Vulnerabilites related to mysql - maxdb
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A2635818-D83B-4C7A-9693-4EB202DA16AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D28E5409-B8F1-4A9E-9A1E-0B023E5190DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*",
"matchCriteriaId": "67E23371-678E-476B-B067-FCD655861CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6C9B28-F515-4F47-83F6-F2D4164B8D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9738-B169-4022-85BC-14B0BBFD1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F8442206-133D-4048-8064-D5724FDF0E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAE96CE-D059-4C87-A7EC-5578EFD93849",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference."
}
],
"id": "CVE-2004-1169",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18387"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBA6898-4D32-4A3D-8529-1FC7A63894B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A2635818-D83B-4C7A-9693-4EB202DA16AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D28E5409-B8F1-4A9E-9A1E-0B023E5190DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*",
"matchCriteriaId": "67E23371-678E-476B-B067-FCD655861CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6C9B28-F515-4F47-83F6-F2D4164B8D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9738-B169-4022-85BC-14B0BBFD1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F8442206-133D-4048-8064-D5724FDF0E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAE96CE-D059-4C87-A7EC-5578EFD93849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7B406A8D-48C1-4E62-BD40-2EA7D1A1A1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.23:*:*:*:*:*:*:*",
"matchCriteriaId": "45F2163D-2A4E-4471-974B-36304ACE1F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent (\"%\") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c."
}
],
"id": "CVE-2005-0684",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=234\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=235\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=234\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=235\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBA6898-4D32-4A3D-8529-1FC7A63894B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A2635818-D83B-4C7A-9693-4EB202DA16AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D28E5409-B8F1-4A9E-9A1E-0B023E5190DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*",
"matchCriteriaId": "67E23371-678E-476B-B067-FCD655861CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6C9B28-F515-4F47-83F6-F2D4164B8D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9738-B169-4022-85BC-14B0BBFD1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F8442206-133D-4048-8064-D5724FDF0E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAE96CE-D059-4C87-A7EC-5578EFD93849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7B406A8D-48C1-4E62-BD40-2EA7D1A1A1DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers."
},
{
"lang": "es",
"value": "MySQL MaxDB 7.5.0.0 y otras versiones anteriores a la 7.5.0.21, permite a atacantes remotos causar la Denegaci\u00f3n de Servcio (DoS) por ca\u00edda, mediante una petici\u00f3n HTTP con cabeceras no v\u00e1lidas."
}
],
"id": "CVE-2005-0081",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-30 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DCF7C-841D-4A96-8ECF-8C6B2BA9F492",
"versionEndIncluding": "7.6.00.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap-db:sap-db:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFDCFFD-4BBD-429A-89E9-B690A4E28CA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en SAP DB y MaxDB anterior a 7.6.00.30 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un nombre de base de datos largo al conectar mediante el cliente WebDBM."
}
],
"id": "CVE-2006-4305",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-30T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21677"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22518"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1016766"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1190"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3410"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1016766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A2635818-D83B-4C7A-9693-4EB202DA16AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D28E5409-B8F1-4A9E-9A1E-0B023E5190DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*",
"matchCriteriaId": "67E23371-678E-476B-B067-FCD655861CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6C9B28-F515-4F47-83F6-F2D4164B8D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9738-B169-4022-85BC-14B0BBFD1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F8442206-133D-4048-8064-D5724FDF0E04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function."
}
],
"id": "CVE-2004-0931",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10532"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.secunia.com/advisories/12756"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11346"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.secunia.com/advisories/12756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-13 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBA6898-4D32-4A3D-8529-1FC7A63894B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter."
}
],
"id": "CVE-2005-0111",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-13T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012893"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=181\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=181\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12265"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A2635818-D83B-4C7A-9693-4EB202DA16AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D28E5409-B8F1-4A9E-9A1E-0B023E5190DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*",
"matchCriteriaId": "67E23371-678E-476B-B067-FCD655861CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6C9B28-F515-4F47-83F6-F2D4164B8D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9738-B169-4022-85BC-14B0BBFD1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F8442206-133D-4048-8064-D5724FDF0E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAE96CE-D059-4C87-A7EC-5578EFD93849",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header."
