← back
CVE-2005-0684

CVE-2005-0684

EPSS 68.5%
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/16791unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAVhttp://www.idefense.com/application/poi/display?id=234&type=vulnerabilitieshttp://www.idefense.com/application/poi/display?id=235&type=vulnerabilitieshttp://www.securityfocus.com/bid/13368