CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

seebug.org•added 2014/07/01 12:0 a.m.•15 views

MaxDB WebDBM Database Parameter Overflow

No description provided by source. $Id: maxdbwebdbmdatabase.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

7.1AI score

Exploit DB•added 2010/09/20 12:0 a.m.•23 views

MaxDB WebDBM - 'Database' Remote Overflow (Metasploit)

$Id: maxdbwebdbmdatabase.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

10CVSS7AI score0.80456EPSS

Exploit DB•added 2010/05/09 12:0 a.m.•30 views

MaxDB WebDBM - GET Buffer Overflow (Metasploit)

$Id: maxdbwebdbmgetoverflow.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

10CVSS7AI score0.71813EPSS

Check Point Advisories•added 2009/11/10 12:0 a.m.•1 views

MySQL MaxDB WebDBM Server Buffer Overflow (CVE-2006-4305)

MaxDB is an open source database application suite developed by MySQL AB that is available for various operating systems. The software bundles an HTTP server component, named Webtool, to provide a web-based application interface. Clients can connect to the Webtool with a web browser and access...

10CVSS7.6AI score0.80456EPSS

seebug.org•added 2009/04/02 12:0 a.m.•14 views

SAP MaxDB webdbm跨站脚本漏洞

BUGTRAQ ID: 34319 MaxDB是SAP应用中广泛使用的数据库管理系统。 MaxDB所使用的webdbm脚本没有正确地验证对Server、Database和User参数所传送的参数，远程攻击者可以通过执行参数执行跨站脚本攻击，导致窃取管理员cookie，或伪造登录页面，当用户试图登录的时候向攻击者发送口令。 SAP MaxDB 7.6.x SAP MaxDB 7.4.x SAP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.sap.com/...

6.9AI score

securityvulns•added 2009/04/01 12:0 a.m.•74 views

[DSECRG-09-016] SAP SAPDB Multiple XSS

Digital Security Research Group DSecRG Advisory DSECRG-09-016 !!! original advisory !!! http://dsecrg.com/pages/vul/DSECRG-09-016.html Application: SAPDB Versions Affected: Last Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 20.11.2008 Vendor response: 20.11.2008 Date of Public...

Exploit DB•added 2009/03/31 12:0 a.m.•26 views

SAP MaxDB 7.4/7.6 - 'webdbm' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/34319/info SAP MaxDB is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in t...

7AI score

OpenVAS•added 2008/01/17 12:0 a.m.•18 views

Debian Security Advisory DSA 1190-1 (maxdb-7.5.00)

The remote host is missing an update to maxdb-7.5.00 announced via advisory DSA 1190-1. Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code. OpenVAS Vulnerability Test...

10CVSS0.9AI score0.80456EPSS

Tenable Nessus•added 2006/10/25 12:0 a.m.•73 views

Debian DSA-1190-1 : maxdb-7.5.00 - buffer overflow

Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

10CVSS5.8AI score0.80456EPSS

Exploits7References3

Debian•added 2006/10/04 7:41 p.m.•18 views

[SECURITY] [DSA 1190-1] New maxdb-7.5.00 packages fix execution of arbitrary code

-------------------------------------------------------------------------- Debian Security Advisory DSA 1XXX-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 4th, 2006 http://www.debian.org/security/faq -...

10CVSS6.6AI score0.80456EPSS

OSV•added 2006/10/04 12:0 a.m.•17 views

DSA-1190-1 maxdb-7.5.00

Bulletin has no description...

10CVSS6.1AI score0.80456EPSS

Metasploit•added 2006/09/27 3:23 a.m.•16 views

MaxDB WebDBM Database Parameter Overflow

This module exploits a stack buffer overflow in the MaxDB WebDBM service. By sending a specially-crafted HTTP request that contains an overly long database name. A remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the wahttp process. This module h...

10CVSS8.7AI score0.80456EPSS

Saint•added 2006/09/06 12:0 a.m.•29 views

MySQL MaxDB WebDBM database name buffer overflow

Added: 09/06/2006 CVE: CVE-2006-4305 BID: 19660 OSVDB: 28300 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem A buffer overflow in MaxDB allows remote attackers to execute arbitrary commands by sending a long database name from a WebDBM client. Resolution Upgra...

Saint•added 2006/09/06 12:0 a.m.•29 views

MySQL MaxDB WebDBM database name buffer overflow

Saint•added 2006/09/06 12:0 a.m.•20 views

MySQL MaxDB WebDBM database name buffer overflow

Tenable Nessus•added 2006/09/06 12:0 a.m.•18 views

SAP DB / MaxDB WebDBM Client Database Name Remote Overflow

The remote host is running SAP DB or MaxDB, a SAP-certified open- source database supporting OLTP and OLAP. According to its version, the Web DBM component of MaxDB on the remote host reportedly contains a buffer overflow that can be triggered by an HTTP request containing a long database name. A...

10CVSS6AI score0.80456EPSS

Exploits7References3

Saint•added 2006/09/06 12:0 a.m.•22 views

MySQL MaxDB WebDBM database name buffer overflow