Lucene search
K

123 matches found

NVD
NVD
added 2008/04/09 7:5 p.m.15 views

CVE-2008-1708

IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service daemon exit via a packet with a large value in this field...

4.3CVSS6.4AI score0.01555EPSS
Exploits1References8
NVD
NVD
added 2008/04/09 7:5 p.m.18 views

CVE-2008-1706

Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service daemon crash via a large value in a certain 32-bit field...

4.3CVSS6.4AI score0.01555EPSS
Exploits1References8
Prion
Prion
added 2008/04/09 7:5 p.m.20 views

Design/Logic Flaw

IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service daemon exit via a packet with a large value in this field...

4.3CVSS7AI score0.01555EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2008/04/09 7:5 p.m.26 views

CVE-2008-1705

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 user name, 2 peer name, and possibly unspecified other fields...

6.8CVSS7.7AI score0.03224EPSS
Exploits1References8
Prion
Prion
added 2008/04/09 7:5 p.m.12 views

Design/Logic Flaw

Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service daemon crash via a large value in a certain 32-bit field...

4.3CVSS6.9AI score0.01555EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2008/04/09 7:5 p.m.14 views

Null pointer dereference

IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a packet with an 0x11 value in a certain "type" field...

4.3CVSS7AI score0.02317EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2008/04/09 7:5 p.m.16 views

Format string

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 user name, 2 peer name, and possibly unspecified other fields...

6.8CVSS8.2AI score0.03224EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2008/04/09 7:5 p.m.14 views

CVE-2008-1707

IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a packet with an 0x11 value in a certain "type" field...

4.3CVSS6.4AI score0.02317EPSS
Exploits1References8
CVE
CVE
added 2008/04/09 7:0 p.m.38 views

CVE-2008-1708

IBM solidDB 06.00.1018 and earlier are affected: a memory-allocation field is not validated, enabling a remote attacker to cause a denial-of-service (daemon exit) by sending a packet with a large value. No remediation details are provided in the supplied documents. Monitor for updates and potenti...

4.3CVSS6.5AI score0.01555EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2008/04/09 7:0 p.m.17 views

CVE-2008-1706

Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service daemon crash via a large value in a certain 32-bit field...

6.4AI score0.01555EPSS
Exploits1References8
Cvelist
Cvelist
added 2008/04/09 7:0 p.m.19 views

CVE-2008-1708

IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service daemon exit via a packet with a large value in this field...

6.4AI score0.01555EPSS
Exploits1References8
Cvelist
Cvelist
added 2008/04/09 7:0 p.m.27 views

CVE-2008-1705

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the 1 user name, 2 peer name, and possibly unspecified other fields...

7.7AI score0.03224EPSS
Exploits1References8
CVE
CVE
added 2008/04/09 7:0 p.m.35 views

CVE-2008-1707

IBM solidDB 06.00.1018 and earlier is affected by CVE-2008-1707. A remote attacker can trigger a denial of service through a crafted packet where the type field has value 0x11, causing a NULL pointer dereference and daemon crash. The available sources identify the affected product and the crash c...

4.3CVSS6.5AI score0.02317EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2008/04/09 7:0 p.m.42 views

CVE-2008-1705

CVE-2008-1705 affects IBM solidDB and its logging function. The vulnerability is a format string issue in the server’s log entry creation, allowing an unauthenticated remote attacker to craft input that is interpreted as format specifiers, enabling arbitrary code execution in the context of the l...

6.8CVSS7.7AI score0.03224EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2008/04/09 7:0 p.m.38 views

CVE-2008-1706

CVE-2008-1706 affects IBM solidDB (versions 06.00.1018 and earlier). The issue is an uncontrolled array index in a 32-bit field that can be triggered by a large value, allowing remote attackers to cause a daemon crash (DoS). The connected documents provide the vulnerability description and affect...

4.3CVSS6.5AI score0.01555EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2008/04/09 7:0 p.m.16 views

CVE-2008-1707

IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a packet with an 0x11 value in a certain "type" field...

6.4AI score0.02317EPSS
Exploits1References8
seebug.org
seebug.org
added 2008/04/01 12:0 a.m.47 views

IBM solidDB格式串及拒绝服务漏洞

BUGTRAQ ID: 28468 IBM solidDB是可实现电信级性能的关系数据库。 solidDB的日志函数中存在格式串处理漏洞,如果用户使用了畸形的用户或对等端名称的话,就可能向日志中写入恶意脚本或命令并在管理员查看日志时执行。 solidDB服务器使用了客户端所提供的32位数字作为读取数组中某些值的索引,如果设置了很多数字的话,就可能访问无效内存,导致服务器崩溃。 如果用户向服务器发送了特制报文的话,就可能触发空指针引用,或通过分配一定数量的内存导致Out of central memory错误消息,服务器会终止。 IBM solidDB = 06.00.1018 IBM -...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/03/28 12:0 a.m.38 views

solidDB Default Credentials

The remote instance of solidDB uses known credentials to control access. With these, an attacker can gain administrative control of the affected application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid31681;...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/03/28 12:0 a.m.23 views

solidDB Detection

The remote service is running solidDB, a relational database designed for fast and always-on access. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid31680; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

5.5AI score
Exploits0References1
securityvulns
securityvulns
added 2008/03/27 12:0 a.m.41 views

IBM SolidDB database server multiple security vulnerabilities

Format string vulnerability in logging function, multiple DoS conditions...

1.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder