CVE-2010-4070
https://notcve.org/view.php?id=CVE-2010-4070
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308. Desbordamiento de entero en librpc.dll en portmap.exe (también conocido como servicio ISM Portmapper) en ISM anteriores a v2.20.TC1.117 en IBM Informix Dynamic Server (IDS) v7.x anteriores a v7.31.xD11, v9.x anteriores a v9.40.xC10, v10.00 anteriores a v10.00.xC8, y v11.10 anteirores a v11.10.xC2, permite a los atacantes remotos ejecutar código a su elección o provocar una denegación de servicio (corrupción de memoria dinámica) a través de un tamañoñ de parámetro manipulado, también conocido como idsdb00146931, idsdb00146930, idsdb00146929, y idsdb00138308. • http://secunia.com/advisories/41915 http://www.osvdb.org/68706 http://www.vupen.com/english/advisories/2010/2733 http://www.zerodayinitiative.com/advisories/ZDI-10-215 • CWE-189: Numeric Errors •
CVE-2010-4069
https://notcve.org/view.php?id=CVE-2010-4069
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. Desbordamiento de búfer basado en pila en IBM Informix Dynamic Server (IDS) v7.x hasta la v7.31, 9.x hasta la v9.40, v10.00 anterior a v10.00.xC10, v11.10 anterior a v11.10.xC3, y v11.50 anterior a v11.50.xC3, permite a usuarios remotos autenticados ejecutar código de su elección a través de un argumento clave DBINFO largo en una petición SQL, también conocido como idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022 y idsdb00165023. • http://secunia.com/advisories/41914 http://www.osvdb.org/68707 http://www.vupen.com/english/advisories/2010/2735 http://www.zerodayinitiative.com/advisories/ZDI-10-217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0949
https://notcve.org/view.php?id=CVE-2008-0949
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. Vulnerabilidad no especificada en IBM Informix Dynamic Server (IDS) 7.x hasta 11.x permite a atacantes remotos ganar privilegios mediante paquetes de petición de conexión mal formados. • http://secunia.com/advisories/29272 http://www-1.ibm.com/support/search.wss?rs=0&q=IC55224&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IC55225&apar=only http://www.informixmag.com/content/view/11143/27 http://www.informixmag.com/content/view/11144/27 http://www.securityfocus.com/bid/28198 http://www.vupen.com/english/advisories/2008/0860 https://exchange.xforce.ibmcloud.com/vulnerabilities/41370 •
CVE-2008-0727 – IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0727
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. Múltiples Desbordamientos de búfer en oninit.exe de IBM Informix Dynamic Server (IDS) de la versión 7.x a la 11.x, permite (1)a atacantes remotos ejecutar código de su elección a través de una contraseña larga (2) y usuarios autenticados remotamente, pueden ejecutar código de su elección a través de una variable DBPATH larga. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. • http://secunia.com/advisories/29272 http://securityreason.com/securityalert/3749 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210 http://www.securityfocus.com/archive/1/489547/100/0/threaded http://www.securityfocus.com/archive/1/489548/100/0/threaded http://www.securityfocus.com/bid/28198 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5956
https://notcve.org/view.php?id=CVE-2007-5956
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. Una vulnerabilidad de salto de directorio en IBM Informix Dynamic Server (IDS) versiones anteriores a 10.00.xC7W1, permite a usuarios locales alcanzar privilegios haciendo referencia a archivos de mensajes NLS modificados por medio de secuencias de salto de directorio en la variable de entorno DBLANG. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624 http://secunia.com/advisories/27542 http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252 http://www-1.ibm.com/support/docview.wss?uid=swg27011082 http://www.securityfocus.com/bid/26363 http://www.vupen.com/english/advisories/2007/3757 https://exchange.xforce.ibmcloud.com/vulnerabilities/38297 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •