NCHOVY 인터넷 스톰 센터 xeraph@nchovy.kr National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3197 IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3196 IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3195 Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3194 The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3191 Per: http://cwe.mitre.org/data/definitions/426.html CWE-426: Untrusted Search Path 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3190 Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file. 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3189 The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-3188 SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page. 2010-09-01T00:00:00+09:00 2010-09-01T00:00:00+09:00