}
],
"id": "CVE-2004-1168",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18386"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBA6898-4D32-4A3D-8529-1FC7A63894B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A2635818-D83B-4C7A-9693-4EB202DA16AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D28E5409-B8F1-4A9E-9A1E-0B023E5190DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*",
"matchCriteriaId": "67E23371-678E-476B-B067-FCD655861CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6C9B28-F515-4F47-83F6-F2D4164B8D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9738-B169-4022-85BC-14B0BBFD1C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F8442206-133D-4048-8064-D5724FDF0E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAE96CE-D059-4C87-A7EC-5578EFD93849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7B406A8D-48C1-4E62-BD40-2EA7D1A1A1DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash."
},
{
"lang": "es",
"value": "La funci\u00f3n sapdbwa_GetUserData de MySQL MaxDB 7.5.0.0, otras versiones anteriores a 7.5.0.21 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un par\u00e1metro inv\u00e1lido al c\u00f3digo de manejador de WebDAV, lo que dispara una desreferencia nula que causa que el Agente Web SAP Db se caiga."
}
],
"id": "CVE-2005-0082",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBA6898-4D32-4A3D-8529-1FC7A63894B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference."
}
],
"id": "CVE-2005-0083",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=218\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=218\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19687"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:maxdb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76E015F0-AF14-4850-A1BA-0F341D4499AE",
"versionEndIncluding": "7.5.00.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mysql:maxdb:7.5.00.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0E18C3F7-EC51-4164-A092-90E4AB6C3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long \"If\" parameter."
}
],
"id": "CVE-2005-1274",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=236\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=236\u0026type=vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-0082 (GCVE-0-2005-0082)
Vulnerability from cvelistv5
Published
2005-01-20 05:00
Modified
2024-09-16 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-01-20T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0082",
"datePublished": "2005-01-20T05:00:00Z",
"dateReserved": "2005-01-18T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:51.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0931 (GCVE-0-2004-0931)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/10532 | vdb-entry, x_refsource_OSVDB | |
| http://www.secunia.com/advisories/12756 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/11346 | vdb-entry, x_refsource_BID | |
| http://www.idefense.com/application/poi/display?id=150&type=vulnerabilities&flashstatus=false | third-party-advisory, x_refsource_IDEFENSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17633 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10532"
},
{
"name": "12756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://www.secunia.com/advisories/12756"
},
{
"name": "11346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11346"
},
{
"name": "20041006 MySQL MaxDB Web Agent WebDBMServer Name Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "maxdb-isascii7dos(17633)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10532",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10532"
},
{
"name": "12756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://www.secunia.com/advisories/12756"
},
{
"name": "11346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11346"
},
{
"name": "20041006 MySQL MaxDB Web Agent WebDBMServer Name Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "maxdb-isascii7dos(17633)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10532",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10532"
},
{
"name": "12756",
"refsource": "SECUNIA",
"url": "http://www.secunia.com/advisories/12756"
},
{
"name": "11346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11346"
},
{
"name": "20041006 MySQL MaxDB Web Agent WebDBMServer Name Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "maxdb-isascii7dos(17633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0931",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2004-10-04T00:00:00",
"dateUpdated": "2024-08-08T00:31:48.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0111 (GCVE-0-2005-0111)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1012893 | vdb-entry, x_refsource_SECTRACK | |
| http://www.idefense.com/application/poi/display?id=181&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securityfocus.com/bid/12265 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012893"
},
{
"name": "20050113 MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=181\u0026type=vulnerabilities"
},
{
"name": "12265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012893"
},
{
"name": "20050113 MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=181\u0026type=vulnerabilities"
},
{
"name": "12265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012893",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012893"
},
{
"name": "20050113 MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=181\u0026type=vulnerabilities"
},
{
"name": "12265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0111",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1169 (GCVE-0-2004-1169)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110244542000340&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18387 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:01.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041207 MaxDB WebTools \u003c= 7.5.00.18 buffer overflow and Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
},
{
"name": "maxdb-dos(18387)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041207 MaxDB WebTools \u003c= 7.5.00.18 buffer overflow and Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
},
{
"name": "maxdb-dos(18387)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041207 MaxDB WebTools \u003c= 7.5.00.18 buffer overflow and Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
},
{
"name": "maxdb-dos(18387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1169",
"datePublished": "2004-12-10T05:00:00",
"dateReserved": "2004-12-09T00:00:00",
"dateUpdated": "2024-08-08T00:39:01.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0081 (GCVE-0-2005-0081)
Vulnerability from cvelistv5
Published
2005-01-20 05:00
Modified
2024-09-16 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-01-20T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=187\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0081",
"datePublished": "2005-01-20T05:00:00Z",
"dateReserved": "2005-01-18T00:00:00Z",
"dateUpdated": "2024-09-16T16:52:39.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1274 (GCVE-0-2005-1274)
Vulnerability from cvelistv5
Published
2005-04-26 04:00
Modified
2024-09-16 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=236&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050426 MySQL MaxDB Webtool Remote \u0027If\u0027 Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=236\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long \"If\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-26T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050426 MySQL MaxDB Webtool Remote \u0027If\u0027 Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=236\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long \"If\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050426 MySQL MaxDB Webtool Remote \u0027If\u0027 Stack Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=236\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1274",
