Page 3 of 31 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-4273 – iDEFENSE Security Advisory 2007-08-16.4

https://notcve.org/view.php?id=CVE-2007-4273

17 Aug 2007 — IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). IBM DB2 UDB 8 anterior al Fixpak 15 y 9.1 anterior al Fixpak 3 permite a usuarios locales crear directorios y ejecutar código de su elección mediante un "archivo de mensaje traducido manipulado" que hab... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=581 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-4270 – iDEFENSE Security Advisory 2007-08-16.1

https://notcve.org/view.php?id=CVE-2007-4270

17 Aug 2007 — Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. Múltiples condiciones de carrera en IBM DB2 UDB 8 anterior a Fixpak 15 y 9.1 anterior a Fixpak 3 permite a usuarios locales obtener privilegios de root mediante ataque de enlace simbólico en ciertos ficheros. Local exploitation of multiple race condition vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privil... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578 •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2007-1089

https://notcve.org/view.php?id=CVE-2007-1089

23 Feb 2007 — IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. IBM DB2 Universal Database (UDB) 9.1 GA hasta 9.1 FP1 permite a usuarios locales con privilegios en la tabla SELECT realizar los comandos no autorizados SQL: UPDATE y DELETEa través de vectores desconocidos. • http://secunia.com/advisories/24283 •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2006-3066

https://notcve.org/view.php?id=CVE-2006-3066

19 Jun 2006 — Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. Desbordamiento de búfer en la escucha de TCP / IP en IBM DB2 Universal Database (UDB), anterior a v8.1 FixPak 12 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un mensaje MGRLVLLS mucho tiempo dentro de u... • http://secunia.com/advisories/20579 •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2006-3067

https://notcve.org/view.php?id=CVE-2006-3067

19 Jun 2006 — Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow. Múltiples vulnerabilidades no especificadas en IBM DB2 Universal Database (UDB), anterior a v8.1 FixPak 12 permite a atacantes remotos causar una denegación... • http://secunia.com/advisories/20579 •

CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2005-0417

https://notcve.org/view.php?id=CVE-2005-0417

14 Feb 2005 — Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor. Vulnerabilidad desconocida de "alto riesgo" en DB2 Universal Database 8.1 y anteriores con impacto y vectores de ataque desconocidos. • http://marc.info/?l=bugtraq&m=110801212422825&w=2 •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 3

CVE-2003-1052 – IBM DB2 - Shared Library Injection

https://notcve.org/view.php?id=CVE-2003-1052

20 Aug 2004 — IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. IBM DB2 7.1 y 8.1 permite al usuario bin ganar privilegios de root modificando las librerías compartidas usadas por programas con setuid de root. • https://www.exploit-db.com/exploits/22989 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2002-1583

https://notcve.org/view.php?id=CVE-2002-1583

20 Aug 2004 — Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. Desbordamiento de búfer en sqllib/security/db2ckpw de IBM DB2 Universal Database 6.0 y 7.0 permite a usuarios locales ejecutar código de su elección mediante un nombre de usuario largo que se lee de un argumento de descriptor de fichero. • http://www.iss.net/security_center/static/9078.php •

CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 1

CVE-2003-0898 – IBM DB2 db2job - File Overwrite

https://notcve.org/view.php?id=CVE-2003-0898

28 Oct 2003 — IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. IBM DB2 anteriores a FixPak 10a, y versiones anteriores incluyendo la 7.1, permite a usuarios locales sobreescribir ficheros arbitrarios y ganar privilegios mediante un ataque de enlaces simbólicos sobre d2job o db2job2. • https://www.exploit-db.com/exploits/22988 •

CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 2

CVE-2001-0051 – IBM DB2 - Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password

https://notcve.org/view.php?id=CVE-2001-0051

02 Feb 2001 — IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. • https://www.exploit-db.com/exploits/20472 •