CVE-2004-2489
https://notcve.org/view.php?id=CVE-2004-2489
Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename. • http://marc.info/?l=bugtraq&m=107524391217364&w=2 http://secunia.com/advisories/10737 http://www-1.ibm.com/support/docview.wss?uid=swg21153336 http://www.osvdb.org/3757 http://www.securityfocus.com/bid/9511 https://exchange.xforce.ibmcloud.com/vulnerabilities/14967 •
CVE-2004-2319
https://notcve.org/view.php?id=CVE-2004-2319
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. • http://secunia.com/advisories/10737 http://www-1.ibm.com/support/docview.wss?uid=swg21153336 http://www.osvdb.org/3758 http://www.osvdb.org/3760 http://www.securityfocus.com/archive/1/351770 http://www.securityfocus.com/bid/9511 http://www.securityfocus.com/bid/9512 https://exchange.xforce.ibmcloud.com/vulnerabilities/14969 https://exchange.xforce.ibmcloud.com/vulnerabilities/14971 •
CVE-2004-2131 – IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2131
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. • https://www.exploit-db.com/exploits/23609 https://www.exploit-db.com/exploits/23610 http://marc.info/?l=bugtraq&m=107539878804074&w=2 http://secunia.com/advisories/10737 http://www-1.ibm.com/support/docview.wss?uid=swg21153336 http://www.osvdb.org/3759 http://www.securityfocus.com/bid/9512 https://exchange.xforce.ibmcloud.com/vulnerabilities/14970 •