CVE-2009-3470
https://notcve.org/view.php?id=CVE-2009-3470
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. IBM Informix Dynamic Server (IDS) v10.00 anterior a v10.00.xC11, v11.10 anterior a v11.10.xC4, y v11.50 anterior a v11.50.xC5 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de demonio) enviando una contraseña larga sobre una conexión JDBC. • http://secunia.com/advisories/36853 http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195 http://www.securityfocus.com/bid/36538 http://www.securitytracker.com/id?1022955 http://www.vupen.com/english/advisories/2009/2786 • CWE-399: Resource Management Errors •
CVE-2008-0949
https://notcve.org/view.php?id=CVE-2008-0949
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. Vulnerabilidad no especificada en IBM Informix Dynamic Server (IDS) 7.x hasta 11.x permite a atacantes remotos ganar privilegios mediante paquetes de petición de conexión mal formados. • http://secunia.com/advisories/29272 http://www-1.ibm.com/support/search.wss?rs=0&q=IC55224&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IC55225&apar=only http://www.informixmag.com/content/view/11143/27 http://www.informixmag.com/content/view/11144/27 http://www.securityfocus.com/bid/28198 http://www.vupen.com/english/advisories/2008/0860 https://exchange.xforce.ibmcloud.com/vulnerabilities/41370 •
CVE-2008-0727 – IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0727
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. Múltiples Desbordamientos de búfer en oninit.exe de IBM Informix Dynamic Server (IDS) de la versión 7.x a la 11.x, permite (1)a atacantes remotos ejecutar código de su elección a través de una contraseña larga (2) y usuarios autenticados remotamente, pueden ejecutar código de su elección a través de una variable DBPATH larga. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. • http://secunia.com/advisories/29272 http://securityreason.com/securityalert/3749 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210 http://www.securityfocus.com/archive/1/489547/100/0/threaded http://www.securityfocus.com/archive/1/489548/100/0/threaded http://www.securityfocus.com/bid/28198 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0768
https://notcve.org/view.php?id=CVE-2008-0768
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. Múltiples desbordamientos de búfer basados en pila y en montículo en los componentes Windows RPC para IBM Informix Storage Manager (ISM), como se utilizan en Informix Dynamic Server (IDS) 10.00.xC8 y anteriores y 11.10.xC2 y anteriores. Permiten a atacantes ejecutar código de su elección a través de peticiones XDR manipuladas. • http://secunia.com/advisories/28689 http://www-01.ibm.com/support/docview.wss?uid=swg21294211 http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only http://www.securityfocus.com/bid/27485 http://www.securitytracker.com/id?1019281 http://www.vupen.com/english/advisories/2008/0317 https://exchange.xforce.ibmcloud.com/vulnerabilities/40018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0369
https://notcve.org/view.php?id=CVE-2008-0369
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. Múltiples programas no especificados en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permiten a usuarios locales crear archivos arbitrarios especificando el archivo de destino en la variable de entorno SQLIDEBUG, cuya propiedad es cambiada por el usuario que invoca los programas. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650 http://secunia.com/advisories/28534 http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309 http://www-1.ibm.com/support/docview.wss?uid=swg27011556 http://www.securityfocus.com/bid/27328 http://www.securitytracker.com/id?1019237 http://www.vupen.com/english/advisories/2008/0169 https://exchange.xforce.ibmcloud.com/vulnerabilities/39751 https://exchange.xforce.ibmcloud.com/vulnerabilities/40009 •