Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-15 | CVE-2003-1034 | The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | 4.6 |
| 2004-04-15 | CVE-2003-1033 | Unspecified vulnerability in SAP DB 7.3.00/7.4 The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program. | 7.2 |
| 2004-04-15 | CVE-2002-1579 | Denial of Service vulnerability in SAP SAPgui SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | 5.0 |
| 2004-04-15 | CVE-2002-1578 | Unspecified vulnerability in SAP R 3 The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected. | 7.5 |
| 2004-04-15 | CVE-2002-1577 | Remote Security vulnerability in SAP R 3 2.0Bto4.6D SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts. | 7.5 |
| 2004-04-15 | CVE-2002-1576 | Symbolic Link vulnerability in SAP DB 7.3.00 lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program. | 7.2 |
| 2003-12-15 | CVE-2003-0945 | Remote Security vulnerability in Sap Db The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities. | 7.5 |
| 2003-12-15 | CVE-2003-0944 | Remote Security vulnerability in Sap Db Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI. | 7.5 |
| 2003-12-15 | CVE-2003-0943 | Information Disclosure vulnerability in Sap Db web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm). | 7.5 |
| 2003-12-15 | CVE-2003-0942 | Remote Security vulnerability in Sap Db Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa. | 7.5 |