Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
46.45%
Published
2010-03-29
Updated
2018-10-10
CVE-2008-0244
Public exploit
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
Max CVSS
10.0
EPSS Score
96.80%
Published
2008-01-12
Updated
2018-10-15
2 vulnerabilities found