CVE-2004-2684
https://notcve.org/view.php?id=CVE-2004-2684
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates. • http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75 http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514 •
CVE-2003-1333
https://notcve.org/view.php?id=CVE-2003-1333
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server. • http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43 •
CVE-2003-0497 – InterSystems Cache 4.1.15/5.0.x - Insecure Default Permissions
https://notcve.org/view.php?id=CVE-2003-0497
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. Cach? Database 5.x instala /cachesys/bin/cache con permisos de escritura global, lo que permite que usuarios locales obtengan privilegios modificando la caché y ejecutándolo mediante cuxs. • https://www.exploit-db.com/exploits/22847 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7 https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2003-0498
https://notcve.org/view.php?id=CVE-2003-0498
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. Cach? Database 5.x instala el directorio /cachesys/csp con permisos inseguros, lo que permite que usuarios locales ejecuten código arbitrario añadiendo scripts del lado del servidor que se ejecutan con privilegios root. • http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7 https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •