Vulnerabilities > IBM > NET Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1442 | Cross-Site Scripting vulnerability in IBM Net.Data 7.0/7.2 Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E." network ibm | 4.3 |
| 2003-12-31 | CVE-2003-1282 | Information Disclosure vulnerability in IBM Net.Data IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form. | 5.0 |
| 2001-01-09 | CVE-2000-1110 | Path Disclosure vulnerability in IBM Net.Data 7.0 document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. | 5.0 |
| 2000-10-20 | CVE-2000-0677 | Unspecified vulnerability in IBM Net.Data Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. | 10.0 |