"datePublished": "2005-04-26T04:00:00Z",
"dateReserved": "2005-04-26T00:00:00Z",
"dateUpdated": "2024-09-16T20:11:55.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0083 (GCVE-0-2005-0083)
Vulnerability from cvelistv5
Published
2005-03-17 05:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=218&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19687 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050314 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=218\u0026type=vulnerabilities"
},
{
"name": "maxdb-null-pointer-dos(19687)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050314 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=218\u0026type=vulnerabilities"
},
{
"name": "maxdb-null-pointer-dos(19687)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050314 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=218\u0026type=vulnerabilities"
},
{
"name": "maxdb-null-pointer-dos(19687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0083",
"datePublished": "2005-03-17T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1168 (GCVE-0-2004-1168)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18386 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110244542000340&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "maxdb-webdav-bo(18386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18386"
},
{
"name": "20041207 MaxDB WebTools \u003c= 7.5.00.18 buffer overflow and Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "maxdb-webdav-bo(18386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18386"
},
{
"name": "20041207 MaxDB WebTools \u003c= 7.5.00.18 buffer overflow and Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "maxdb-webdav-bo(18386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18386"
},
{
"name": "20041207 MaxDB WebTools \u003c= 7.5.00.18 buffer overflow and Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110244542000340\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1168",
"datePublished": "2004-12-10T05:00:00",
"dateReserved": "2004-12-09T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0684 (GCVE-0-2005-0684)
Vulnerability from cvelistv5
Published
2005-04-26 04:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=234&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securityfocus.com/bid/13368 | vdb-entry, x_refsource_BID | |
| http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV | x_refsource_CONFIRM | |
| http://www.idefense.com/application/poi/display?id=235&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050425 MySQL MaxDB Webtool Remote Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=234\u0026type=vulnerabilities"
},
{
"name": "13368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV"
},
{
"name": "20050425 MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=235\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent (\"%\") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050425 MySQL MaxDB Webtool Remote Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=234\u0026type=vulnerabilities"
},
{
"name": "13368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV"
},
{
"name": "20050425 MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=235\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent (\"%\") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050425 MySQL MaxDB Webtool Remote Stack Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=234\u0026type=vulnerabilities"
},
{
"name": "13368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13368"
},
{
"name": "http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV"
},
{
"name": "20050425 MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=235\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0684",
"datePublished": "2005-04-26T04:00:00",
"dateReserved": "2005-03-08T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4305 (GCVE-0-2006-4305)
Vulnerability from cvelistv5
Published
2006-08-30 01:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28636 | vdb-entry, x_refsource_XF | |
| http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt | x_refsource_MISC | |
| http://www.debian.org/security/2006/dsa-1190 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/archive/1/444601/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/21677 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/22518 | third-party-advisory, x_refsource_SECUNIA | |
| http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1016766 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/3410 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/19660 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "maxdb-webdbm-bo(28636)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
},
{
"name": "DSA-1190",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1190"
},
{
"name": "20060828 SYMSA-2006-009",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
},
{
"name": "21677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21677"
},
{
"name": "22518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
},
{
"name": "1016766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016766"
},
{
"name": "ADV-2006-3410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3410"
},
{
"name": "19660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "maxdb-webdbm-bo(28636)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
},
{
"name": "DSA-1190",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1190"
},
{
"name": "20060828 SYMSA-2006-009",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
},
{
"name": "21677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21677"
},
{
"name": "22518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
},
{
"name": "1016766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016766"
},
{
"name": "ADV-2006-3410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3410"
},
{
"name": "19660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "maxdb-webdbm-bo(28636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
},
{
"name": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt"
},
{
"name": "DSA-1190",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1190"
},
{
"name": "20060828 SYMSA-2006-009",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
},
{
"name": "21677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21677"
},
{
"name": "22518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22518"
},
{
"name": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
},
{
"name": "1016766",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016766"
},
{
"name": "ADV-2006-3410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3410"
},
{
"name": "19660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4305",
"datePublished": "2006-08-30T01:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200412-1126
Vulnerability from variot
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. A remotely exploitable denial of service vulnerability exists in MaxDB. This will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. This issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability
iDEFENSE Security Advisory 10.06.04a: www.idefense.com/application/poi/display?id=150&type=vulnerabilities October 6, 2004
I. BACKGROUND
MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is a heavy-duty, SAP-certified open source database that offers high availability, scalability and a comprehensive feature set. MaxDB complements the MySQL database server, targeted for large mySAP ERP environments and other applications that require maximum enterprise-level database functionality.
