📦

interbase

Vendor: borland_software

Actively Exploited 0 CISA KEV List

PoC / Exploits 8 Code Available

Total RCEs 5 Remote Access

Total CVEs 9 Total Indexed

Avg. EPSS 33.38% Exploit Prob.

Latest CVE CVE-2008-1910 Apr 22

Security Vulnerability Index

Page 1 / 1

10.0 CVSS

CVE-2008-1910

RCE Exploit Found

Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.

EPSS: 22.24%

Severity: HIGH

Apr 22, 2008

9.3 CVSS

CVE-2007-5244

RCE Exploit Found

Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.

EPSS: 79.32%

Severity: HIGH

Oct 06, 2007

9.3 CVSS

CVE-2007-5243

RCE Exploit Found

Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.

EPSS: 83.27%

Severity: HIGH

Oct 06, 2007

7.5 CVSS

CVE-2007-3566

RCE Exploit Found

Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.

EPSS: 79.68%

Severity: HIGH

Jul 26, 2007

5.0 CVSS

CVE-2004-2043

Exploit Found

Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.

EPSS: 47.46%

Severity: MEDIUM

May 01, 2004

7.5 CVSS

CVE-2004-1833

The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.

EPSS: 0.43%

Severity: HIGH

Mar 20, 2004

7.2 CVSS

CVE-2003-0197

Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).

EPSS: 0.05%

Severity: HIGH

Apr 11, 2003

7.2 CVSS

CVE-2002-1514

Exploit Found

gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.

EPSS: 0.40%

Severity: HIGH

Apr 02, 2003

4.6 CVSS

CVE-2002-2087

RCE Exploit Found

Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.

EPSS: 0.76%

Severity: MEDIUM

Dec 31, 2002

10.0 CVSS

CVE-2001-0008

Exploit Found

Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.

EPSS: 20.17%

Severity: HIGH

Feb 12, 2001

Displaying 10 of 9 Total Entries

Total 1 Sections