Page 3 of 14 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. Vulnerabilidad no especificada en la funcionalidad (1) adjuntar base de datos y (2) crear base de datos en Firebird versiones anteriores 2.0.2, cuando un nombre de fichero excede MAX_PATH_LEN, tiene impacto desconocido y vectores de ataque, también conocido como CORE-1405. • http://secunia.com/advisories/26615 http://secunia.com/advisories/29501 http://sourceforge.net/project/shownotes.php?release_id=535898 http://tracker.firebirdsql.org/browse/CORE-1405 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/index.php?op=files&id=engine_202 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf http://www.securityfocus.com/bid/25497 http://www.vupen.com/english/advisories/2007/3021 https://exchange.xforce.ibmcloud.com&#x • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 32%CPEs: 2EXPL: 2

Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." Desbordamiento de búfer en fbserver.exe de Firebird SQL 2 before 2.0.1 permite a atacantes remotos ejecutar código de su elección mediante un valor p_cnct_count grande en una estructura p_cnct structure en una petición de conexión (0x01) al puerto 3050/tcp, relacionado con "una versión InterBase de gds32.dll". • https://www.exploit-db.com/exploits/30186 http://dvlabs.tippingpoint.com/advisory/TPTI-07-11 http://osvdb.org/37231 http://secunia.com/advisories/25601 http://secunia.com/advisories/25872 http://secunia.com/advisories/29501 http://security.gentoo.org/glsa/glsa-200707-01.xml http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf http://www.securityfocus.com/bid/24436 http://www.vupen.com/english/advisories/2007 •

CVSS: 2.6EPSS: 0%CPEs: 43EXPL: 0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 •

CVSS: 5.0EPSS: 22%CPEs: 9EXPL: 4

Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command. • https://www.exploit-db.com/exploits/303 https://www.exploit-db.com/exploits/24165 http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html http://marc.info/?l=bugtraq&m=108611386202493&w=2 http://secunia.com/advisories/11756 http://secunia.com/advisories/19350 http://securitytracker.com/id?1010381 http://www.debian.org/security/2006/dsa-1014 http://www.osvdb.org/6408 http://www.osvdb.org/6624 http://www.securiteam.com/unixfocus/5AP0P0UCUO.html http:& •