Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | interbase_superserver | 6.0 |
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | interbase | 4.0 |
| borland_software | interbase | 6.0 |
| borland_software | interbase | 5.0 |
| firebirdsql | firebird | * |
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | interbase | 4.0 |
| borland_software | interbase | 6.5 |
| borland_software | interbase | 6.0 |
| borland_software | interbase | 5.0 |
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | interbase | 6.0 |
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | interbase | 6.4 |
| borland_software | interbase | 6.5 |
| borland_software | interbase | 6.0 |
| firebirdsql | firebird | 1.0.2 |
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| businessobjects | crystal_reports | 9 |
| businessobjects | crystal_enterprise_java_sdk | 8.5 |
| businessobjects | crystal_enterprise | 10 |
| borland_software | j_builder | * |
| businessobjects | crystal_reports | 10 |
| businessobjects | crystal_enterprise_ras | 8.5 |
| microsoft | business_solutions_crm | 1.2 |
| microsoft | visual_studio_.net | 2003 |
| bea | weblogic_server | 8.1 |
| microsoft | outlook | 2003 |
| businessobjects | crystal_enterprise | 9 |
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | interbase | 4.0 |
| borland_software | interbase | 6.4 |
| borland_software | interbase | 7.1 |
| borland_software | interbase | 6.5 |
| borland_software | interbase | 7.0 |
| borland_software | interbase | 6.0 |
| borland_software | interbase | 5.0 |
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | interbase | 4.0 |
| borland_software | interbase | 6.4 |
| borland_software | interbase | 7.1 |
| borland_software | interbase | 6.5 |
| borland_software | interbase | 7.0 |
| borland_software | interbase_superserver | 6.0 |
| borland_software | interbase | 6.0 |
| firebirdsql | firebird | 1.0 |
| borland_software | interbase | 5.0 |
Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | web_server_for_corel_paradox | * |
Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| borland_software | c++_builder | 6 |