CVE-2008-1880

The CVE-2008-1880 entry concerns Firebird on Gentoo Linux. The default Gentoo init script sets the ISC_PASSWORD environment variable when starting Firebird, which is used for remote SYSDBA connections if no password is supplied. This allows remote attackers to bypass SYSDBA authentication and obt...

GLSA-200805-06 : Firebird: Data disclosure

The remote host is affected by the vulnerability described in GLSA-200805-06 Firebird: Data disclosure Viesturs reported that the default configuration for Gentoo's init script '/etc/conf.d/firebird' sets the 'ISCPASSWORD' environment variable when starting Firebird. It will be used when no...

Firebird: Data disclosure

Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...

Oracle privilege escalation

Multi-step sequence of operations allows user to get SYSDBA privileges...

Oracle 0-day to get SYSDBA access

Tanel Poder has found a way to get SYSDBA access to the Oracle database by utilising a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGEUSER and CREATE SESSION. he shows how a user with these privileges can become SYS but not SYSDBA and then use an immediate...

CVE-2007-4669

The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log firebird.log, aka CORE-1148...

Code injection

The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log firebird.log, aka CORE-1148...

Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection

Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...

Oracle contains multiple SQL injection vulnerabilities

Overview Oracle Database Server versions 9i and 10g contain flaws that may allow SQL injection with privileges of the SYSDBA user. Description Oracle Database Server versions 9i and 10g are vulnerable to SQL injection. These flaws may allow a local attacker with the ability to create function...

Oracle Database Server 10.1.0.2 - Local Buffer Overflow

Oracle Database Server 10.1.0.2 - Local Buffer Overflow / Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at...

Oracle Database Server <= 10.1.0.2 Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ========================================================== Oracle Database Server = 10.1.0.2 Buffer Overflow Exploit ========================================================== / Advanced SQL Injection in Oracle databases Exploit for the buff...

Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow

Oracle Database 10.1 - MDSYS.MD2.SDOCODESIZE Buffer Overflow source: https://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an...

Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow

source: https://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffe...

Oracle Database Server 10.1.0.2 - Local Buffer Overflow

/ Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at http://metalink.oracle.com. The exploit creates a SYSDBA user ERIC with a...