4 results (0.003 seconds)

CVSS: 10.0EPSS: 1%CPEs: 17EXPL: 0

Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. Vulnerabilidad no especificada en IBM Informix Dynamic Server (IDS) 7.x hasta 11.x permite a atacantes remotos ganar privilegios mediante paquetes de petición de conexión mal formados. • http://secunia.com/advisories/29272 http://www-1.ibm.com/support/search.wss?rs=0&q=IC55224&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IC55225&apar=only http://www.informixmag.com/content/view/11143/27 http://www.informixmag.com/content/view/11144/27 http://www.securityfocus.com/bid/28198 http://www.vupen.com/english/advisories/2008/0860 https://exchange.xforce.ibmcloud.com/vulnerabilities/41370 •

CVSS: 8.5EPSS: 86%CPEs: 17EXPL: 0

Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. Múltiples Desbordamientos de búfer en oninit.exe de IBM Informix Dynamic Server (IDS) de la versión 7.x a la 11.x, permite (1)a atacantes remotos ejecutar código de su elección a través de una contraseña larga (2) y usuarios autenticados remotamente, pueden ejecutar código de su elección a través de una variable DBPATH larga. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. • http://secunia.com/advisories/29272 http://securityreason.com/securityalert/3749 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210 http://www.securityfocus.com/archive/1/489547/100/0/threaded http://www.securityfocus.com/archive/1/489548/100/0/threaded http://www.securityfocus.com/bid/28198 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. Una vulnerabilidad de salto de directorio en IBM Informix Dynamic Server (IDS) versiones anteriores a 10.00.xC7W1, permite a usuarios locales alcanzar privilegios haciendo referencia a archivos de mensajes NLS modificados por medio de secuencias de salto de directorio en la variable de entorno DBLANG. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624 http://secunia.com/advisories/27542 http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252 http://www-1.ibm.com/support/docview.wss?uid=swg27011082 http://www.securityfocus.com/bid/26363 http://www.vupen.com/english/advisories/2007/3757 https://exchange.xforce.ibmcloud.com/vulnerabilities/38297 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions. IBM Informix Dynamic Server (IDS) anterior a 9.40.xC7 y 20.00 anterior a 10.00.xC3 permite a usuarios remotos autenticados ejecutar comandos de su elección mediante el comando SQL (1) "SET DEBUG FILE", y las funciones (2)start_onpload y (3) dbexp. • http://secunia.com/advisories/21301 http://securityreason.com/securityalert/1407 http://www-1.ibm.com/support/docview.wss?uid=swg21242921 http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf http://www.osvdb.org/27686 http://www.securityfocus.com/archive/1/443133/100/0/threaded http://www.securityfocus.com/archive/1/443185/100/0/threaded http://www.securityfocus.com/bid/19264 http://www.vupen.com/english/advisories/2006/3077 https://exchange.xforce.ibmclo •