CVSS: 10.0EPSS: 35%CPEs: 3EXPL: 2CVE-2010-1185 – SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1185
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en serv.exe de SAP MaxDB v7.4.3.32, y v7.6.0.37 hasta la v7.6.06. Permite a atacantes remotos ejecutar código de su elección a través de un parámetro de longitud inválido en un paquete de "handshake" (establecimiento de conexión) al puerto TCP 7210. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • https://www.exploit-db.com/exploits/11886 http://osvdb.org/63047 http://secunia.com/advisories/38955 http://www.securityfocus.com/archive/1/510125/100/0/threaded http://www.securityfocus.com/bid/38769 http://www.securitytracker.com/id?1023719 http://www.vupen.com/english/advisories/2010/0643 http://www.zerodayinitiative.com/advisories/ZDI-10-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/56950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 3CVE-2008-0244 – SAP MaxDB 7.6.03.07 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-0244
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. SAP MaxDB 7.6.03 build 007 y versiones anteriores, permite que atacantes remotos ejecuten comandos arbitrarios usando "$$", además de otros metacarateres del intéprete de comandos (shell) en exec_sdbinfo, y de otros comandos no especificados, que se ejecutan cuando MaxDB invoca a cons.exe SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. • https://www.exploit-db.com/exploits/4877 http://aluigi.altervista.org/adv/sapone-adv.txt http://secunia.com/advisories/28409 http://securityreason.com/securityalert/3536 http://www.securityfocus.com/archive/1/486039/100/0/threaded http://www.securityfocus.com/bid/27206 http://www.securitytracker.com/id?1019171 http://www.vupen.com/english/advisories/2008/0104 https://exchange.xforce.ibmcloud.com/vulnerabilities/39573 - • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 1CVE-2006-4305 – MaxDB WebDBM - 'Database' Remote Overflow
https://notcve.org/view.php?id=CVE-2006-4305
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. Desbordamiento de búfer en SAP DB y MaxDB anterior a 7.6.00.30 permite a atacantes remotos ejecutar código arbitrario mediante un nombre de base de datos largo al conectar mediante el cliente WebDBM. • https://www.exploit-db.com/exploits/16765 http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html http://secunia.com/advisories/21677 http://secunia.com/advisories/22518 http://securitytracker.com/id?1016766 http://www.debian.org/security/2006/dsa-1190 http://www.securityfocus.com/archive/1/444601/100/0/threaded http://www.securityfocus.com/bid/19660 http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt http://www.vupen.com/english/advisories/2006/ •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1274
https://notcve.org/view.php?id=CVE-2005-1274
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. • http://www.idefense.com/application/poi/display?id=236&type=vulnerabilities •