MidnightBSD

Advisories for borland_software

CVE-2000-0866 LOW

Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software interbase_superserver 6.0
CVE-2001-0008 HIGH

Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software interbase 4.0
borland_software interbase 6.0
borland_software interbase 5.0
firebirdsql firebird *
CVE-2002-1514 HIGH

gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software interbase 4.0
borland_software interbase 6.5
borland_software interbase 6.0
borland_software interbase 5.0
CVE-2002-2087 MEDIUM

Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software interbase 6.0
CVE-2003-0197 HIGH

Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software interbase 6.4
borland_software interbase 6.5
borland_software interbase 6.0
firebirdsql firebird 1.0.2
CVE-2004-0204 HIGH

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
businessobjects crystal_reports 9
businessobjects crystal_enterprise_java_sdk 8.5
businessobjects crystal_enterprise 10
borland_software j_builder *
businessobjects crystal_reports 10
businessobjects crystal_enterprise_ras 8.5
microsoft business_solutions_crm 1.2
microsoft visual_studio_.net 2003
bea weblogic_server 8.1
microsoft outlook 2003
businessobjects crystal_enterprise 9
CVE-2004-1833 HIGH

The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software interbase 4.0
borland_software interbase 6.4
borland_software interbase 7.1
borland_software interbase 6.5
borland_software interbase 7.0
borland_software interbase 6.0
borland_software interbase 5.0
CVE-2004-2043 MEDIUM

Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software interbase 4.0
borland_software interbase 6.4
borland_software interbase 7.1
borland_software interbase 6.5
borland_software interbase 7.0
borland_software interbase_superserver 6.0
borland_software interbase 6.0
firebirdsql firebird 1.0
borland_software interbase 5.0
CVE-2004-2121 MEDIUM

Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software web_server_for_corel_paradox *
CVE-2006-0634 MEDIUM

Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
borland_software c++_builder 6