Vendor CVEs
IBM
All CVEs
8,287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-2647 | 0.00 | — | 0.00 | May 30, 2006 | Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands. | |||
| CVE-2006-2432 | 0.00 | — | 0.03 | May 17, 2006 | IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token. | |||
| CVE-2006-2429 | 0.00 | — | 0.02 | May 17, 2006 | Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". | |||
| CVE-2006-2435 | 0.00 | — | 0.03 | May 17, 2006 | Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." | |||
| CVE-2006-2433 | 0.00 | — | 0.02 | May 17, 2006 | Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console". | |||
| CVE-2006-2436 | 0.00 | — | 0.02 | May 17, 2006 | WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. | |||
| CVE-2006-2434 | 0.00 | — | 0.02 | May 17, 2006 | Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | |||
| CVE-2006-2430 | 0.00 | — | 0.03 | May 17, 2006 | IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. | |||
| CVE-2006-2342 | 0.00 | — | 0.03 | May 12, 2006 | IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. | |||
| CVE-2006-1948 | 0.00 | — | 0.01 | Apr 20, 2006 | The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might… | |||
| CVE-2006-1247 | 0.00 | — | 0.00 | Apr 19, 2006 | rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2006-1619 | 0.00 | — | 0.02 | Apr 5, 2006 | IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. | |||
| CVE-2006-1246 | 0.00 | — | 0.00 | Mar 17, 2006 | Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability. | |||
| CVE-2006-1210 | 0.00 | — | 0.02 | Mar 14, 2006 | The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is… | |||
| CVE-2006-1211 | 0.00 | — | 0.01 | Mar 14, 2006 | IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. … | |||
| CVE-2006-0667 | 0.00 | — | 0.00 | Mar 10, 2006 | lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. | |||
| CVE-2006-1093 | 0.00 | — | 0.01 | Mar 9, 2006 | Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | |||
| CVE-2006-0838 | 0.00 | — | 0.00 | Feb 22, 2006 | IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has… | |||
| CVE-2006-0837 | 0.00 | — | 0.00 | Feb 22, 2006 | IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE:… | |||
| CVE-2006-0666 | 0.00 | — | 0.00 | Feb 15, 2006 | Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX. | |||
| CVE-2006-0674 | 0.00 | — | 0.00 | Feb 13, 2006 | Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument. | |||
| CVE-2006-0662 | 0.00 | — | 0.01 | Feb 13, 2006 | Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. | |||
| CVE-2006-0580 | 0.00 | — | 0.03 | Feb 8, 2006 | IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). | |||
| CVE-2006-0117 | 0.00 | — | 0.02 | Jan 9, 2006 | Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". | |||
| CVE-2006-0118 | 0.00 | — | 0.02 | Jan 9, 2006 | Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. | |||
| CVE-2006-0121 | 0.00 | — | 0.02 | Jan 9, 2006 | Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the… | |||
| CVE-2006-0119 | 0.00 | — | 0.04 | Jan 9, 2006 | Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4)… | |||
| CVE-2006-0120 | 0.00 | — | 0.02 | Jan 9, 2006 | Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact… | |||
| CVE-2005-4739 | 0.00 | — | 0.01 | Dec 31, 2005 | IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | |||
| CVE-2005-4866 | 0.00 | — | 0.02 | Dec 31, 2005 | Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which… | |||
| CVE-2005-4819 | 0.00 | — | 0.01 | Dec 31, 2005 | Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2005-2712 | 0.00 | — | 0.03 | Dec 31, 2005 | The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. | |||
| CVE-2005-4863 | 0.00 | — | 0.00 | Dec 31, 2005 | Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | |||
| CVE-2005-2454 | 0.00 | — | 0.00 | Dec 31, 2005 | IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | |||
| CVE-2005-4735 | 0.00 | — | 0.02 | Dec 31, 2005 | IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka… | |||
| CVE-2005-2619 | 0.00 | — | 0.03 | Dec 31, 2005 | Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the… | |||
| CVE-2005-4737 | 0.00 | — | 0.02 | Dec 31, 2005 | IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. | |||
| CVE-2005-4867 | 0.00 | — | 0.05 | Dec 31, 2005 | Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. | |||
| CVE-2005-4834 | 0.00 | — | 0.01 | Dec 31, 2005 | IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | |||
| CVE-2005-4864 | 0.00 | — | 0.00 | Dec 31, 2005 | Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. | |||
| CVE-2005-4740 | 0.00 | — | 0.01 | Dec 31, 2005 | IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | |||
| CVE-2005-4870 | 0.00 | — | 0.03 | Dec 31, 2005 | Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be… | |||
| CVE-2005-4865 | 0.00 | — | 0.06 | Dec 31, 2005 | Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. | |||
| CVE-2005-4871 | 0.00 | — | 0.01 | Dec 31, 2005 | Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | |||
| CVE-2005-4736 | 0.00 | — | 0.02 | Dec 31, 2005 | IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||
| CVE-2005-4738 | 0.00 | — | 0.01 | Dec 31, 2005 | IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | |||
| CVE-2005-4833 | 0.00 | — | 0.01 | Dec 31, 2005 | IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of… | |||
| CVE-2005-4413 | 0.00 | — | 0.01 | Dec 20, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b)… | |||
| CVE-2005-4273 | 0.00 | — | 0.00 | Dec 15, 2005 | Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files. | |||
| CVE-2005-4271 | 0.00 | — | 0.00 | Dec 15, 2005 | Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code. |
- CVE-2006-2647May 30, 2006risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.
