Database

Anviz CrossChex Standard is vulnerable to unauthorized database access due to the manipulation of TDS7 PreLogin, which disables encryption, leading to plaintext transmission of database credentials.

An unauthenticated attacker can trigger a denial-of-service condition on vulnerable Firebird servers by sending a specially crafted op_crypt_key_callback packet, leading to a null pointer dereference and server crash.

An authenticated user with CREATE FUNCTION privileges can exploit a path traversal vulnerability in Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14, to load an arbitrary shared library leading to code execution as the server's OS account.

A remote attacker, either anonymous or authenticated, can exploit multiple vulnerabilities in Oracle MySQL to compromise confidentiality, integrity, and availability.

ELBA5 version 5.8.0 contains a remote code execution vulnerability (CVE-2018-25272) that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions, potentially leading to complete system compromise.