II.
The problem specifically exists due to improper input validation of a user-supplied variable in the IsAscii7() function.
wahttp:
ToolsCommon/Tools_DynamicUTF8String.hpp:249:
Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)
Assertion `IsAscii7(src)' failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread 10251 (LWP 12706)]
0x40429781 in kill () from /lib/libc.so.6
III.
IV. DETECTION
iDEFENSE has confirmed that SAP DB version 7.5 for both Linux and Windows is vulnerable.
V. WORKAROUND
Use of an ingress perimeter firewall filter can help detect and mitigate the risk of attack.
VI. VENDOR RESPONSE
"A solution for the issue is available with MaxDB 7.5.00.18."
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the names CAN-2004-0931 to these issues. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
08/16/2004 Initial vendor notification 08/16/2004 iDEFENSE clients notified 08/19/2004 Initial vendor response 10/06/2004 Coordinated public disclosure
IX. CREDIT
Patrik Karlsson (cqure.net) is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright (c) 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.16"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.15"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.14"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.12"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.11"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.08"
},
{
"model": "db",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.5"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.16"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.15"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.14"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.12"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.11"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.08"
},
{
"model": "ab maxdb",
"scope": "ne",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.18"
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Patrik Karlsson.",
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.9
},
"cve": "CVE-2004-0931",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0931",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0931",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-644",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. A remotely exploitable denial of service vulnerability exists in MaxDB. \nThis will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. \nThis issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability\n\niDEFENSE Security Advisory 10.06.04a:\nwww.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\nOctober 6, 2004\n\nI. BACKGROUND\n\nMaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG\u0027s\nopen source database. MaxDB is a heavy-duty, SAP-certified open source\ndatabase that offers high availability, scalability and a comprehensive\nfeature set. MaxDB complements the MySQL database server, targeted for\nlarge mySAP ERP environments and other applications that require maximum\nenterprise-level database functionality. \n\nII. \n\nThe problem specifically exists due to improper input validation of a\nuser-supplied variable in the IsAscii7() function. \n\n wahttp:\n ToolsCommon/Tools_DynamicUTF8String.hpp:249:\n Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)\n Assertion `IsAscii7(src)\u0027 failed. \n\n Program received signal SIGABRT, Aborted. \n [Switching to Thread 10251 (LWP 12706)]\n 0x40429781 in kill () from /lib/libc.so.6\n\nIII. \n\nIV. DETECTION\n\niDEFENSE has confirmed that SAP DB version 7.5 for both Linux and\nWindows is vulnerable. \n\nV. WORKAROUND\n\nUse of an ingress perimeter firewall filter can help detect and mitigate\nthe risk of attack. \n\nVI. VENDOR RESPONSE\n\n\"A solution for the issue is available with MaxDB 7.5.00.18.\"\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nnames CAN-2004-0931 to these issues. This is a candidate for inclusion\nin the CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n08/16/2004 Initial vendor notification\n08/16/2004 iDEFENSE clients notified\n08/19/2004 Initial vendor response\n10/06/2004 Coordinated public disclosure\n\nIX. CREDIT\n\nPatrik Karlsson (cqure.net) is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nX. LEGAL NOTICES\n\nCopyright (c) 2004 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.netsys.com/full-disclosure-charter.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0931",
"trust": 2.0
},
{
"db": "BID",
"id": "11346",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "10532",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "12756",
"trust": 1.6
},
{
"db": "IDEFENSE",
"id": "20041006 MYSQL MAXDB WEB AGENT WEBDBMSERVER NAME DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "7",
"trust": 0.6
},
{