- CVE-2006-2432May 17, 2006risk 0.00cvss —epss 0.03
IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.
- CVE-2006-2429May 17, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".
- CVE-2006-2435May 17, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts."
- CVE-2006-2433May 17, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".
- CVE-2006-2436May 17, 2006risk 0.00cvss —epss 0.02
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.
- CVE-2006-2434May 17, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.
- CVE-2006-2430May 17, 2006risk 0.00cvss —epss 0.03
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
- CVE-2006-2342May 12, 2006risk 0.00cvss —epss 0.03
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root.
- CVE-2006-1948Apr 20, 2006risk 0.00cvss —epss 0.01
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might…
- CVE-2006-1247Apr 19, 2006risk 0.00cvss —epss 0.00
rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2006-1619Apr 5, 2006risk 0.00cvss —epss 0.02
IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header.
- CVE-2006-1246Mar 17, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.
- CVE-2006-1210Mar 14, 2006risk 0.00cvss —epss 0.02
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is…
- CVE-2006-1211Mar 14, 2006risk 0.00cvss —epss 0.01
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. …
- CVE-2006-0667Mar 10, 2006risk 0.00cvss —epss 0.00
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.
- CVE-2006-1093Mar 9, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.
- CVE-2006-0838Feb 22, 2006risk 0.00cvss —epss 0.00
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has…
- CVE-2006-0837Feb 22, 2006risk 0.00cvss —epss 0.00
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE:…
- CVE-2006-0666Feb 15, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.
- CVE-2006-0674Feb 13, 2006risk 0.00cvss —epss 0.00
Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.
- CVE-2006-0662Feb 13, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.
- CVE-2006-0580Feb 8, 2006risk 0.00cvss —epss 0.03
IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP).
- CVE-2006-0117Jan 9, 2006risk 0.00cvss —epss 0.02
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".
- CVE-2006-0118Jan 9, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas.
- CVE-2006-0121Jan 9, 2006risk 0.00cvss —epss 0.02
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the…
- CVE-2006-0119Jan 9, 2006risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4)…
- CVE-2006-0120Jan 9, 2006risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact…
- CVE-2005-4739Dec 31, 2005risk 0.00cvss —epss 0.01
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action.
- CVE-2005-4866Dec 31, 2005risk 0.00cvss —epss 0.02
Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which…
- CVE-2005-4819Dec 31, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2005-2712Dec 31, 2005risk 0.00cvss —epss 0.03
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.
- CVE-2005-4863Dec 31, 2005risk 0.00cvss —epss 0.00
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
- CVE-2005-2454Dec 31, 2005risk 0.00cvss —epss 0.00
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.
- CVE-2005-4735Dec 31, 2005risk 0.00cvss —epss 0.02
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka…
- CVE-2005-2619Dec 31, 2005risk 0.00cvss —epss 0.03
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the…
- CVE-2005-4737Dec 31, 2005risk 0.00cvss —epss 0.02
IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared.
- CVE-2005-4867Dec 31, 2005risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.
- CVE-2005-4834Dec 31, 2005risk 0.00cvss —epss 0.01
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container.
- CVE-2005-4864Dec 31, 2005risk 0.00cvss —epss 0.00
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.
- CVE-2005-4740Dec 31, 2005risk 0.00cvss —epss 0.01
IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client."
- CVE-2005-4870Dec 31, 2005risk 0.00cvss —epss 0.03
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be…
- CVE-2005-4865Dec 31, 2005risk 0.00cvss —epss 0.06
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
- CVE-2005-4871Dec 31, 2005risk 0.00cvss —epss 0.01
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
- CVE-2005-4736Dec 31, 2005risk 0.00cvss —epss 0.02
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.
- CVE-2005-4738Dec 31, 2005risk 0.00cvss —epss 0.01
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges.
- CVE-2005-4833Dec 31, 2005risk 0.00cvss —epss 0.01
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of…
- CVE-2005-4413Dec 20, 2005risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b)…
- CVE-2005-4273Dec 15, 2005risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.
- CVE-2005-4271Dec 15, 2005risk 0.00cvss —epss 0.00
Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.
Page 161 of 166