Ibm Informix Dynamic Server vulnerabilities

CVE-2016-0226 [HIGH] CWE-284 CVE-2016-0226: The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly rest The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

CVE-2012-4857 [CRITICAL] CWE-119 CVE-2012-4857: Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote a Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.

CVE-2012-3334 [CRITICAL] CWE-119 CVE-2012-3334: Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.

CVE-2011-1033 [CRITICAL] CWE-119 CVE-2011-1033: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attac Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.

CVE-2010-4070 [CRITICAL] CWE-189 CVE-2010-4070: Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a cra

CVE-2010-4069 [HIGH] CWE-119 CVE-2010-4069: Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022,

CVE-2010-4053 [CRITICAL] CWE-119 CVE-2010-4053: Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243.

CVE-2009-2753 [CRITICAL] CWE-119 CVE-2009-2753: Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.

CVE-2009-2754 [CRITICAL] CWE-189 CVE-2009-2754: Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage M Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size th

CVE-2009-3470 [MEDIUM] CWE-399 CVE-2009-3470: IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.

CVE-2008-0949 [CRITICAL] CVE-2008-0949: Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attack Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.

CVE-2008-0727 [HIGH] CWE-119 CVE-2008-0727: Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.

CVE-2008-0768 [CRITICAL] CWE-119 CVE-2008-0768: Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

CVE-2008-0368 [HIGH] CVE-2008-0368: onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbit onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.

CVE-2008-0369 [MEDIUM] CVE-2008-0369: Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

CVE-2007-5956 [HIGH] CWE-22 CVE-2007-5956: Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows loc Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.

CVE-2007-5957 [MEDIUM] CVE-2007-5957: Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Window Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.

CVE-2006-5664 [MEDIUM] CVE-2006-5664: The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development K The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.

CVE-2006-5663 [MEDIUM] CVE-2006-5663: IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informi IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.

CVE-2006-5163 [LOW] CVE-2006-5163: IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/insta IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.