"db": "XF",
"id": "17633",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "34608",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"id": "VAR-200412-1126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1359447
},
"last_update_date": "2024-08-14T12:17:47.636000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/11346"
},
{
"trust": 1.6,
"url": "http://www.secunia.com/advisories/12756"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/10532"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17633"
},
{
"trust": 0.4,
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.mysql.com/products/maxdb/"
},
{
"trust": 0.1,
"url": "http://lists.netsys.com/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0931"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-10-07T00:00:00",
"db": "BID",
"id": "11346"
},
{
"date": "2004-10-13T05:40:14",
"db": "PACKETSTORM",
"id": "34608"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-12T07:06:00",
"db": "BID",
"id": "11346"
},
{
"date": "2006-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-644"
},
{
"date": "2017-07-11T01:30:35.307000",
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MySQL MaxDB WebDBM Server Name Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.6
}
}
var-200608-0332
Vulnerability from variot
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2006-09 Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow Author: Oliver Karow / Oliver_Karow@symantec.com Release Date: 29-08-2006 Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM Platform: Windows/Unix Severity: Remotely exploitable/Local System Access Vendor status: Verified by vendor / Resolved in 7.6.00.31 CVE Number: CVE-2006-4305 Reference: http://www.securityfocus.com/bid/19660
Overview:
A connection from a WebDBM Client to the DBM Server causes a
buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server.
Details: SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability, scalability and a very comprehensive feature set. It is targeted for large mySAP Business Suite environments and other applications that require maximum enterprise-level database functionality and complements the MySQL database server.
A remotely exploitable vulnerability exists in MaxDB's WebDBM. Authentication is not required
for successful exploitation to occur.
Vendor Response:
The above vulnerability has been fixed in the latest release of the product, MaxDB 7.6.00.31.
Licensed and evaluation versions of MaxDB are available for download in the download section of www.mysql.com/maxdb: http://dev.mysql.com/downloads/maxdb/7.6.00.html.
If there are any further questions about this statement, please contact mysql-MaxDB support.
Please note that SAP customers receive their downloads via the SAP Service Marketplace www.service.sap.com and must not use downloads from the addresses above for their SAP solutions.
Recommendation:
The vendor has released MaxDB 7.6.00.31 to address
this issue. Users should contact the vendor to obtain the appropriate upgrade.
As a temporary workaround the SAP-DB WWW Service should either be disabled or have access to it restricted using appropriate network or client based access controls.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
CVE-2006-4305
- -------Symantec Consulting Services Advisory Information-------
For questions about this advisory, or to report an error: cs_advisories@symantec.com
For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf
Consulting Services Advisory Archive: http://www.symantec.com/research/
Consulting Services Advisory GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product: secure@symantec.com
For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/
Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html
Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc
Copyright (c) 2006 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from cs_advisories@symantec.com.
Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5 gKP3gDsY1sr7ioo8+maNHFA= =vuXL -----END PGP SIGNATURE----- .
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: MaxDB WebDBM Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA21677
VERIFY ADVISORY: http://secunia.com/advisories/21677/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/
DESCRIPTION: Oliver Karow has reported a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in WebDBM when processing database names.
The vulnerability has been reported in version 7.6.00.22. Other versions may also be affected.
SOLUTION: Update to version 7.6.00.31 or later. http://dev.mysql.com/downloads/maxdb/7.6.00.html
PROVIDED AND/OR DISCOVERED BY: Oliver Karow, Symantec.
ORIGINAL ADVISORY: Symantec: http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA21677
SOLUTION: Apply updated packages.
