| CVE-2010-1348 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. |
| CVE-2010-1347 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
16y ago |
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users … |
| CVE-2010-1243 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. |
| CVE-2010-1242 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecifi… |
| CVE-2010-0770 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by abo… |
| CVE-2010-0769 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local use… |
| CVE-2010-0768 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attacke… |
| CVE-2010-1182 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. |
| CVE-2010-1041 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Con… |
| CVE-2010-0961 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2010-0960 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2010-0959 |
medium |
— |
4.3 |
|
|
ibm |
17y ago |
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. |
| CVE-2009-3032 |
critical |
— |
10.0 |
|
|
ibmsymantec |
17y ago |
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and o… |
| CVE-2010-0927 |
medium |
— |
4.3 |
|
|
ibm |
17y ago |
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web scri… |
| CVE-2009-2754 |
critical |
— |
10.0 |
EXP |
|
ibmemc |
17y ago |
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.… |
| CVE-2009-2753 |
critical |
— |
10.0 |
EXP |
|
ibm |
17y ago |
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10… |
| CVE-2010-0921 |
medium |
— |
6.8 |
|
|
ibm |
17y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecif… |
| CVE-2010-0920 |
medium |
— |
4.3 |
|
|
ibm |
17y ago |
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vect… |
| CVE-2010-0919 |
high |
— |
7.6 |
|
|
ibm |
17y ago |
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP… |
| CVE-2010-0918 |
critical |
— |
10.0 |
|
|
ibm |
17y ago |
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. |
| CVE-2010-0715 |
medium |
— |
6.8 |
|
|
ibm |
17y ago |
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0… |
| CVE-2010-0714 |
medium |
— |
5.3 |
EXP |
|
ibm |
17y ago |
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 … |
| CVE-2010-0704 |
medium |
— |
4.3 |
|
|
ibm |
17y ago |
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. |
| CVE-2010-0563 |
medium |
— |
5.0 |
|
|
ibm |
17y ago |
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers t… |
| CVE-2010-0557 |
high |
— |
8.5 |
EXP |
|
ibm |
17y ago |
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. |
| CVE-2009-2752 |
low |
— |
1.5 |
|
|
ibm |
17y ago |
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. |
| CVE-2009-2751 |
medium |
— |
4.3 |
|
|
ibm |
17y ago |
IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. |
| CVE-2009-2750 |
medium |
— |
5.5 |
|
|
ibm |
17y ago |
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access vi… |
| CVE-2010-0472 |
medium |
— |
5.0 |
|
|
ibm |
17y ago |
kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence. |
| CVE-2010-0462 |
medium |
— |
7.5 |
EXP |
|
ibm |
17y ago |
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column … |
| CVE-2008-7253 |
medium |
— |
4.3 |
|
|
ibm |
17y ago |
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authen… |
