| CVE-2008-7290 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consump… |
| CVE-2008-7289 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to … |
| CVE-2008-7288 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operati… |
| CVE-2008-7287 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cau… |
| CVE-2007-6743 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that tri… |
| CVE-2007-6742 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to c… |
| CVE-2011-1683 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is use… |
| CVE-2011-1558 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2011-1205 |
medium |
— |
6.9 |
|
|
ibm |
15y ago |
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other … |
| CVE-2011-1520 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative ch… |
| CVE-2008-7285 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon c… |
| CVE-2011-1343 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." |
| CVE-2011-1322 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote atta… |
| CVE-2011-1321 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredentia… |
| CVE-2011-1320 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) … |
| CVE-2011-1319 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by… |
| CVE-2011-1318 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a de… |
| CVE-2011-1317 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remo… |
| CVE-2011-1316 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thre… |
| CVE-2011-1315 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associa… |
| CVE-2011-1314 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close ope… |
| CVE-2011-1313 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and sto… |
| CVE-2011-1312 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows rem… |
| CVE-2011-1311 |
medium |
— |
6.0 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml… |
| CVE-2011-1309 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. |
| CVE-2011-1308 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attac… |
| CVE-2011-1106 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an Open… |
| CVE-2011-1038 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString par… |
| CVE-2011-1046 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access ro… |
| CVE-2011-1045 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. |
| CVE-2011-1034 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. … |
| CVE-2011-1032 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. |
| CVE-2008-7274 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2… |
| CVE-2011-1030 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Pag… |
| CVE-2011-0757 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL state… |
| CVE-2011-0731 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrar… |
| CVE-2011-0679 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via … |
| CVE-2011-0494 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, a… |
| CVE-2011-0486 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo para… |
| CVE-2011-0310 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. |
| CVE-2011-0316 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote a… |
| CVE-2011-0315 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers … |
| CVE-2011-0314 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash… |
| CVE-2010-4623 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actio… |
| CVE-2010-4622 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (e… |
| CVE-2010-4606 |
high |
— |
7.5 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x bef… |
| CVE-2010-4605 |
medium |
— |
6.6 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 … |
| CVE-2010-4604 |
high |
— |
8.2 |
EXP |
linux-kernel |
ibm |
16y ago |
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.… |
| CVE-2010-4603 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to in… |
| CVE-2010-4602 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via … |
| CVE-2010-4600 |
medium |
— |
5.0 |
|
|
dojofoundationibm |
16y ago |
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to … |
| CVE-2010-4595 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass … |
| CVE-2010-4594 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to ca… |
| CVE-2010-4593 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address … |
| CVE-2010-4592 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attemp… |
| CVE-2010-4591 |
medium |
— |
4.4 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, whic… |
| CVE-2010-4590 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web scr… |
| CVE-2010-4589 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property. |
| CVE-2010-2644 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API reque… |
| CVE-2010-4553 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vec… |
| CVE-2010-4552 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages … |
| CVE-2010-4551 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person docu… |
| CVE-2010-4550 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. |
| CVE-2010-4549 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended… |
| CVE-2010-4546 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended … |
| CVE-2010-4545 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. |
| CVE-2010-4544 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-5036 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. |
| CVE-2009-5035 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communicatio… |
| CVE-2009-5034 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch o… |
| CVE-2009-5033 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data vi… |
| CVE-2009-5032 |
medium |
— |
5.8 |
|
|
ibm |
16y ago |
The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attacke… |
| CVE-2010-2639 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTim… |
| CVE-2010-4274 |
medium |
— |
4.4 |
|
|
ibm |
16y ago |
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. |
| CVE-2010-2638 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Pro… |
| CVE-2010-4236 |
medium |
— |
7.9 |
EXP |
|
ibm |
16y ago |
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PAT… |
| CVE-2010-3899 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of… |
| CVE-2010-3898 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveragin… |
| CVE-2010-3897 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive infor… |
| CVE-2010-3896 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request t… |
| CVE-2010-3895 |
high |
— |
8.2 |
EXP |
|
ibm |
16y ago |
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. |
| CVE-2010-3893 |
high |
— |
8.5 |
EXP |
|
ibm |
16y ago |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbit… |
| CVE-2010-3892 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID… |
| CVE-2010-3891 |
medium |
— |
7.8 |
EXP |
|
ibm |
16y ago |
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authenticatio… |
| CVE-2010-3890 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration i… |
| CVE-2010-2637 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information b… |
| CVE-2010-4220 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attacke… |
| CVE-2010-4219 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some o… |
| CVE-2010-4217 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a … |
| CVE-2010-4216 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial … |
| CVE-2010-2636 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2010-2635 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admi… |
| CVE-2010-0786 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attac… |
| CVE-2010-0785 |
medium |
— |
6.0 |
|
|
ibm |
16y ago |
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack t… |
| CVE-2010-0784 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2010-0783 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrar… |
| CVE-2010-3700 |
medium |
— |
5.0 |
|
|
acegisecurityvmwareibm |
16y ago |
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security |
| CVE-2010-4121 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read datab… |
| CVE-2010-4120 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web scr… |
| CVE-2010-4094 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by l… |
