| CVE-2012-0713 |
low |
— |
3.5 |
|
linux-kernel |
ibm |
14y ago |
Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. |
| CVE-2012-2205 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspac… |
| CVE-2012-2169 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web s… |
| CVE-2012-2165 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. |
| CVE-2012-2206 |
low |
— |
4.5 |
EXP |
|
ibm |
14y ago |
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as … |
| CVE-2012-2203 |
high |
— |
7.5 |
|
|
ibm |
14y ago |
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects … |
| CVE-2012-2202 |
low |
— |
4.5 |
EXP |
|
ibm |
14y ago |
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticat… |
| CVE-2012-2197 |
high |
— |
7.1 |
|
|
ibm |
14y ago |
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to ex… |
| CVE-2012-2200 |
high |
— |
7.2 |
|
|
ibm |
14y ago |
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. |
| CVE-2012-0187 |
critical |
— |
9.3 |
|
|
ibm |
14y ago |
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
| CVE-2012-2175 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argum… |
| CVE-2012-2174 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. |
| CVE-2012-0717 |
low |
— |
2.6 |
|
|
ibm |
14y ago |
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication … |
| CVE-2012-2176 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argum… |
| CVE-2011-1390 |
high |
— |
7.5 |
|
|
ibm |
14y ago |
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL … |
| CVE-2012-0745 |
high |
— |
7.2 |
|
|
ibm |
14y ago |
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges… |
| CVE-2012-0202 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or poss… |
| CVE-2012-0737 |
low |
— |
3.5 |
|
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-0736 |
critical |
— |
9.3 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. |
| CVE-2012-0735 |
high |
— |
7.6 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified oth… |
| CVE-2012-0734 |
high |
— |
7.6 |
|
|
ibm |
14y ago |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other i… |
| CVE-2012-0708 |
critical |
— |
10.0 |
EXP |
|
ibm |
14y ago |
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attac… |
| CVE-2012-0742 |
low |
— |
1.9 |
|
|
ibm |
14y ago |
IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitiv… |
| CVE-2012-1844 |
high |
— |
7.5 |
|
|
quantumdellibm |
14y ago |
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape li… |
| CVE-2012-1797 |
critical |
— |
10.0 |
|
|
ibm |
14y ago |
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. |
| CVE-2012-1796 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
14y ago |
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. |
| CVE-2012-0711 |
high |
— |
7.5 |
|
linux-kernel |
ibm |
14y ago |
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to … |
| CVE-2012-0199 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to th… |
| CVE-2012-0198 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to … |
| CVE-2011-1385 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a diffe… |
| CVE-2012-0201 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long prof… |
| CVE-2012-0192 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PN… |
| CVE-2011-1389 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Se… |
| CVE-2012-0190 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers … |
| CVE-2012-0189 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary… |
| CVE-2012-0188 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execu… |
| CVE-2011-5066 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump o… |
| CVE-2011-1377 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS a… |
| CVE-2011-1393 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted … |
| CVE-2011-1392 |
critical |
— |
9.3 |
|
|
.bbsoftwareibm |
15y ago |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) S… |
| CVE-2011-1391 |
critical |
— |
9.3 |
|
|
.bbsoftwareibm |
15y ago |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the Inser… |
| CVE-2011-1388 |
critical |
— |
9.3 |
|
|
.bbsoftwareibm |
15y ago |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestC… |
| CVE-2011-4668 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server. |
| CVE-2011-1378 |
low |
— |
1.9 |
|
|
ibm |
15y ago |
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener proce… |
| CVE-2011-1373 |
low |
— |
1.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a… |
| CVE-2009-0905 |
low |
— |
1.7 |
|
|
ibm |
15y ago |
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with t… |
| CVE-2011-1367 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a craf… |
| CVE-2011-1366 |
high |
— |
8.8 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary … |
| CVE-2011-3577 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. |
| CVE-2011-3575 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName paramete… |
| CVE-2011-0311 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of se… |
| CVE-2011-3137 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6… |
| CVE-2011-3136 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6… |
| CVE-2011-3135 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has … |
| CVE-2009-5085 |
low |
— |
2.6 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-par… |
| CVE-2009-5084 |
low |
— |
1.9 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a passwor… |
| CVE-2011-3124 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
15y ago |
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which al… |
| CVE-2011-3123 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
15y ago |
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows … |
| CVE-2011-2884 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." |
| CVE-2011-1356 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. |
| CVE-2011-1223 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.… |
| CVE-2011-1222 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2… |
| CVE-2011-2681 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors. |
| CVE-2011-2680 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response." |
| CVE-2011-2330 |
critical |
— |
9.0 |
|
|
ibm |
15y ago |
Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send … |
| CVE-2011-1220 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts … |
| CVE-2011-1512 |
critical |
— |
9.3 |
|
|
autonomyibm |
15y ago |
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel… |
| CVE-2011-1218 |
critical |
— |
9.3 |
|
|
autonomyibm |
15y ago |
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. N… |
| CVE-2011-1217 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these… |
| CVE-2011-1216 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadshe… |
| CVE-2011-1215 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office d… |
| CVE-2011-1214 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, a… |
| CVE-2011-1213 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that trigg… |
| CVE-2010-4807 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a St… |
| CVE-2011-1424 |
low |
— |
3.5 |
|
|
emcmicrosoftibm |
15y ago |
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the t… |
| CVE-2011-2163 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors. |
| CVE-2011-2141 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-1208 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite an… |
| CVE-2011-1207 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properl… |
| CVE-2011-1822 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitiv… |
| CVE-2011-1820 |
low |
— |
1.7 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.… |
| CVE-2011-1206 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 befor… |
| CVE-2011-1560 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attack… |
| CVE-2011-1559 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors. |
| CVE-2011-1520 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative ch… |
| CVE-2011-1519 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers … |
| CVE-2011-1505 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2. |
| CVE-2009-5062 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. |
| CVE-2009-5061 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of … |
| CVE-2009-5060 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in… |
| CVE-2009-5059 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a docume… |
| CVE-2009-5058 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is ac… |
| CVE-2008-7286 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) vi… |
| CVE-2008-7284 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8. |
| CVE-2011-1343 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." |
| CVE-2011-1310 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into… |
| CVE-2011-1309 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. |
| CVE-2011-1307 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standar… |
| CVE-2011-1033 |
critical |
— |
9.3 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment op… |
| CVE-2011-1029 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. |
