CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0368 – iDEFENSE Security Advisory 2008-01-31.2
https://notcve.org/view.php?id=CVE-2008-0368
18 Jan 2008 — onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument. onedcu en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permite a usuarios locales crear archivos arbitrarios por medio del argumento de archivo Trace. Local exploitation of a file creation vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. The set-uid root "onedcu" command requires six paramet... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0369 – iDEFENSE Security Advisory 2008-01-31.1
https://notcve.org/view.php?id=CVE-2008-0369
18 Jan 2008 — Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. Múltiples programas no especificados en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permiten a usuarios locales crear archivos arbitrarios especificando el archivo de destino en la variable de entorno SQLIDEBUG, cuya pr... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5957
https://notcve.org/view.php?id=CVE-2007-5957
14 Nov 2007 — Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. Vulnerabilidad no especificada en IBM Informix Dynamic Server (IDS) 10.00.TC3TL y 11.10.TB4TL en Windows permite a atacantes provocar una denegación de servicio (caída de la aplicación) mediante peticiones SQ_ONASSIST no especificadas. • http://osvdb.org/41621 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5956
https://notcve.org/view.php?id=CVE-2007-5956
14 Nov 2007 — Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. Una vulnerabilidad de salto de directorio en IBM Informix Dynamic Server (IDS) versiones anteriores a 10.00.xC7W1, permite a usuarios locales alcanzar privilegios haciendo referencia a archivos de mensajes NLS modificados por medio de secuencias de salto de directorio... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5664
https://notcve.org/view.php?id=CVE-2006-5664
03 Nov 2006 — The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. El script de instalación en IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 permite a los usuarios locales "comprometer la seguridad" mediante un ataque de enlaces simbólicos sobre ficheros temporales. • http://secunia.com/advisories/22609 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5663
https://notcve.org/view.php?id=CVE-2006-5663
03 Nov 2006 — IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 utilizan permisos no seguros para los scripts de instalación, que permite a los usuarios locales obtener privilegios modificando estos scripts. • http://secunia.com/advisories/22609 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-5163
https://notcve.org/view.php?id=CVE-2006-5163
03 Oct 2006 — IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack. IBM Informix Dynamic Server 10.UC3RC1 Trial para Linux y posiblemente otras versiones crean /tmp/installserver.txt con permisos no seguros, lo cual permite a usuarios locales añadir información a ficheros de su elección mediante un ataque de enlace simbólico. • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2006-3859 – NISR02082006I.txt
https://notcve.org/view.php?id=CVE-2006-3859
17 Aug 2006 — IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands. IBM UInformix Dynamic Server (IDS) permite a usuarios remotos autenticados crear y sobrescribir archivos de su elección mediante las funciones (1) LOTOFILE y (2) trl_tracefile_set, y los comandos (3) "SET DEGUB FILE". Informix Dynamic Server is a database developed by IBM. During a security assessment of I... • http://securityreason.com/securityalert/1408 •
CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 1CVE-2006-3854 – NISR02082006B.txt
https://notcve.org/view.php?id=CVE-2006-3854
17 Aug 2006 — Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. Desbordamiento de búfer en IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, y 10.00.TC5, cuando se ejecuta en Windows, permite a atacantes remotos ejecu... • http://securityreason.com/securityalert/1409 •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2006-3860 – NISR02082006F.txt
https://notcve.org/view.php?id=CVE-2006-3860
17 Aug 2006 — IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions. IBM Informix Dynamic Server (IDS) anterior a 9.40.xC7 y 20.00 anterior a 10.00.xC3 permite a usuarios remotos autenticados ejecutar comandos de su elección mediante el comando SQL (1) "SET DEBUG FILE", y las funciones (2)start_onpload y (3) dbexp. Informix Dynamic Server... • http://secunia.com/advisories/21301 •