CVE-2016-6144

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the passwordlockforsystemuser is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP...

Code injection

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

CVE-2016-6144

The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the passwordlockforsystemuser is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP...

CVE-2016-6144

SAP HANA SQL interface vulnerability CVE-2016-6144 affects SAP HANA versions prior to Revision 102, where login attempts for SYSTEM are not rate-limited when password_lock_for_system_user is unsupported or false, enabling brute-force authentication bypass. Impact: remote attacker could bypass aut...

SAP HANA 1.00.095 - hdbindexserver Memory Corruption

ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public Advisory: 13.10.2015 Reference: SAP Security Note 2197428...

SAP HANA 1.00.095 - hdbindexserver Memory Corruption

SAP HANA 1.00.095 - hdbindexserver Memory Corruption ERPSCAN-15-024 SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015 Vendor response: 18.07.2015 Date of Public...

SAP HANA DB SQL接口任意代码执行漏洞

No description provided by source...

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428...

CVE-2015-7994

SAP HANA DB SQL interface (version 1.00.73.00.389160, NewDB100_REL) has a remote code execution vulnerability. The issue arises in the SQL Login path and is associated with SAP Security Note 2197428. The CVE describes that remote attackers can execute arbitrary code via unspecified vectors, with ...

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428...

OSIsoft PI AF and PI SQL for AF Command Limit Bypass Vulnerability

OSIsoft PI AF Asset Framework is a set of asset frameworks that define a consistent presentation for assets and provide structured information, which supports correlation of asset attributes with relational databases, asset-based data analytics, and application calculations, etc. PI SQL for AF is...

CVE-2003-0943

web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via 1 waecho, 2 Web SQL Interface websql, or 3 Web Database Manager webdbm...

Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication

Oracle 9i Application Server uses Apache as its web server with an Apache module for PL/SQL support. By default, no authentication is required to access the DAD configuration page. An attacker may use this flaw to modify PL/SQL applications or prevent the remote host from working properly...