Ibm

Db2 Universal Database

66 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.42%
  • Veröffentlicht 16.11.2005 21:22:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.

  • EPSS 0.55%
  • Veröffentlicht 27.04.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a ...

  • EPSS 31.91%
  • Veröffentlicht 20.10.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.

  • EPSS 0.05%
  • Veröffentlicht 28.09.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.

  • EPSS 0.27%
  • Veröffentlicht 28.09.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.

Exploit
  • EPSS 0.37%
  • Veröffentlicht 28.09.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

  • EPSS 0.05%
  • Veröffentlicht 01.09.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.

  • EPSS 1.18%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

  • EPSS 1.49%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.

  • EPSS 1.04%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.