VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2006-7242Sep 20, 2010
    risk 0.00cvss epss 0.01

    The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via…

  • CVE-2006-7241Sep 20, 2010
    risk 0.00cvss epss 0.01

    The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in…

  • CVE-2010-3406Sep 16, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.

  • CVE-2010-3405Sep 16, 2010
    risk 0.00cvss epss 0.00

    Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.

  • CVE-2010-3398Sep 15, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.

  • CVE-2010-0155Sep 14, 2010
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting…

  • CVE-2010-0154Sep 14, 2010
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l…

  • CVE-2010-0153Sep 14, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests…

  • CVE-2010-0152Sep 14, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter…

  • CVE-2010-3320Sep 13, 2010
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2010-3319Sep 13, 2010
    risk 0.00cvss epss 0.01

    IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.

  • CVE-2010-3318Sep 13, 2010
    risk 0.00cvss epss 0.01

    IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2010-3317Sep 13, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-3197Aug 31, 2010
    risk 0.00cvss epss 0.02

    IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2010-3196Aug 31, 2010
    risk 0.00cvss epss 0.01

    IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

  • CVE-2010-3195Aug 31, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

  • CVE-2010-3194Aug 31, 2010
    risk 0.00cvss epss 0.02

    The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.

  • CVE-2010-3193Aug 31, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

  • CVE-2010-3186Aug 30, 2010
    risk 0.00cvss epss 0.03

    IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has…

  • CVE-2010-3061Aug 20, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via…

  • CVE-2010-3060Aug 20, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors.

  • CVE-2010-3059Aug 20, 2010
    risk 0.00cvss epss 0.02

    Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command.

  • CVE-2010-3058Aug 20, 2010
    risk 0.00cvss epss 0.02

    The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via…

  • CVE-2010-2985Aug 10, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value…

  • CVE-2010-2927Aug 2, 2010
    risk 0.00cvss epss 0.02

    The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts.

  • CVE-2010-2896Jul 28, 2010
    risk 0.00cvss epss 0.01

    IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.

  • CVE-2010-2771Jul 22, 2010
    risk 0.00cvss epss 0.05

    solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet.

  • CVE-2010-2518Jun 30, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), allows remote attackers to…

  • CVE-2010-2517Jun 30, 2010
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.

  • CVE-2010-0779Jun 24, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-0778Jun 24, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-2328Jun 18, 2010
    risk 0.00cvss epss 0.01

    The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression.

  • CVE-2010-2327Jun 18, 2010
    risk 0.00cvss epss 0.01

    mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a…

  • CVE-2010-2326Jun 18, 2010
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file.

  • CVE-2010-2325Jun 18, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."

  • CVE-2010-2324Jun 18, 2010
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.

  • CVE-2010-2323Jun 18, 2010
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.

  • CVE-2010-2280Jun 15, 2010
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.

  • CVE-2010-2279Jun 15, 2010
    risk 0.00cvss epss 0.01

    The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.

  • CVE-2010-2278Jun 15, 2010
    risk 0.00cvss epss 0.01

    The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof…

  • CVE-2010-2277Jun 15, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or…

  • CVE-2010-2090May 27, 2010
    risk 0.00cvss epss 0.02

    The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID…

  • CVE-2010-0777May 17, 2010
    risk 0.00cvss epss 0.02

    The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive…

  • CVE-2010-0776May 17, 2010
    risk 0.00cvss epss 0.02

    The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via…

  • CVE-2010-0775May 17, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and…

  • CVE-2010-0774May 17, 2010
    risk 0.00cvss epss 0.02

    The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to…

  • CVE-2010-1651May 3, 2010
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain…

  • CVE-2010-1650May 3, 2010
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers…

  • CVE-2010-1612Apr 29, 2010
    risk 0.00cvss epss 0.02

    The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of…

  • CVE-2010-1608Apr 29, 2010
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no…

Page 150 of 166