21 matches found
CVE-2013-6025
CVE-2013-6025 concerns XMLExternalEntity (XXE) processing in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2. The XMLParse procedure lets remote authenticated users read arbitrary files via a crafted XML document containing an external entity declaration. Affected product/version: SAP ASE ...
CVE-2017-5371
CVE-2017-5371 affects SAP ASE OData Server (SAP ASE 16) and was disclosed as a Denial of Service vulnerability. The issue arises when processing crafted requests sent over the network to the OData service, which can crash the SAP ASE OData Server process. Public advisories (ERPScan/SAP Security N...
CVE-2013-6863
SAP Sybase ASE 15.0.3 (pre-ESD 4.3), 15.5 (pre-ESD 5.3), and 15.7 (pre-SP50/SP100) are affected by CVE-2013-6863. The issue allows remote authenticated users to gain privileges via unspecified vectors. The available sources (NVD, Red Hat advisory) provide the affected version ranges and the high-...
CVE-2013-6866
SAP Sybase ASE is affected prior to 15.0.3 ESD#4.3, prior to 15.5 ESD#5.3, and prior to 15.7 SP50/SP100, where remote authenticated users can execute arbitrary code via unspecified vectors (CR736689). The connected sources confirm these versions and the broad impact described, but do not provide ...
CVE-2005-0441
Sybase ASE 12.x before 12.5.3 ESD#1 contains multiple stack-based buffer overflows that allow remote authenticated users to execute arbitrary code via (1) attrib_valid, (2) covert, (3) declare, (4) crafted query plan, or (5) crafted install java statement. Affected versions also include ASE
CVE-2013-6245
SAP Sybase Adaptive Server Enterprise (ASE) is affected by CVE-2013-6245. The vulnerability affects ASE versions prior to 15.0.3 ESD#4.3, 15.5 prior to 15.5 ESD#5.3, and 15.7 prior to 15.7 SP50 or SP100, where remote authenticated users may execute arbitrary code via unspecified vectors. The Ness...
CVE-2013-6859
The CVE-2013-6859 issue affects SAP Sybase Adaptive Server Enterprise (ASE) versions described as vulnerable before: 15.0.3 ESD#4.3 , 15.5 before 15.5 ESD#5.3 , and 15.7 before 15.7 SP50 or 15.7 SP100 . The root cause is improper authorization, enabling remote authenticated users to gain privileg...
CVE-2013-6868
CVE-2013-6868 affects SAP Sybase ASE: versions 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or SP100. The vulnerability is a local information disclosure, arising from an unspecified vector, allowing local users to obtain sensitive data. The initial descriptio...
CVE-2003-0327
Sybase ASE 12.5 is vulnerable to a remote DoS via an invalid-length remote password array , which triggers a heap-based overflow in the login handling path. The vulnerability requires a valid login to exploit and can cause the server to hang or become unresponsive (notably in Windows multi-thread...
CVE-2013-6860
Technical details about CVE-2013-6860 are not publicly available in the provided documents. Monitor for updates; current information is limited to a generic description of affected SAP ASE versions and unspecified vectors.
CVE-2005-0942
Affected software: Sybase Adaptive Server Enterprise (ASE) XP Server 12.x. Vulnerable component: XP Server process (xp_server). Root cause: Denial of service caused by processing malformed data sent to the XP Server TCP port, leading to a process crash. Impact: Availability loss for the XP Server...
CVE-2015-1310
CVE-2015-1310 describes a SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE). The affected product is SAP ASE, and the vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors (as noted alongside SAP Note 2113333). The public descript...
CVE-2014-6284
CVE-2014-6284 affects SAP Sybase ASE prior to 15.7 SP132 and 16.0 prior to 16.0 SP01. The issue lets remote attackers bypass the challenge–response mechanism and obtain access to the probe account via a crafted response (SAP Security Note 2113995). The cited notes describe a security bypass in th...
CVE-2013-6865
CVE-2013-6865 affects SAP Sybase Adaptive Server Enterprise (ASE) versions 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or SP100. The description: remote authenticated users can execute arbitrary code via unspecified vectors (CR732989). The connected Red Hat, ...
CVE-2013-7245
The CVE-2013-7245 issue affects SAP Sybase ASE 15.7 Backup Server component prior to SP51. The root cause is a failure to validate credentials, allowing remote attackers to bypass access restrictions and perform database dumps. Impact is exposure of data via unauthorized dumps; no exploitation de...
CVE-2013-6861
Technical details about CVE-2013-6861 are not provided in the supplied documents. No specific affected products, versions, root cause, impact, or fixes are disclosed here. Monitor sources for updates.
CVE-2013-6867
The vulnerability (CVE-2013-6867) affects SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100. Root cause not disclosed in provided sources; exploitation targets remote systems to cause a denial of service via unspecified vectors. No exploits or in‑the‑wild details are...
CVE-2016-7402
CVE-2016-7402 affects SAP ASE 16.0 SP02 PL03 and earlier. The vulnerability is a SQL injection in dbcc import_sproc that allows attackers who control SourceDB and TargetDB to elevate privileges to sa (system administrator). Root cause is the dbcc import_sproc path; impact is privilege escalation ...
CVE-2013-6862
CVE-2013-6862 affects SAP Sybase Adaptive Server Enterprise (ASE) prior to 15.0.3 ESD#4.3, 15.5 prior to 15.5 ESD#5.3, and 15.7 prior to 15.7 SP50 or SP100. The issue is a remote, unauthenticated DoS vulnerability caused by unspecified vectors that can trigger a condition (per Red Hat/NVD entries...
CVE-2014-6283
SAP Adaptive Server Enterprise (ASE) versions affected: 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4. The issue arises from insufficient access restrictions, allowing remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffe...
CVE-2013-6864
CVE-2013-6864 affects SAP Sybase ASE: vulnerable versions include 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or SP100. The issue is a directory traversal in ASE that remote authenticated users can leverage to impact confidentiality, integrity, and availabili...