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc Size/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz Size/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz Size/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb Size/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb Size/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb Size/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb Size/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb Size/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb Size/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb Size/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb Size/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436
-- Debian GNU/Linux unstable alias sid --
Reportedly, the problem will be fixed soon
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "lte",
"trust": 1.0,
"vendor": "mysql",
"version": "7.6.00.22"
},
{
"model": "sap-db",
"scope": "eq",
"trust": 1.0,
"vendor": "sap db",
"version": "*"
},
{
"model": "maxdb",
"scope": "lt",
"trust": 0.8,
"vendor": "mysql ab",
"version": "7.6.00.30"
},
{
"model": "sap-db",
"scope": null,
"trust": 0.8,
"vendor": "sap db",
"version": null
},
{
"model": "maxdb",
"scope": "eq",
"trust": 0.6,
"vendor": "mysql",
"version": "7.6.00.22"
},
{
"model": "db sap db",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.6.00.22"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "ab maxdb",
"scope": "ne",
"trust": 0.3,
"vendor": "mysql",
"version": "7.6.00.31"
}
],
"sources": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mysql:maxdb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sap-db:sap-db",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oliver Karow from Symantec is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "19660"
}
],
"trust": 0.3
},
"cve": "CVE-2006-4305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-4305",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4305",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-4305",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-466",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n Symantec Vulnerability Research\n http://www.symantec.com/research\n Security Advisory\n\n Advisory ID: SYMSA-2006-09\n Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow\n Author: Oliver Karow / Oliver_Karow@symantec.com\n Release Date: 29-08-2006\n Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM\n Platform: Windows/Unix\n Severity: Remotely exploitable/Local System Access\n Vendor status: Verified by vendor / Resolved in 7.6.00.31\n CVE Number: CVE-2006-4305\n Reference: http://www.securityfocus.com/bid/19660\n\n\nOverview: \n\n A connection from a WebDBM Client to the DBM Server causes a \nbuffer overflow when the given database name is too large. This \ncan result in the execution of arbitrary code in the context of \nthe database server. \n\n\nDetails: \n SAP-DB/MaxDB is a heavy-duty, SAP-certified open source \ndatabase for OLTP and OLAP usage which offers high reliability, \navailability, scalability and a very comprehensive feature set. \nIt is targeted for large mySAP Business Suite environments \nand other applications that require maximum enterprise-level \ndatabase functionality and complements the MySQL database server. \n\n A remotely exploitable vulnerability exists in MaxDB\u0027s WebDBM. Authentication is not required \nfor successful exploitation to occur. \n\t\n\nVendor Response:\n\nThe above vulnerability has been fixed in the latest release of \nthe product, MaxDB 7.6.00.31. \n\nLicensed and evaluation versions of MaxDB are available for \ndownload in the download section of www.mysql.com/maxdb:\nhttp://dev.mysql.com/downloads/maxdb/7.6.00.html. \n\nIf there are any further questions about this statement, please\ncontact mysql-MaxDB support. \n\nPlease note that SAP customers receive their downloads via the \nSAP Service Marketplace www.service.sap.com and must not use \ndownloads from the addresses above for their SAP solutions. \n\nRecommendation:\n\n\tThe vendor has released MaxDB 7.6.00.31 to address \nthis issue. Users should contact the vendor to obtain the \nappropriate upgrade. \n\nAs a temporary workaround the SAP-DB WWW Service should either \nbe disabled or have access to it restricted using appropriate \nnetwork or client based access controls. \n\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nthe following names to these issues. These are candidates for \ninclusion in the CVE list (http://cve.mitre.org), which standardizes \nnames for security problems. \n\n\n CVE-2006-4305\n\n- -------Symantec Consulting Services Advisory Information-------\n\nFor questions about this advisory, or to report an error:\ncs_advisories@symantec.com\n\nFor details on Symantec\u0027s Vulnerability Reporting Policy: \nhttp://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\n\nConsulting Services Advisory Archive: \nhttp://www.symantec.com/research/ \n\nConsulting Services Advisory GPG Key:\nhttp://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc\n\n- -------------Symantec Product Advisory Information-------------\n\nTo Report a Security Vulnerability in a Symantec Product:\nsecure@symantec.com \n\nFor general information on Symantec\u0027s Product Vulnerability \nreporting and response:\nhttp://www.symantec.com/security/\n\nSymantec Product Advisory Archive: \nhttp://www.symantec.com/avcenter/security/SymantecAdvisories.html\n\nSymantec Product Advisory PGP Key:\nhttp://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\n\n- ---------------------------------------------------------------\n\nCopyright (c) 2006 by Symantec Corp. \nPermission to redistribute this alert electronically is granted \nas long as it is not edited in any way unless authorized by \nSymantec Consulting Services. Reprinting the whole or part of \nthis alert in any medium other than electronically requires \npermission from cs_advisories@symantec.com. \n\nDisclaimer\nThe information in the advisory is believed to be accurate at the \ntime of publishing based on currently available information. Use \nof the information constitutes acceptance for use in an AS IS \ncondition. There are no warranties with regard to this information. \nNeither the author nor the publisher accepts any liability for any \ndirect, indirect, or consequential loss or damage