Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
Max CVSS
4.3
EPSS Score
0.59%
Published
2005-12-31
Updated
2017-07-29
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.
Max CVSS
4.3
EPSS Score
1.58%
Published
2005-12-31
Updated
2017-07-29
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-31
Updated
2017-07-29
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
Max CVSS
7.1
EPSS Score
0.04%
Published
2005-12-31
Updated
2024-02-16
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.
Max CVSS
9.3
EPSS Score
25.65%
Published
2005-12-31
Updated
2017-07-29
Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow.
Max CVSS
6.8
EPSS Score
0.86%
Published
2005-12-31
Updated
2017-07-29
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
Max CVSS
10.0
EPSS Score
25.84%
Published
2005-12-31
Updated
2017-07-29
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-12-31
Updated
2017-07-29
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-12-31
Updated
2017-07-29
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container.
Max CVSS
5.0
EPSS Score
1.36%
Published
2005-12-31
Updated
2011-03-08
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.
Max CVSS
4.3
EPSS Score
1.49%
Published
2005-12-31
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Max CVSS
6.8
EPSS Score
1.21%
Published
2005-12-31
Updated
2017-07-29
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action.
Max CVSS
6.8
EPSS Score
0.17%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges.
Max CVSS
6.5
EPSS Score
0.23%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared.
Max CVSS
7.5
EPSS Score
0.27%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.
Max CVSS
6.8
EPSS Score
0.15%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
Max CVSS
6.8
EPSS Score
0.16%
Published
2005-12-31
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1.
Max CVSS
4.3
EPSS Score
0.24%
Published
2005-12-20
Updated
2008-09-05
Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-15
Updated
2018-10-19
Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.
Max CVSS
10.0
EPSS Score
7.41%
Published
2005-12-15
Updated
2018-10-19
Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-12-15
Updated
2018-10-19
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-12-08
Updated
2011-03-08
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.
Max CVSS
7.8
EPSS Score
3.20%
Published
2005-12-31
Updated
2017-07-11
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.
Max CVSS
9.3
EPSS Score
2.87%
Published
2005-12-31
Updated
2018-10-19
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).
Max CVSS
9.3
EPSS Score
94.99%
Published
2005-12-31
Updated
2018-10-19
26 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!