Page 3 of 19 results (0.008 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. Vulnerabilidad no especificada en la funcionalidad (1) adjuntar base de datos y (2) crear base de datos en Firebird versiones anteriores 2.0.2, cuando un nombre de fichero excede MAX_PATH_LEN, tiene impacto desconocido y vectores de ataque, también conocido como CORE-1405. • http://secunia.com/advisories/26615 http://secunia.com/advisories/29501 http://sourceforge.net/project/shownotes.php?release_id=535898 http://tracker.firebirdsql.org/browse/CORE-1405 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/index.php?op=files&id=engine_202 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf http://www.securityfocus.com/bid/25497 http://www.vupen.com/english/advisories/2007/3021 https://exchange.xforce.ibmcloud.com&#x • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 32%CPEs: 2EXPL: 2

Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." Desbordamiento de búfer en fbserver.exe de Firebird SQL 2 before 2.0.1 permite a atacantes remotos ejecutar código de su elección mediante un valor p_cnct_count grande en una estructura p_cnct structure en una petición de conexión (0x01) al puerto 3050/tcp, relacionado con "una versión InterBase de gds32.dll". • https://www.exploit-db.com/exploits/30186 http://dvlabs.tippingpoint.com/advisory/TPTI-07-11 http://osvdb.org/37231 http://secunia.com/advisories/25601 http://secunia.com/advisories/25872 http://secunia.com/advisories/29501 http://security.gentoo.org/glsa/glsa-200707-01.xml http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf http://www.securityfocus.com/bid/24436 http://www.vupen.com/english/advisories/2007 •

CVSS: 2.6EPSS: 0%CPEs: 43EXPL: 0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. Los navegadores Mozilla 1.6, Firebird 0.7 y Firefox 0.8 no verifican adecuadamente que las contraseñas almacenadas en caché de sitios cifrados con SSL sean sólo enviadas mediante sesiones cifradas con el sitio, lo que permite a atacantes remotos hacer que contraseñas en caché sean enviadas en texto plano al sitio suplantado. • http://bugzilla.mozilla.org/show_bug.cgi?id=226278 http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 https://exchange.xforce.ibmcloud.com/vulnerabilities/17018 •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Los navegadores web (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como "de inyección de marco". • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.mozilla.org/show_bug.cgi?id=246448 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test http://www.debian.org/security/2005/dsa-777 http://www.debian.org/security/2005/dsa-810 http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 http://www.novell.com/linux/security/ad •