CVE-2006-5664

The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit CSDK 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files...

CVE-2006-5664

CVE-2006-5664 describes a local vulnerability in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 where a symlink attack on temporary files could allow local users to compromise security. The report notes a local-access impact an...

CVE-2006-5663

CVE-2006-5663 affects IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90. The root cause is insecure permissions on installation scripts, allowing local users to gain privileges by modifying the scripts. The available documents do ...

CVE-2006-5163

IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack...

CVE-2006-5163

IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack...

CVE-2006-3859

IBM Informix Dynamic Server IDS allows remote authenticated users to create and overwrite arbitrary files via the 1 LOTOFILE and 2 trltracefileset functions, and the 3 "SET DEBUG FILE" commands...

CVE-2006-3860

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the 1 "SET DEBUG FILE" SQL command, and the 2 startonpload and 3 dbexp functions...

CVE-2006-3854

Buffer overflow in IBM Informix Dynamic Server IDS 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is...

CVE-2006-3860

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the 1 "SET DEBUG FILE" SQL command, and the 2 startonpload and 3 dbexp functions...

CVE-2006-3854

CVE-2006-3854 affects IBM Informix Dynamic Server (IDS) on Windows: IDS 9.40.TC7/TC8 and 10.00.TC4/TC5 are vulnerable to a buffer overflow caused by a long username that overflows a vsprintf-based error message, enabling remote arbitrary code execution. The issue is noted as stemming from an inco...

CVE-2006-3859

IBM Informix Dynamic Server IDS allows remote authenticated users to create and overwrite arbitrary files via the 1 LOTOFILE and 2 trltracefileset functions, and the 3 "SET DEBUG FILE" commands...

CVE-2006-3859

CVE-2006-3859 affects IBM Informix Dynamic Server (IDS). The vulnerability allows remote authenticated users to create and overwrite arbitrary files via the LOTOFILE and trl_tracefile_set functions, and via the SET DEBUG FILE command. The underlying issue is that these APIs/commands can be abused...

Informix Dynamic Server Multiple Remote Vulnerabilities

The version of Informix Dynamic Server installed on the remote host contains multiple vulnerabilities that may allow attackers to execute arbitrary code, gain elevated privileges, uncover sensitive information, deny service to legitimate users, etc. Some of these issues can be exploited remotely...

CVE-2006-3862

Buffer overflow in IBM Informix Dynamic Server IDS 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable envariable...

CVE-2006-3853

Buffer overflow in IBM Informix Dynamic Server IDS before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username...

CVE-2006-3855

The ifxloadinternal function in IBM Informix Dynamic Server IDS allows remote authenticated users to execute arbitrary C code via the DllMain or init function in a library, aka "C code UDR."...

CVE-2006-3856

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service crash via unspecified vectors...

CVE-2006-3857

Multiple buffer overflows in IBM Informix Dynamic Server IDS before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via 1 the getname function, as used by a sqremview, b sqremproc, c sqremperms, d sqdistfetch, and e sqdcatalog; and the 2 SET DEBUG...

CVE-2006-3858

IBM Informix Dynamic Server IDS before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory product defects 171893, 171894, 173772...

CVE-2006-3861

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases...