CVE-2007-5956
https://notcve.org/view.php?id=CVE-2007-5956
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. Una vulnerabilidad de salto de directorio en IBM Informix Dynamic Server (IDS) versiones anteriores a 10.00.xC7W1, permite a usuarios locales alcanzar privilegios haciendo referencia a archivos de mensajes NLS modificados por medio de secuencias de salto de directorio en la variable de entorno DBLANG. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624 http://secunia.com/advisories/27542 http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252 http://www-1.ibm.com/support/docview.wss?uid=swg27011082 http://www.securityfocus.com/bid/26363 http://www.vupen.com/english/advisories/2007/3757 https://exchange.xforce.ibmcloud.com/vulnerabilities/38297 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-5957
https://notcve.org/view.php?id=CVE-2007-5957
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. Vulnerabilidad no especificada en IBM Informix Dynamic Server (IDS) 10.00.TC3TL y 11.10.TB4TL en Windows permite a atacantes provocar una denegación de servicio (caída de la aplicación) mediante peticiones SQ_ONASSIST no especificadas. • http://osvdb.org/41621 http://secunia.com/advisories/27542 http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588 http://www-1.ibm.com/support/docview.wss?uid=swg27011082 http://www.securityfocus.com/bid/26363 http://www.vupen.com/english/advisories/2007/3757 https://exchange.xforce.ibmcloud.com/vulnerabilities/38296 •
CVE-2006-5663
https://notcve.org/view.php?id=CVE-2006-5663
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 utilizan permisos no seguros para los scripts de instalación, que permite a los usuarios locales obtener privilegios modificando estos scripts. • http://secunia.com/advisories/22609 http://securitytracker.com/id?1017156 http://www-1.ibm.com/support/docview.wss?uid=swg21247438 http://www.vupen.com/english/advisories/2006/4280 •
CVE-2006-5664
https://notcve.org/view.php?id=CVE-2006-5664
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. El script de instalación en IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 permite a los usuarios locales "comprometer la seguridad" mediante un ataque de enlaces simbólicos sobre ficheros temporales. • http://secunia.com/advisories/22609 http://securitytracker.com/id?1017156 http://www-1.ibm.com/support/docview.wss?uid=swg21247438 http://www.vupen.com/english/advisories/2006/4280 •
CVE-2006-3854
https://notcve.org/view.php?id=CVE-2006-3854
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. Desbordamiento de búfer en IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, y 10.00.TC5, cuando se ejecuta en Windows, permite a atacantes remotos ejecutar código de su elección medianet un nombre de usuario largo, lo que provoca un desbordamiento en vsprintf cuando se está mostrando el mensaje de error resultante. NOTA: este problema se debe a una solución incompleta de CVE-2006-3853. • http://securityreason.com/securityalert/1409 http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf http://www.securityfocus.com/archive/1/443133/100/0/threaded http://www.securityfocus.com/archive/1/443150/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28381 •