130 matches found
CVE-2023-41038 Server crash when using specific form of SET BIND statement
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...
[SECURITY] [DLA 2824-1] firebird3.0 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2824-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 20, 2021 https://wiki.debian.org/LTS -...
PT-2021-3510
Name of the Vulnerable Software and Affected Versions PHP versions 7.3.x through 7.3.28 PHP versions 7.4.x through 7.4.20 PHP versions 8.0.x through 8.0.7 Description The issue is related to insufficient input validation in the Firebird PDO driver extension. A malicious database server could caus...
Design/Logic Flaw
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as wel...
CVE-2020-10552
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as wel...
CVE-2020-10552
Psyprax ≤3.2.1 has a credential-reuse vulnerability where the Firebird database is initialized with the default sysdba:masterke credentials, allowing any user to access and modify the database contents (including passwords) and to directly access local database files. This issue is documented acr...
The vulnerability of the UDF subsystem of the “Red Database” and Firebird database management systems allows attackers to execute arbitrary code.
The vulnerability of the UDF subsystem in the “Red Database” and Firebird database management systems is related to errors during the execution of user-defined functions. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the SQL command execution utility for the Firebird database, isql-fb, allows a hacker to cause a service failure.
The vulnerability of the SQL command execution utility for Firebird database, iSQL-FB, arises due to buffer overflows during the processing of command line parameters. Exploiting this vulnerability can allow an attacker to cause a service failure by entering a specially crafted sequence of data...
The vulnerability of the gdef application, which is part of the Firebird database management system, allows a perpetrator to cause a service failure.
The vulnerability of the Mendex application, which is part of the Firebird database management system, is related to overflow errors in buffer handling when processing command lines. Exploiting this vulnerability allows an attacker to cause a service failure by entering special parameters into th...
Firebird SQL Server Command Execution Vulnerability
Firebird SQL Server is the Firebird Foundation's set of open source cross-platform to provide multiple ANSI SQL-92 functionality of the SQL database management system . A security vulnerability exists in Firebird SQL Server versions 2.5.7 and 3.0.2. A remote attacker can exploit this vulnerabilit...
The vulnerability of the Firebird database management system allows a perpetrator to cause a service failure.
The vulnerability of the Firebird database management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause service failures by using the service dispatcher to execute the gbak utility with incorrect parameters...
The vulnerability of the Firebird database management system allows a perpetrator to cause a service failure.
The vulnerability of the TraceManager component in the Firebird database management system is related to resource management errors. Exploiting this vulnerability allows an attacker to cause service failures by generating empty dynamic SQL queries from a remote location...
The vulnerability of the Firebird database management system allows a perpetrator to cause a service failure.
The vulnerability of the xdrstatusvector function in the Firebird database management system is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Firebird database management system allows a perpetrator to execute arbitrary code.
The vulnerability of the Firebird database management system arises due to buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted TCP packet sent to port 3050 with an incorrect checksum...
[SECURITY] [DSA 3109-1] firebird2.5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3109-1] firebird2.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...
DSA-3109-1 firebird2.5 - security update
Bulletin has no description...
Firebird 1.0 - Remote Pre-Authentication Database Name Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10446/info Firebird is reported prone to a remote buffer-overrun vulnerability. The issue occurs because the application fails to perform sufficient boundary checks when the database server is handling database names. A...
DSA-2648-1 firebird2.5 - several
Bulletin has no description...
DSA-2647-1 firebird2.1 - buffer overflow
Bulletin has no description...