468 matches found
Design/Logic Flaw
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service crash via a crafted request, aka SAP Security Note 2108161...
CVE-2015-2819
CVE-2015-2819 affects SAP Sybase SQL Anywhere 11 and 16. An anonymous, remotely exploitable DoS can be triggered by a crafted request, crashing the server. ERPScan’s advisory (ERPSCAN-15-010) and SAP Security Note 2108161 describe the vulnerability and remediation. A PoC is included in the adviso...
CVE-2015-2819
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service crash via a crafted request, aka SAP Security Note 2108161...
Sql injection
SQL injection vulnerability in SAP Adaptive Server Enterprise Sybase ASE allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2015-1310
SQL injection vulnerability in SAP Adaptive Server Enterprise Sybase ASE allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
ObSecure ObSecure360 Unauthenticated SQL Injection
ObSecure ObSecure360 Unauthenticated SQL Injection Vulnerability Release Date: 23-Dec-2014 Software: ObSecure 360 http://obsecure.com.au/Solutions.html "obsecure is an innovative cyber security software company that provides high security information distribution and transfer solutions that take...
Sybase SQL Anywhere 11 and 16 - DoS
Application: Sybase SQL Anywhere 11 and 16 Vendor URL: Bugs: DoS Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2108161 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: DoS CWE-122 Impact: DoS Remotely Exploitabl...
SAP Afaria 7 XcListener - Missing authorization check
Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Missing authorization check Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2134905 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: DoS...
SAP Sybase Event Stream Processor esp_parse Remote Code Execution (CVE-2014-3457)
Two unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor ESP. These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. A remote attacker can leverage these vulnerabilities by sending crafted requests...
SAP Sybase Event Stream Processor esp_parse ConnectionType Unsafe Pointer Dereference (CVE-2014-3458)
Five unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor ESP. These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. By sending crafted requests to a vulnerable server, an remote attacker can caus...
Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27914/info Sybase MobiLink is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. A successful exploit will allow remote...
Sybase EAServer 6.3.1 - Multiple Vulnerabilities
No description provided by source...
Sybase Advantage Data Architect - "*.SQL" Format Heap Oveflow
No description provided by source. Exploit Title: Sybase Advantage Data Architect .SQL Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility...
Sybase EAServer 5.2 - Remote Stack Buffer Overflow
No description provided by source. $Id: sybaseeaserver.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
(0Day) SAP Sybase ESP esp_parse ConnectionType.getName Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.getName function in espserverlib.dll. By sending specific argument...
(0Day) SAP Sybase ESP esp_parse ConnectionType.getXmlDescription Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.getXmlDescription function in espparse.exe. By sending specific...
(0Day) SAP Sybase ESP esp_parse ConnectionType.isInput Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the ConnectionType.isInput function in espserverlib.dll. By sending specific argument...
(0Day) SAP Sybase ESP esp_parse Connection.getError Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getError function in espserverlib.dll. By sending specific arguments t...
(0Day) SAP Sybase ESP esp_parse Connection.setParams Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.setParams function in espserverlib.dll. By sending specific arguments ...
(0Day) SAP Sybase ESP esp_parse Connection.reset Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.reset function in espserverlib.dll. By sending specific arguments to t...