CVE-2006-3860

{"id": "CVE-2006-3860", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-08-17T01:04:00.000", "references": [{"url": "http://secunia.com/advisories/21301", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1407", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", "source": "cve@mitre.org"}, {"url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27686", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/443185/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19264", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3077", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28121", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28124", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) \"SET DEBUG FILE\" SQL command, and the (2) start_onpload and (3) dbexp functions."}, {"lang": "es", "value": "IBM Informix Dynamic Server (IDS) anterior a 9.40.xC7 y 20.00 anterior a 10.00.xC3 permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n mediante el comando SQL (1) \"SET DEBUG FILE\", y las funciones (2)start_onpload y (3) dbexp."}], "lastModified": "2018-10-17T21:32:01.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CBE5E70-7519-4270-BB7F-FAB83B5EF7D4"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:7.31_.xd8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC1F3A9-93E7-4BD3-808D-B96C47A472A8"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27905D83-5092-42F0-AED5-A964F256C23C"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98EAC87C-567F-4115-8F2F-AC4FD4C89E44"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A9BF3A-5DB9-4CB4-B7F7-848FFDF73D55"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBC93597-82DD-486C-B277-DCBB45406A8C"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28ED4E07-1195-4831-89A1-8E3F836B76E8"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD37D26-7BAF-49AE-B43C-F94705767C9A"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.xc7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61D60A0B-F823-4869-9218-670A4C62670C"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44A35A9A-94DB-4193-B371-2A5DC2DEDDCD"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_database_server:10.0_xc3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CA7F732-A4A9-41BC-A9FB-D7F822973181"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}