32 matches found
CVE-2020-7532
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...
CVE-2020-7532
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...
UBUNTU-CVE-2018-14015
The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...
UBUNTU-CVE-2017-16805
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file, related to rbindwarfparsecompunit in dwarf.c and sdbsetinternal in shlr/sdb/src/sdb.c...
OracleVM 3.3 : bind (OVMSA-2015-0105)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2015-5477 - Fix CVE-2015-4620 - Resolves: 1215687 - DNS resolution failure in high load environment with SERVFAIL and 'out of memory/success' in the log - Fix CVE-2015-1349 - Enable RPZ-NSIP a...
FreeBSD Ports: bind9-sdb-ldap, bind9-sdb-postgresql
The remote host is missing an update to the system as announced in the referenced advisory. VID 1e1421f0-8d6f-11e0-89b4-001ec9578670 OpenVAS Vulnerability Test $ Description: Auto generated from VID 1e1421f0-8d6f-11e0-89b4-001ec9578670 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
FreeBSD Ports: bind9-sdb-ldap, bind9-sdb-postgresql
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2010-2456
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the 1 cooklan cookie parameter $landir variable or possibly 2 Sdbtype parameter. NOTE: this was originally reported as remote file...
SAP MaxDB dbmsrv 进程PATH环境变量本地权限提升漏洞
BUGTRAQ ID: 30474 CVECAN ID: CVE-2008-1810 MaxDB是SAP应用中广泛使用的数据库管理系统。 当本地用户运行dbmcli程序时,MaxDB会代表用户执行dbmsrv进程。该进程负责执行用户命令,以sdba组的sdb用户权限运行。由于没有正确地过滤PATH环境变量,如果在变量前添加了攻击者所控制的路径的话,就可能导致以sdb:sdba权限执行任意指令。 SAP MaxDB 7.6.03.15 SAP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sap.com/...
iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability
iDefense Security Advisory 07.30.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 30, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for...
Simple Discussion Board 0.1.0 Remote File Include Vulnerability
No description provided by source. Simple Discussion Board Multiple F.le Inclusion Vulnerability credit: CeNGiZ-HaN mail: [email protected] team: www.system-defacers.org Script: Simple Discussion Board sdb Download Adress:http://prdownloads.sourceforge.net/sdb/sdb-0.1.0.tar.gz class:...
Update to force a UAC prompt when a customized .sdb file is created in Windows
None None...