arising from use \nof, or reliance on, this information. \n\nSymantec, Symantec products, and Symantec Consulting Services are \nregistered trademarks of Symantec Corp. and/or affiliated companies \nin the United States and other countries. All other registered and \nunregistered trademarks represented in this document are the sole \nproperty of their respective companies/owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5\ngKP3gDsY1sr7ioo8+maNHFA=\n=vuXL\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nMaxDB WebDBM Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21677\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21677/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nMaxDB 7.x\nhttp://secunia.com/product/4012/\n\nDESCRIPTION:\nOliver Karow has reported a vulnerability in MaxDB, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error in WebDBM when\nprocessing database names. \n\nThe vulnerability has been reported in version 7.6.00.22. Other\nversions may also be affected. \n\nSOLUTION:\nUpdate to version 7.6.00.31 or later. \nhttp://dev.mysql.com/downloads/maxdb/7.6.00.html\n\nPROVIDED AND/OR DISCOVERED BY:\nOliver Karow, Symantec. \n\nORIGINAL ADVISORY:\nSymantec:\nhttp://www.symantec.com/enterprise/research/SYMSA-2006-009.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes a\nvulnerability, which can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA21677\n\nSOLUTION:\nApply updated packages. \n\n-- Debian GNU/Linux 3.1 alias sarge --\n\nSource archives:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc\nSize/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz\nSize/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz\nSize/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb\n\nAMD64 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce\n\nIntel IA-32 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537\n\nIntel IA-64 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436\n\n-- Debian GNU/Linux unstable alias sid --\n\nReportedly, the problem will be fixed soon",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "BID",
"id": "19660"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4305",
"trust": 2.8
},
{
"db": "BID",
"id": "19660",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "21677",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "22518",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016766",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3410",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994",
"trust": 0.8
},
{
"db": "XF",
"id": "28636",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1190",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060828 SYMSA-2006-009",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49541",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "51237",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"id": "VAR-200608-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1359447
},
"last_update_date": "2024-11-23T22:24:24.171000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MaxDB",
"trust": 0.8,
"url": "http://www.mysql.com/sap/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sapdb.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19660"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2006/dsa-1190"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1016766"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22518"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21677"
},
{
"trust": 1.6,
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
},
{
"trust": 1.1,
"url": "http://www.symantec.com/enterprise/research/symsa-2006-009.txt"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3410"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4305"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4305"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/444601/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3410"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28636"
},
{
"trust": 0.4,
"url": "http://dev.mysql.com/downloads/maxdb/7.6.00.html."
},
{
"trust": 0.3,
"url": "http://www.mysql.com/products/maxdb/"
},
{
"trust": 0.3,
"url": "http://www.mysql.com"
},
{
"trust": 0.3,
"url": "http://www.sapdb.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/21677/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://www.mysql.com/maxdb:"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/symantec-responsible-disclosure.pdf"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/"
},
{
"trust": 0.1,
"url": "https://www.service.sap.com"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/avcenter/security/symantecadvisories.html"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security/"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security/symantec-vulnerability-management-key.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4305"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/symantec_vulnerability_research_gpg.asc"
},
{
"trust": 0.1,
"url": "http://dev.mysql.com/downloads/maxdb/7.6.00.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4012/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5307/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://www.us.debian.org/security/2006/dsa-1190"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/530/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22518/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb"
}
],
"sources": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-29T00:00:00",
"db": "BID",
"id": "19660"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"date": "2006-08-29T16:57:14",
"db": "PACKETSTORM",
"id": "49541"
},
{
"date": "2006-08-30T20:08:37",
"db": "PACKETSTORM",
"id": "49583"
},
{
"date": "2006-10-23T18:08:13",
"db": "PACKETSTORM",
"id": "51237"
},
{
"date": "2006-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-466"
},
{
"date": "2006-08-30T01:04:00",
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-04T23:15:00",
"db": "BID",
"id": "19660"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"date": "2007-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-466"
},
{
"date": "2024-11-21T00:15:37.813000",
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP DB Buffer overflow vulnerability in products such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
],
"trust": 0.6
}
}