← back
CVE-2006-3860

CVE-2006-3860

EPSS 2.8%
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/21301http://securityreason.com/securityalert/1407https://exchange.xforce.ibmcloud.com/vulnerabilities/28121https://exchange.xforce.ibmcloud.com/vulnerabilities/28124http://www-1.ibm.com/support/docview.wss?uid=swg21242921http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfhttp://www.osvdb.org/27686http://www.securityfocus.com/archive/1/443133/100/0/threadedhttp://www.securityfocus.com/archive/1/443185/100/0/threadedhttp://www.securityfocus.com/bid/19264http://www.vupen.com/english/advisories/2006/3077