Vulnerabilities > IBM > Informix Dynamic Server > 10.0.xc1

DATE CVE VULNERABILITY TITLE RISK
2010-03-05 CVE-2009-2754 Numeric Errors vulnerability in multiple products
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
network
low complexity
ibm emc CWE-189
critical
10.0
2010-03-05 CVE-2009-2753 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
network
low complexity
ibm CWE-119
critical
10.0
2008-02-13 CVE-2008-0768 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server and Informix Storage Manager
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
network
low complexity
ibm microsoft CWE-119
critical
10.0
2006-08-08 CVE-2006-3862 Multiple vulnerability in IBM Informix Dynamic Server
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
network
low complexity
ibm
7.5
2006-08-08 CVE-2006-3861 Multiple vulnerability in IBM Informix Dynamic Server
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
network
low complexity
ibm
4.0
2006-08-08 CVE-2006-3858 Multiple vulnerability in IBM Informix Dynamic Server
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
local
low complexity
ibm
2.1
2006-08-08 CVE-2006-3856 Denial-Of-Service vulnerability in Informix IDS
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
local
low complexity
ibm
2.1