CVE-2006-3861

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases...

CVE-2006-3858

CVE-2006-3858 affects IBM Informix Dynamic Server (IDS) prior to 9.40.xC8 and 10.00 prior to 10.00.xC4. The flaw causes passwords to be stored in plaintext in a shared memory region, enabling local users to read memory and obtain passwords. Affected products include IDS versions before the stated...

CVE-2006-3857

Multiple buffer overflows in IBM Informix Dynamic Server IDS before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via 1 the getname function, as used by a sqremview, b sqremproc, c sqremperms, d sqdistfetch, and e sqdcatalog; and the 2 SET DEBUG...

CVE-2006-3855

The ifxloadinternal function in IBM Informix Dynamic Server IDS allows remote authenticated users to execute arbitrary C code via the DllMain or init function in a library, aka "C code UDR."...

CVE-2006-3858

IBM Informix Dynamic Server IDS before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory product defects 171893, 171894, 173772...

CVE-2006-3862

CVE-2006-3862: Buffer overflow in IBM Informix Dynamic Server (IDS) allowing arbitrary code execution via the SQLIDEBUG environment variable. Affected versions: IDS 9.40.TC5–9.40.xC7 and 10.00.TC1–10.00.xC3. Exploitation status is not stated in the provided documents; no remediation details are g...

CVE-2006-3862

Buffer overflow in IBM Informix Dynamic Server IDS 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable envariable...

CVE-2006-3856

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service crash via unspecified vectors...

CVE-2006-3856

CVE-2006-3856 affects IBM Informix Dynamic Server (IDS) prior to 9.40.xC7 and 10.00 prior to 10.00.xC3, where a local user can cause a denial of service (crash) via unspecified vectors. The vulnerability is documented as a local DoS and is complemented by related entries describing multiple Infor...

CVE-2006-3855

Affected product: IBM Informix Dynamic Server (IDS). Vulnerability: The ifx_load_internal function allows remote authenticated users to load an arbitrary library and execute code via DllMain (Windows) or _init (Linux) when the library is loaded, enabling arbitrary C code execution. This constitut...

CVE-2006-3857

CVE-2006-3857 involves multiple buffer overflow vulnerabilities in IBM Informix Dynamic Server (IDS) prior to 9.40.TC6 and 10.00 prior to 10.00.TC3. The overflows occur in the protocol path via the getname() function (used by _sq_remview, _sq_remproc, _sq_remperms, _sq_distfetch, _sq_dcatalog) an...

CVE-2004-2490

CVE-2004-2490 describes a buffer overflow in IBM Informix Dynamic Server (IDS) , affecting versions 9.40.xC1 and 9.40.xC2 . The root cause is a vulnerability in the handling of a long GL_PATH environment variable, which allows local users to execute arbitrary code . The impact is local code execu...

CVE-2004-2489

Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...

CVE-2004-2489

CVE-2004-2489 concerns IBM Informix Dynamic Server (IDS). The described vulnerability is a format string flaw in IDS prior to 9.40.xC3 that enables local code execution when an attacker manipulates the INFORMIXDIR environment variable to point to a file containing format string specifiers in its ...

CVE-2004-2490

Buffer overflow in IBM Informix Dynamic Server IDS 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GLPATH environment variable...

CVE-2004-2319

IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to 1 create or overwrite files via the /001 log file to onedcu or 2 read arbitrary files via a symlink attack on a file in /tmp to onshowaudit...

CVE-2004-2319

IBM Informix Dynamic Server (IDS) prior to 9.40.xC3 is affected. Two issues are described: (1) local users can create or overwrite files via the /001 log file to onedcu, and (2) local users can read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. Root cause details are not ...

CVE-2004-2131

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server IDS 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable...

CVE-2004-2131

CVE-2004-2131 affects IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier. The flaw is a stack-based buffer overflow in ontape triggered by a long ONCONFIG environment variable, allowing local users with DSA privileges to execute arbitrary code. Affected component is ontape; root cause is unch...

CVE-2004-2489

Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...