| CVE-2011-1320 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) … |
| CVE-2011-1319 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by… |
| CVE-2011-1318 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a de… |
| CVE-2011-1317 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remo… |
| CVE-2011-1316 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thre… |
| CVE-2011-1315 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associa… |
| CVE-2011-1314 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close ope… |
| CVE-2011-1313 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and sto… |
| CVE-2011-1312 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows rem… |
| CVE-2011-1311 |
medium |
— |
6.0 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml… |
| CVE-2011-1310 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into… |
| CVE-2011-1309 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. |
| CVE-2011-1308 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attac… |
| CVE-2011-1307 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standar… |
| CVE-2011-1106 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an Open… |
| CVE-2011-1038 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString par… |
| CVE-2011-1046 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access ro… |
| CVE-2011-1045 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. |
| CVE-2011-1034 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. … |
| CVE-2011-1033 |
critical |
— |
9.3 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment op… |
| CVE-2011-1032 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. |
| CVE-2008-7274 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2… |
| CVE-2011-1030 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Pag… |
| CVE-2011-1029 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. |
| CVE-2011-0920 |
critical |
— |
10.0 |
EXP |
|
ibm |
16y ago |
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via… |
| CVE-2011-0919 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender add… |
| CVE-2011-0918 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID head… |
| CVE-2011-0917 |
critical |
— |
10.0 |
EXP |
|
ibm |
16y ago |
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX. |
| CVE-2011-0916 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, ak… |
| CVE-2011-0915 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes c… |
| CVE-2011-0914 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading … |
| CVE-2011-0913 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString … |
| CVE-2011-0912 |
critical |
— |
9.3 |
|
|
ibm |
16y ago |
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.librar… |
| CVE-2011-0757 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL state… |
| CVE-2011-0732 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, re… |
| CVE-2011-0731 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrar… |
| CVE-2011-0679 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via … |
| CVE-2011-0494 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, a… |
| CVE-2011-0486 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo para… |
| CVE-2011-0310 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. |
| CVE-2011-0316 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote a… |
| CVE-2011-0315 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers … |
| CVE-2011-0314 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash… |
| CVE-2010-4623 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actio… |
| CVE-2010-4622 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (e… |
| CVE-2010-4606 |
high |
— |
7.5 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x bef… |
| CVE-2010-4605 |
medium |
— |
6.6 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 … |
| CVE-2010-4604 |
high |
— |
8.2 |
EXP |
linux-kernel |
ibm |
16y ago |
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.… |
| CVE-2010-4603 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to in… |
| CVE-2010-4602 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via … |
| CVE-2010-4601 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related… |
| CVE-2010-4600 |
medium |
— |
5.0 |
|
|
dojofoundationibm |
16y ago |
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to … |
| CVE-2010-4595 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass … |
| CVE-2010-4594 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to ca… |
| CVE-2010-4593 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address … |
| CVE-2010-4592 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attemp… |
| CVE-2010-4591 |
medium |
— |
4.4 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, whic… |
| CVE-2010-4590 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web scr… |
| CVE-2010-4589 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property. |
| CVE-2010-2644 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API reque… |
| CVE-2010-4553 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vec… |
| CVE-2010-4552 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages … |
| CVE-2010-4551 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person docu… |
| CVE-2010-4550 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. |
| CVE-2010-4549 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended… |
| CVE-2010-4548 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this m… |
| CVE-2010-4547 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, whic… |
| CVE-2010-4546 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended … |
| CVE-2010-4545 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. |
| CVE-2010-4544 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-5036 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. |
| CVE-2009-5035 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communicatio… |
| CVE-2009-5034 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch o… |
| CVE-2009-5033 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data vi… |
| CVE-2009-5032 |
medium |
— |
5.8 |
|
|
ibm |
16y ago |
The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attacke… |
| CVE-2010-2639 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTim… |
| CVE-2010-4274 |
medium |
— |
4.4 |
|
|
ibm |
16y ago |
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. |
| CVE-2010-2638 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Pro… |
| CVE-2010-4236 |
medium |
— |
7.9 |
EXP |
|
ibm |
16y ago |
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PAT… |
| CVE-2010-3899 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of… |
| CVE-2010-3898 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveragin… |
| CVE-2010-3897 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive infor… |
| CVE-2010-3896 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request t… |
| CVE-2010-3895 |
high |
— |
8.2 |
EXP |
|
ibm |
16y ago |
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. |
| CVE-2010-3894 |
critical |
— |
10.0 |
EXP |
|
ibm |
16y ago |
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Ent… |
| CVE-2010-3893 |
high |
— |
8.5 |
EXP |
|
ibm |
16y ago |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbit… |
| CVE-2010-3892 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID… |
| CVE-2010-3891 |
medium |
— |
7.8 |
EXP |
|
ibm |
16y ago |
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authenticatio… |
| CVE-2010-3890 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration i… |
| CVE-2010-2637 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information b… |
| CVE-2010-4220 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attacke… |
| CVE-2010-4219 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some o… |
| CVE-2010-4218 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet." |
| CVE-2010-4217 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a … |
| CVE-2010-4216 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial … |
| CVE-2010-2636 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2010-2635 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admi… |
| CVE-2010-0786 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attac… |
| CVE-2010-0785 |
medium |
— |
6.0 |
|
|
ibm |
16y ago |
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack t… |
| CVE-2010-0784 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via… |
