CVE-2007-4667
https://notcve.org/view.php?id=CVE-2007-4667
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149. Vulnerabilidad sin especificar en el Services API del Firebird anterior al 2.0.2, permite a atacantes remotos provocar una denegación de servicio, también conocido como CORE-1149. • http://secunia.com/advisories/26615 http://secunia.com/advisories/29501 http://sourceforge.net/project/shownotes.php?release_id=535898 http://tracker.firebirdsql.org/browse/CORE-1149 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/index.php?op=files&id=engine_202 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf http://www.securityfocus.com/bid/25497 http://www.vupen.com/english/advisories/2007/3021 https://exchange.xforce.ibmcloud.com •
CVE-2007-4668
https://notcve.org/view.php?id=CVE-2007-4668
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312. Vulnerabilidad no especificada en el servidor en Firebird anterior a 2.0.2 permite a atacantes remotos determinar la existencia de archivos de su elección, y posiblemente obtener otros "accesos a archivo," a través de vectores desconocidos, también conocido como CORE-1312. • http://secunia.com/advisories/29501 http://sourceforge.net/project/shownotes.php?release_id=535898 http://tracker.firebirdsql.org/browse/CORE-1312 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/index.php?op=files&id=engine_202 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf http://www.securityfocus.com/bid/25497 http://www.vupen.com/english/advisories/2007/3021 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4669
https://notcve.org/view.php?id=CVE-2007-4669
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. La Services API del Firebird anterior al 2.0.2 permite a usuarios remotos autenticados sin privilegios SYSDBA leer el log del servidor (firebird.log), también conocido como CORE-1148. • http://secunia.com/advisories/29501 http://sourceforge.net/project/shownotes.php?release_id=535898 http://tracker.firebirdsql.org/browse/CORE-1148 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/index.php?op=files&id=engine_202 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf http://www.securityfocus.com/bid/25497 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4664
https://notcve.org/view.php?id=CVE-2007-4664
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. Vulnerabilidad no especificada en la funcionalidad (1) adjuntar base de datos y (2) crear base de datos en Firebird versiones anteriores 2.0.2, cuando un nombre de fichero excede MAX_PATH_LEN, tiene impacto desconocido y vectores de ataque, también conocido como CORE-1405. • http://secunia.com/advisories/26615 http://secunia.com/advisories/29501 http://sourceforge.net/project/shownotes.php?release_id=535898 http://tracker.firebirdsql.org/browse/CORE-1405 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/index.php?op=files&id=engine_202 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf http://www.securityfocus.com/bid/25497 http://www.vupen.com/english/advisories/2007/3021 https://exchange.xforce.ibmcloud.com • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3527
https://notcve.org/view.php?id=CVE-2007-3527
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data. Desbordamiento de entero en Firebird 2.0.0 permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante determinadas operaciones de base de datos con juegos de caracteres multi-byte que disparan un intento de usar el valor 65536 para un entero de 16 bits, el cual es tratado como 0 y provoca un bucle infinito en datos de longitud cero. • http://osvdb.org/43782 http://secunia.com/advisories/29501 http://tracker.firebirdsql.org/browse/CORE-1063 http://www.debian.org/security/2008/dsa-1529 http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf http://www.securityfocus.com/bid/28473 •