CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4305

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1810%
EPSS Percentile13.51th
PublishedAug 30, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.

Affected Platforms (CPE)

πŸ“¦
Mysql

Maxdb

<= 7.6.00.22
πŸ“¦
Sap Db

Sap Db

All versions

References & Advisories

πŸ”— http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html
πŸ”— http://secunia.com/advisories/21677
πŸ”— http://secunia.com/advisories/22518
πŸ”— http://securitytracker.com/id?1016766
πŸ”— http://www.debian.org/security/2006/dsa-1190
πŸ”— http://www.securityfocus.com/archive/1/444601/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/19660
πŸ”— http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt

Related Vulnerabilities

CVE-2005-127410.0

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote ...

CVE-2005-068410.0

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (...

CVE-2004-116810.0

Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbit...

CVE-2008-024410.0

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacte...