10 results (0.002 seconds)

CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 1

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. Desbordamiento de búfer en SAP DB y MaxDB anterior a 7.6.00.30 permite a atacantes remotos ejecutar código arbitrario mediante un nombre de base de datos largo al conectar mediante el cliente WebDBM. • https://www.exploit-db.com/exploits/16765 http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html http://secunia.com/advisories/21677 http://secunia.com/advisories/22518 http://securitytracker.com/id?1016766 http://www.debian.org/security/2006/dsa-1190 http://www.securityfocus.com/archive/1/444601/100/0/threaded http://www.securityfocus.com/bid/19660 http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt http://www.vupen.com/english/advisories/2006/ •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. • http://www.idefense.com/application/poi/display?id=236&type=vulnerabilities •

CVSS: 10.0EPSS: 92%CPEs: 10EXPL: 1

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c. • https://www.exploit-db.com/exploits/16791 http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV http://www.idefense.com/application/poi/display?id=234&type=vulnerabilities http://www.idefense.com/application/poi/display?id=235&type=vulnerabilities http://www.securityfocus.com/bid/13368 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. • http://www.idefense.com/application/poi/display?id=218&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/19687 •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers. MySQL MaxDB 7.5.0.0 y otras versiones anteriores a la 7.5.0.21, permite a atacantes remotos causar la Denegación de Servcio (DoS) por caída, mediante una petición HTTP con cabeceras no válidas. • http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities •