-6863
SAP Sybase Adaptive Server Enterprise ASE 15.0.3 before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors...
CVE-2013-6865
SAP Sybase Adaptive Server Enterprise ASE 15.0.3 before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989...
CVE-2013-6862
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ASE before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors...
CVE-2013-6861
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ASE 15.0.3 before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors...
Authorization
SAP Sybase Adaptive Server Enterprise ASE before 15.0.3 ESD4.3. 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors...
CVE-2013-6865
SAP Sybase Adaptive Server Enterprise ASE 15.0.3 before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989...
CVE-2013-6861
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ASE 15.0.3 before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors...
CVE-2013-6860
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ASE before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2013-6868
SAP Sybase Adaptive Server Enterprise ASE 15.0.3 before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors...
SAP Sybase Adaptive Server Enterprise DoS (SAP Note 1887342)
An unauthenticated, remote attacker can trigger a condition in which SAP Sybase ASE enters an endless loop, causing it to consume all of the available processing time. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to...
SAP Sybase Adaptive Server Enterprise Information Disclosure (SAP Note 1893562)
Information about SAP Sybase ASE may be discovered in database dump files. This information may be used by an attacker to create targeted attacks against SAP Sybase ASE. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70980; scriptversion"1.9";...
SAP Sybase Adaptive Server Enterprise Information Disclosure (SAP Note 1809246)
An unauthenticated, remote attacker can discover information relating to the installed version of SAP Sybase ASE. This information could be used to allow the attacker to specialize further attacks against SAP Sybase ASE. C Tenable Network Security, Inc. include"compat.inc"; if description...
SAP Sybase Adaptive Server Enterprise Information Disclosure (SAP Note 1887341)
Information in protected files on machines running SAP Sybase ASE may be disclosed to an attacker. This information may be used by the attacker to further target specialized attacks on the system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70973;...
SAP Sybase Adaptive Server Enterprise SQL Injection (SAP Note 1893440)
SAP Sybase Adaptive Server Enterprise ASE contains a flaw that may allow an attacker to carry out a SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input before using it in SQL queries. This may allow an attacker to inject or manipulate SQL queries in t...
SAP Sybase Adaptive Server Enterprise DoS (SAP Note 1893561)
An attacker can launch a specially crafted request causing the SAP Sybase ASE process on Microsoft Windows to be terminated. This causes the SAP Sybase ASE to become unavailable until the process is rebooted manually. This condition can be intentionally provoked by an attacker to cause a denial o...
Code injection
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ASE before 15.0.3 ESD4.3. 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors...
CVE-2013-6245
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ASE before 15.0.3 ESD4.3. 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors...