14 matches found
SUSE CVE-2026-28214
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...
CVE-2026-28214
A flaw was found in Firebird, an open-source relational database management system. An authenticated user with INSERT privileges on any table can exploit this vulnerability by sending a specially crafted Batch Parameter Block. This action causes an integer overflow in the...
CVE-2026-28214
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...
EUVD-2026-23466
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...
CVE-2026-28214 Firebird server hangs when using specific clumplet on batch creation
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...
CVE-2026-28214 Firebird server hangs when using specific clumplet on batch creation
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...
CVE-2026-28214
CVE-2026-28214 affects Firebird DBMS. The issue is in the ClumpletReader::getClumpletSize() when parsing a Wide type clumplet, which can overflow totalLength and cause an infinite loop. An authenticated user with INSERT privileges on any table can trigger a denial of service via a crafted Batch P...
PT-2026-33479
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...
PT-2026-30689
Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System affected versions not specified Description A cross-site scripting issue exists due to manipulation of the batch argument in the Class Schedule Deletion Endpoint, specifically within the file...
Student-Management-System 代码注入漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. The Student-Management-System has a code injection vulnerability, which stems from incorrect handling of the "batch" parameter in the file admin/class%20schedule/deletebatch.php. This...
CVE-2025-4940
A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admininfo.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely...
1000 Projects Daily College Class Work Report Book 注入漏洞
1000 Projects Daily College Class Work Report Book is an open source college class work report book by 1000 Projects. An injection vulnerability exists in 1000 Projects Daily College Class Work Report Book version 1.0, which originates from SQL injection due to the operation of the parameter batc...
CVE-2005-4241
Cross-site scripting XSS vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter...
CVE-2005-4241
Cross-site scripting XSS vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter...