Page 12 of 67 results (0.011 seconds)

CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0

DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. El servidor de órdenes remoto de DB2 8.1 (DB2RCMD.EXE) ejecuta el programa db2rcmdc.exe como el adminstrador db2admin, lo que permite a usuarios locales ganar privilegios mediante la tubería con nombre DB2REMOTECMD. • http://marc.info/?l=bugtraq&m=107885081414173&w=2 http://www-1.ibm.com/support/docview.wss?uid=swg1IY53894 http://www.nextgenss.com/advisories/db2rmtcmd.txt http://www.securityfocus.com/bid/9821 https://exchange.xforce.ibmcloud.com/vulnerabilities/15420 •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 3

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. IBM DB2 7.1 y 8.1 permite al usuario bin ganar privilegios de root modificando las librerías compartidas usadas por programas con setuid de root. • https://www.exploit-db.com/exploits/22989 http://www.securityfocus.com/archive/1/331904 http://www.securityfocus.com/bid/8346 https://exchange.xforce.ibmcloud.com/vulnerabilities/12826 •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. IBM DB2 Universal Database 7 antes de FixPak 12 crea ciertos directorios DMS con permisos inseguros (777), lo que permite a usuarios locales modificar o borrar ciertos ficheros DB2. • http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY44842&apar=only http://www.securityfocus.com/bid/9243 https://exchange.xforce.ibmcloud.com/vulnerabilities/14030 •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1

IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. IBM DB2 anteriores a FixPak 10a, y versiones anteriores incluyendo la 7.1, permite a usuarios locales sobreescribir ficheros arbitrarios y ganar privilegios mediante un ataque de enlaces simbólicos sobre d2job o db2job2. • https://www.exploit-db.com/exploits/22988 ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt http://marc.info/?l=bugtraq&m=106010332721672&w=2 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. Desbordamiento de búfer basado en la pila en IBM DB2 Universal Data Base 7.2 para Windows anteriores a Fixpak 10a permite a atacantes con privilegio de "Connect" ejecutar código arbitrario mediante el comando INVOKE. • http://marc.info/?l=bugtraq&m=106503709914622&w=2 http://www.securityfocus.com/bid/8743 https://exchange.xforce.ibmcloud.com/vulnerabilities/13331 •