CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2005-4868 – IBM DB2 - Universal Database Information Disclosure
https://notcve.org/view.php?id=CVE-2005-4868
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. • https://www.exploit-db.com/exploits/24678 http://marc.info/?l=bugtraq&m=110495402231836&w=2 http://secunia.com/advisories/12733 http://www-1.ibm.com/support/docview.wss?uid=swg21181228 http://www.nextgenss.com/advisories/db205012005F.txt http://www.securityfocus.com/bid/11402 https://exchange.xforce.ibmcloud.com/vulnerabilities/17605 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4871
https://notcve.org/view.php?id=CVE-2005-4871
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. • http://marc.info/?l=bugtraq&m=110495620513954&w=2 http://secunia.com/advisories/12733 http://www.ngssoftware.com/advisories/db205012005I.txt http://www.securityfocus.com/bid/12170 https://exchange.xforce.ibmcloud.com/vulnerabilities/18761 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 22%CPEs: 24EXPL: 0CVE-2005-4865
https://notcve.org/view.php?id=CVE-2005-4865
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. • http://marc.info/?l=bugtraq&m=110495173031208&w=2 http://secunia.com/advisories/12733 http://www-1.ibm.com/support/docview.wss?uid=swg1IY62041 http://www-1.ibm.com/support/docview.wss?uid=swg21181228 http://www.nextgenss.com/advisories/db205012005C.txt http://www.securityfocus.com/bid/11399 https://exchange.xforce.ibmcloud.com/vulnerabilities/17611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 12EXPL: 3CVE-2005-4735
https://notcve.org/view.php?id=CVE-2005-4735
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. • http://secunia.com/advisories/17031 http://www-1.ibm.com/support/docview.wss?uid=swg1IY70808 http://www-1.ibm.com/support/docview.wss?uid=swg1LI70817 http://www.securityfocus.com/bid/15126 •
CVSS: 9.3EPSS: 31%CPEs: 24EXPL: 0CVE-2005-4867
https://notcve.org/view.php?id=CVE-2005-4867
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. • http://marc.info/?l=bugtraq&m=110495332301120&w=2 http://secunia.com/advisories/12733 http://www-1.ibm.com/support/docview.wss?uid=swg21181228 http://www-1.ibm.com/support/search.wss?rs=0&q=IY62040&apar=only http://www.ngssoftware.com/advisories/db205012005E.txt http://www.securityfocus.com/bid/11396 https://exchange.xforce.ibmcloud.com/vulnerabilities/17612 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •