CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2003-1049
https://notcve.org/view.php?id=CVE-2003-1049
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. IBM DB2 Universal Database 7 antes de FixPak 12 crea ciertos directorios DMS con permisos inseguros (777), lo que permite a usuarios locales modificar o borrar ciertos ficheros DB2. • http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY44842&apar=only http://www.securityfocus.com/bid/9243 https://exchange.xforce.ibmcloud.com/vulnerabilities/14030 •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0795 – IBM DB2 Db2rcmd.exe Command Execution
https://notcve.org/view.php?id=CVE-2004-0795
DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. El servidor de órdenes remoto de DB2 8.1 (DB2RCMD.EXE) ejecuta el programa db2rcmdc.exe como el adminstrador db2admin, lo que permite a usuarios locales ganar privilegios mediante la tubería con nombre DB2REMOTECMD. • http://marc.info/?l=bugtraq&m=107885081414173&w=2 http://www-1.ibm.com/support/docview.wss?uid=swg1IY53894 http://www.nextgenss.com/advisories/db2rmtcmd.txt http://www.securityfocus.com/bid/9821 https://exchange.xforce.ibmcloud.com/vulnerabilities/15420 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2002-1583
https://notcve.org/view.php?id=CVE-2002-1583
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. Desbordamiento de búfer en sqllib/security/db2ckpw de IBM DB2 Universal Database 6.0 y 7.0 permite a usuarios locales ejecutar código de su elección mediante un nombre de usuario largo que se lee de un argumento de descriptor de fichero. • http://www.iss.net/security_center/static/9078.php http://www.securityfocus.com/bid/4817 http://www.securitytracker.com/alerts/2002/May/1004352.html •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2003-0898 – IBM DB2 db2job - File Overwrite
https://notcve.org/view.php?id=CVE-2003-0898
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. IBM DB2 anteriores a FixPak 10a, y versiones anteriores incluyendo la 7.1, permite a usuarios locales sobreescribir ficheros arbitrarios y ganar privilegios mediante un ataque de enlaces simbólicos sobre d2job o db2job2. • https://www.exploit-db.com/exploits/22988 ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt http://marc.info/?l=bugtraq&m=106010332721672&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0837
https://notcve.org/view.php?id=CVE-2003-0837
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. Desbordamiento de búfer basado en la pila en IBM DB2 Universal Data Base 7.2 para Windows anteriores a Fixpak 10a permite a atacantes con privilegio de "Connect" ejecutar código arbitrario mediante el comando INVOKE. • http://marc.info/?l=bugtraq&m=106503709914622&w=2 http://www.securityfocus.com/bid/8743 https://exchange.xforce.ibmcloud.com/vulnerabilities/13331 •