Page 3 of 15 results (0.004 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. Vulnerabilidad no especificada en la funcionalidad (1) adjuntar base de datos y (2) crear base de datos en Firebird versiones anteriores 2.0.2, cuando un nombre de fichero excede MAX_PATH_LEN, tiene impacto desconocido y vectores de ataque, también conocido como CORE-1405. • http://secunia.com/advisories/26615 http://secunia.com/advisories/29501 http://sourceforge.net/project/shownotes.php?release_id=535898 http://tracker.firebirdsql.org/browse/CORE-1405 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/index.php?op=files&id=engine_202 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf http://www.securityfocus.com/bid/25497 http://www.vupen.com/english/advisories/2007/3021 https://exchange.xforce.ibmcloud.com&#x • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 32%CPEs: 2EXPL: 2

Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." Desbordamiento de búfer en fbserver.exe de Firebird SQL 2 before 2.0.1 permite a atacantes remotos ejecutar código de su elección mediante un valor p_cnct_count grande en una estructura p_cnct structure en una petición de conexión (0x01) al puerto 3050/tcp, relacionado con "una versión InterBase de gds32.dll". • https://www.exploit-db.com/exploits/30186 http://dvlabs.tippingpoint.com/advisory/TPTI-07-11 http://osvdb.org/37231 http://secunia.com/advisories/25601 http://secunia.com/advisories/25872 http://secunia.com/advisories/29501 http://security.gentoo.org/glsa/glsa-200707-01.xml http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf http://www.securityfocus.com/bid/24436 http://www.vupen.com/english/advisories/2007 •

CVSS: 2.6EPSS: 0%CPEs: 43EXPL: 0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 3

Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop. Desbordamiento de búfer en Firebird 1.0.2 permite que usuarios locales ejecuten comandos arbitrarios mediante una variable INTERBASE larga cuando se llama a (1) gds_inet_server, (2) gds_lock_mgr, o (3) gds_drop. • https://www.exploit-db.com/exploits/29 https://www.exploit-db.com/exploits/21566 https://www.exploit-db.com/exploits/21565 http://marc.info/?l=bugtraq&m=105259012802997&w=2 http://seclists.org/lists/bugtraq/2002/Jun/0212.html http://secunia.com/advisories/8758 http://security.gentoo.org/glsa/glsa-200405-18.xml http://www.securityfocus.com/bid/7546 https://exchange.xforce.ibmcloud.com/vulnerabilities/11977 •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1

Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK). Desbordamiento de búfer gds_lock_mgr de Interbase Database 6.x permite a usuarios locales la obtención de privilegios mediante una variable de entorno ISC_LOCK_ENV larga. (INTERBASE_LOCK). • http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html http://marc.info/?l=bugtraq&m=104940730819887&w=2 http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt •