CVSS: 9.0EPSS: 9%CPEs: 30EXPL: 0CVE-2012-4857
https://notcve.org/view.php?id=CVE-2012-4857
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement. Desbordamiento de búfer en IBM Informix v11.50 hasta v11.50.xC9W2 y v11.70 anterior a v11.70.xC7, permite a atacantes remotos autenticados ejecutar código arbitrario mediante una sentencia SQL especialmente diseñada. • http://www.securitytracker.com/id?1027849 https://exchange.xforce.ibmcloud.com/vulnerabilities/79737 https://www.ibm.com/support/docview.wss?uid=swg21618994 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 92%CPEs: 32EXPL: 0CVE-2012-3334
https://notcve.org/view.php?id=CVE-2012-3334
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement. Desbordamiento de búfer basado en pila en IBM Informix Dynamic Server (IDS) v11.50 antes de v11.50.xC9W2 y v11.70 antes de v11.70.xC5 permite a usuarios remotos autenticados ejecutar código de su elección a través de argumentos modificados en una petición 'SET COLLATION'. • http://osvdb.org/85736 http://www.ibm.com/support/docview.wss?uid=swg21611800 http://www.securityfocus.com/bid/55668 https://exchange.xforce.ibmcloud.com/vulnerabilities/78277 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 0CVE-2011-1033 – IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1033
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. Desbordamiento de búfer basado en pila en en oninit en IBM Informix Dynamic Server (IDS) v11.50 permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados en la opción de sesión de entorno USELASTCOMMITTED en un estado SQL SET ENVIRONMENT. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing the arguments to the USELASTCOMMITTED option in a SQL query. User-supplied data is copied into a stack-based buffer without proper bounds checking resulting in an exploitable overflow. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm http://secunia.com/advisories/43212 http://securityreason.com/securityalert/8078 http://www.securityfocus.com/archive/1/516250/100/0/threaded http://www.securityfocus.com/bid/46230 http://www.vupen.com/english/advisories/2011/0309 http://zerodayinitiative.com/advisories/ZDI-11-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/65209 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 87%CPEs: 29EXPL: 0CVE-2010-4069
https://notcve.org/view.php?id=CVE-2010-4069
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. Desbordamiento de búfer basado en pila en IBM Informix Dynamic Server (IDS) v7.x hasta la v7.31, 9.x hasta la v9.40, v10.00 anterior a v10.00.xC10, v11.10 anterior a v11.10.xC3, y v11.50 anterior a v11.50.xC3, permite a usuarios remotos autenticados ejecutar código de su elección a través de un argumento clave DBINFO largo en una petición SQL, también conocido como idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022 y idsdb00165023. • http://secunia.com/advisories/41914 http://www.osvdb.org/68707 http://www.vupen.com/english/advisories/2010/2735 http://www.zerodayinitiative.com/advisories/ZDI-10-217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 25EXPL: 0CVE-2010-4070
https://notcve.org/view.php?id=CVE-2010-4070
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308. Desbordamiento de entero en librpc.dll en portmap.exe (también conocido como servicio ISM Portmapper) en ISM anteriores a v2.20.TC1.117 en IBM Informix Dynamic Server (IDS) v7.x anteriores a v7.31.xD11, v9.x anteriores a v9.40.xC10, v10.00 anteriores a v10.00.xC8, y v11.10 anteirores a v11.10.xC2, permite a los atacantes remotos ejecutar código a su elección o provocar una denegación de servicio (corrupción de memoria dinámica) a través de un tamañoñ de parámetro manipulado, también conocido como idsdb00146931, idsdb00146930, idsdb00146929, y idsdb00138308. • http://secunia.com/advisories/41915 http://www.osvdb.org/68706 http://www.vupen.com/english/advisories/2010/2733 http://www.zerodayinitiative.com/advisories/ZDI-10-215 • CWE-189: Numeric Errors •