Description
Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textremotewindows
https://www.exploit-db.com/exploits/5213
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=120468784112145&w=2
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5213
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40997
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29230
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28097
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0764/references
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/versantcmd-adv.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489139/100/0/threaded
Exploit third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3738
Scores
EPSS
0.1182
EPSS Percentile
93.7%
Details
Status
published
Products (2)
versant/versant_object_database
7.0.1
versant/versant_object_database
< 7.0.1.3
Published
Mar 13, 2008
Tracked Since
Feb 18, 2026