CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4871
https://notcve.org/view.php?id=CVE-2005-4871
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. • http://marc.info/?l=bugtraq&m=110495620513954&w=2 http://secunia.com/advisories/12733 http://www.ngssoftware.com/advisories/db205012005I.txt http://www.securityfocus.com/bid/12170 https://exchange.xforce.ibmcloud.com/vulnerabilities/18761 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2005-2073
https://notcve.org/view.php?id=CVE-2005-2073
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. • http://www-1.ibm.com/support/search.wss?rs=0&q=IY73104&apar=only •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 4CVE-2003-1051 – IBM DB2 - 'db2govd' Format String Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2003-1051
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. Múltiples vulnerabilidades de cadena de formato en IBM Universal Database 8.1 puede permitir a usuarios locales ejecutar código arbitrario mediante ciertos argumentos de línea de comando a (1) db2start, (2) db2stop, or (3) db2govd. • https://www.exploit-db.com/exploits/23346 https://www.exploit-db.com/exploits/23344 https://www.exploit-db.com/exploits/23345 http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt http://www.securityfocus.com/archive/1/343804 http://www.securityfocus.com/bid/8989 https://exchange.xforce.ibmcloud.com/vulnerabilities/13633 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 3CVE-2003-1052 – IBM DB2 - Shared Library Injection
https://notcve.org/view.php?id=CVE-2003-1052
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. IBM DB2 7.1 y 8.1 permite al usuario bin ganar privilegios de root modificando las librerías compartidas usadas por programas con setuid de root. • https://www.exploit-db.com/exploits/22989 http://www.securityfocus.com/archive/1/331904 http://www.securityfocus.com/bid/8346 https://exchange.xforce.ibmcloud.com/vulnerabilities/12826 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 4CVE-2003-1050 – IBM DB2 - 'db2govd' Command Line Argument Local Overflow
https://notcve.org/view.php?id=CVE-2003-1050
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. Múltiples desbordamientos de búfer en IBM DB2 Universal Database 8.1 pueden permitir a usuarios locales ejecutar código de su elección mediante argumentos de línea de comandos largos a (1)db2start, (2) db2stop, o (3) db2govd. • https://www.exploit-db.com/exploits/23349 https://www.exploit-db.com/exploits/23347 https://www.exploit-db.com/exploits/23348 http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt http://www.securityfocus.com/archive/1/343804 http://www.securityfocus.com/bid/8990 https://exchange.xforce.ibmcloud.com/vulnerabilities/13633 •