CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1310
https://notcve.org/view.php?id=CVE-2017-1310
29 Jun 2017 — IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. IBM Informix Dynamic Server 12.1 podría permitir que un usuario autenticado provoque un desbordamiento de búfer que podría escribir archivos grandes de fallo de aserción en el servidor. Si se hace un número de veces suficiente, esto podría... • http://www.ibm.com/support/docview.wss?uid=swg22004930 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 76%CPEs: 3EXPL: 4CVE-2017-1092 – IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
https://notcve.org/view.php?id=CVE-2017-1092
22 May 2017 — IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390. Informix Open Admin Tool versiones 11.5, 11.7 y 12.1 de IBM, podría permitir que un usuario no autorizado ejecute código arbitrario como administrador del sistema en servidores Windows. ID de IBM X-Force: 120390. IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities. • https://packetstorm.news/files/id/143882 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0226 – IBM Informix portmap Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0226
22 Mar 2016 — The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. La implementación del cliente en IBM Informix Dynamic Server 11.70.xCn en Windows no restringe adecuadamente el acceso a los archivos ejecutables (1) nsrd, (2) nsrexecd y (3) portmap, lo que permite a usuarios locales obtener privilegios a través de un archivo troya... • http://www-01.ibm.com/support/docview.wss?uid=swg21978598 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0492
https://notcve.org/view.php?id=CVE-2013-0492
09 Aug 2013 — Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad Cross-site scripting (XSS) en IBM Informix Open Admin Tool (OAT) v2.x y v3.x anterior a v3.11.1 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de una URL modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg21645601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 7%CPEs: 30EXPL: 0CVE-2012-4857
https://notcve.org/view.php?id=CVE-2012-4857
08 Dec 2012 — Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement. Desbordamiento de búfer en IBM Informix v11.50 hasta v11.50.xC9W2 y v11.70 anterior a v11.70.xC7, permite a atacantes remotos autenticados ejecutar código arbitrario mediante una sentencia SQL especialmente diseñada. • http://www.securitytracker.com/id?1027849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 8%CPEs: 32EXPL: 0CVE-2012-3334
https://notcve.org/view.php?id=CVE-2012-3334
25 Sep 2012 — Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement. Desbordamiento de búfer basado en pila en IBM Informix Dynamic Server (IDS) v11.50 antes de v11.50.xC9W2 y v11.70 antes de v11.70.xC5 permite a usuarios remotos autenticados ejecutar código de su elección a través de argumentos modificados en una petición 'SET COLLATION'. • http://osvdb.org/85736 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 15%CPEs: 11EXPL: 3CVE-2011-3390 – IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-3390
06 Sep 2011 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action. Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en index.php en IBM OpenAdmin Tool (OAT) para Informix antes de v2.72 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) informi... • https://www.exploit-db.com/exploits/36091 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 28%CPEs: 1EXPL: 0CVE-2011-1033 – IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1033
07 Feb 2011 — Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. Desbordamiento de búfer basado en pila en en oninit en IBM Informix Dynamic Server (IDS) v11.50 permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados en la opción de sesión de entorno USELASTCOMMITTED en un estado SQL SET ENVIRONMEN... • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 8%CPEs: 29EXPL: 0CVE-2010-4069
https://notcve.org/view.php?id=CVE-2010-4069
25 Oct 2010 — Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. Desbordamiento de búfer basado en pila en IBM Informix Dynamic Server (IDS) v7.x hasta la v7.31, 9.x hasta la v9.40, v10.00 anterior a v10... • http://secunia.com/advisories/41914 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 25EXPL: 0CVE-2010-4070
https://notcve.org/view.php?id=CVE-2010-4070
25 Oct 2010 — Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308. Desbordamiento de entero en librpc.dll en portmap.exe (también conocido ... • http://secunia.com/advisories/41915 • CWE-189: Numeric Errors •