Page 6 of 35 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. Múltiples desbordamientos de búfer en Firebird 2.1 permite a atacantes remotos disparar una corrupción de memoria y posiblemente tener otro impacto no especificado mediante determinadas entradas procesadas por (1) config\ConfigFile.cpp o (2) msgs\check_msgs.epp. NOTA: si ConfigFile.cpp lee un fichero de configuración con permisos restrictivos, entonces el vector ConfigFile.cpp puede no cruzar límites de privilegios y quizás no debería ser incluido en CVE. • http://osvdb.org/37308 http://osvdb.org/37309 http://secunia.com/advisories/29501 http://securityreason.com/securityalert/2708 http://www.debian.org/security/2008/dsa-1529 http://www.securityfocus.com/archive/1/468070/100/0/threaded http://www.securityfocus.com/bid/28478 https://exchange.xforce.ibmcloud.com/vulnerabilities/34201 •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 2

Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument. • https://www.exploit-db.com/exploits/27418 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html http://www.securityfocus.com/archive/1/427480/100/0/threaded http://www.securityfocus.com/bid/17077 https://exchange.xforce.ibmcloud.com/vulnerabilities/25282 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html http://www.securityfocus.com/archive/1/427480/100/0/threaded http://www.securityfocus.com/bid/17077 https://exchange.xforce.ibmcloud.com/vulnerabilities/25282 •

CVSS: 2.6EPSS: 0%CPEs: 43EXPL: 0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. Los navegadores Mozilla 1.6, Firebird 0.7 y Firefox 0.8 no verifican adecuadamente que las contraseñas almacenadas en caché de sitios cifrados con SSL sean sólo enviadas mediante sesiones cifradas con el sitio, lo que permite a atacantes remotos hacer que contraseñas en caché sean enviadas en texto plano al sitio suplantado. • http://bugzilla.mozilla.org/show_bug.cgi?id=226278 http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 https://exchange.xforce.ibmcloud.com/vulnerabilities/17018 •