123 matches found
CVE-2008-1708
IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service daemon exit via a packet with a large value in this field...
CVE-2008-1706
Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service daemon crash via a large value in a certain 32-bit field...
Design/Logic Flaw
IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service daemon exit via a packet with a large value in this field...
CVE-2008-1705
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 user name, 2 peer name, and possibly unspecified other fields...
Design/Logic Flaw
Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service daemon crash via a large value in a certain 32-bit field...
Null pointer dereference
IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a packet with an 0x11 value in a certain "type" field...
Format string
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 user name, 2 peer name, and possibly unspecified other fields...
CVE-2008-1707
IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a packet with an 0x11 value in a certain "type" field...
CVE-2008-1708
IBM solidDB 06.00.1018 and earlier are affected: a memory-allocation field is not validated, enabling a remote attacker to cause a denial-of-service (daemon exit) by sending a packet with a large value. No remediation details are provided in the supplied documents. Monitor for updates and potenti...
CVE-2008-1706
Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service daemon crash via a large value in a certain 32-bit field...
CVE-2008-1708
IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service daemon exit via a packet with a large value in this field...
CVE-2008-1705
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 user name, 2 peer name, and possibly unspecified other fields...
CVE-2008-1707
IBM solidDB 06.00.1018 and earlier is affected by CVE-2008-1707. A remote attacker can trigger a denial of service through a crafted packet where the type field has value 0x11, causing a NULL pointer dereference and daemon crash. The available sources identify the affected product and the crash c...
CVE-2008-1705
CVE-2008-1705 affects IBM solidDB and its logging function. The vulnerability is a format string issue in the server’s log entry creation, allowing an unauthenticated remote attacker to craft input that is interpreted as format specifiers, enabling arbitrary code execution in the context of the l...
CVE-2008-1706
CVE-2008-1706 affects IBM solidDB (versions 06.00.1018 and earlier). The issue is an uncontrolled array index in a 32-bit field that can be triggered by a large value, allowing remote attackers to cause a daemon crash (DoS). The connected documents provide the vulnerability description and affect...
CVE-2008-1707
IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a packet with an 0x11 value in a certain "type" field...
IBM solidDB格式串及拒绝服务漏洞
BUGTRAQ ID: 28468 IBM solidDB是可实现电信级性能的关系数据库。 solidDB的日志函数中存在格式串处理漏洞,如果用户使用了畸形的用户或对等端名称的话,就可能向日志中写入恶意脚本或命令并在管理员查看日志时执行。 solidDB服务器使用了客户端所提供的32位数字作为读取数组中某些值的索引,如果设置了很多数字的话,就可能访问无效内存,导致服务器崩溃。 如果用户向服务器发送了特制报文的话,就可能触发空指针引用,或通过分配一定数量的内存导致Out of central memory错误消息,服务器会终止。 IBM solidDB = 06.00.1018 IBM -...
solidDB Default Credentials
The remote instance of solidDB uses known credentials to control access. With these, an attacker can gain administrative control of the affected application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid31681;...
solidDB Detection
The remote service is running solidDB, a relational database designed for fast and always-on access. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid31680; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
IBM SolidDB database server multiple security vulnerabilities
Format string vulnerability in logging function, multiple DoS conditions...