Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
secunia.com/advisories/49919
www-01.ibm.com/support/docview.wss?uid=swg1IC84019
www-01.ibm.com/support/docview.wss?uid=swg1IC84711
www-01.ibm.com/support/docview.wss?uid=swg1IC84714
www-01.ibm.com/support/docview.wss?uid=swg1IC84715
www-01.ibm.com/support/docview.wss?uid=swg1IC84716
www-01.ibm.com/support/docview.wss?uid=swg21600837
www.securityfocus.com/bid/54487