Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1182 | 1 Ibm | 1 Os 400 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. | |||||
| CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2017-07-11 | 7.5 HIGH | N/A |
| By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | |||||
| CVE-2005-1405 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 2.1 LOW | N/A |
| HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. | |||||
| CVE-2005-1441 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | |||||
| CVE-2005-2712 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 7.8 HIGH | N/A |
| The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. | |||||
| CVE-2004-2558 | 1 Ibm | 6 Tivoli Access Manager For E-business, Tivoli Access Manager Identity Manager Solution, Tivoli Configuration Manager and 3 more | 2017-07-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack." | |||||
| CVE-2004-2526 | 1 Ibm | 1 Tivoli Directory Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. | |||||
| CVE-2004-2489 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename. | |||||
| CVE-2004-2388 | 1 Ibm | 1 Aix | 2017-07-11 | 10.0 HIGH | N/A |
| rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user. | |||||
| CVE-2004-2369 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command. | |||||
| CVE-2004-2312 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | |||||
| CVE-2004-1621 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature. | |||||
| CVE-2004-2310 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. | |||||
| CVE-2004-1759 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. | |||||
| CVE-2004-2319 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 3.6 LOW | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. | |||||
| CVE-2004-2311 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 3.6 LOW | N/A |
| Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog. | |||||
| CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2017-07-11 | 10.0 HIGH | N/A |
| The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||||
| CVE-2004-2270 | 1 Ibm | 1 Parallel Environment | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. | |||||
| CVE-2004-2490 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable. | |||||
| CVE-2004-2131 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. | |||||
| CVE-2004-1330 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. | |||||
| CVE-2004-0545 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-0544 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. | |||||
| CVE-2004-0480 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 10.0 HIGH | N/A |
| Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe. | |||||
| CVE-2004-0253 | 1 Ibm | 1 Cloudscape | 2017-07-11 | 10.0 HIGH | N/A |
| IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. | |||||
| CVE-2004-0586 | 1 Ibm | 1 Acprunner | 2017-07-11 | 10.0 HIGH | N/A |
| acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods. | |||||
| CVE-2004-0668 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment. | |||||
| CVE-2004-0669 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 7.5 HIGH | N/A |
| Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command. | |||||
| CVE-2004-0684 | 1 Ibm | 2 Websphere Caching Proxy Server, Websphere Edge Server Caching Proxy | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters. | |||||
| CVE-2004-1028 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | |||||
| CVE-2004-0795 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. | |||||
| CVE-2004-0828 | 1 Ibm | 1 Aix | 2017-07-11 | 2.1 LOW | N/A |
| The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. | |||||
| CVE-2004-0243 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. | |||||
| CVE-2004-1372 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure. | |||||
| CVE-2004-1054 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. | |||||
| CVE-2000-1215 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2001-1441 | 1 Ibm | 1 Visualage For Java | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message. | |||||
| CVE-2001-1504 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 7.5 HIGH | N/A |
| Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. | |||||
| CVE-2002-1622 | 1 Ibm | 1 Aix | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type." | |||||
| CVE-2002-1620 | 1 Ibm | 1 Aix Parallel Systems Support Programs | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection. | |||||
| CVE-2003-0181 | 1 Ibm | 1 Lotus Domino Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. | |||||
| CVE-2002-1731 | 1 Ibm | 1 Os 400 | 2017-07-11 | 2.1 LOW | N/A |
| The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. | |||||
| CVE-2003-0285 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. | |||||
| CVE-2004-0029 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.6 MEDIUM | N/A |
| Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges. | |||||
| CVE-2003-0257 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. | |||||
| CVE-2003-1104 | 1 Ibm | 1 Tivoli Firewall Toolbox | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2003-1052 | 1 Ibm | 2 Db2, Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | |||||
| CVE-2003-1051 | 1 Ibm | 1 Db2 | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||||
| CVE-2003-0837 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. | |||||
| CVE-2003-0758 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. | |||||