Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-06-22 | CVE-2012-0191 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Expeditor The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. | 5.0 |
2012-06-22 | CVE-2012-0187 | Unspecified vulnerability in IBM Lotus Expeditor Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 9.3 |
2012-06-22 | CVE-2012-0186 | Path Traversal vulnerability in IBM Lotus Expeditor Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL. | 4.3 |
2012-06-20 | CVE-2012-2192 | Resource Management Errors vulnerability in IBM AIX and Vios The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | 4.9 |
2012-06-20 | CVE-2012-2180 | Multiple Security vulnerability in IBM DB2 The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. network ibm | 4.3 |
2012-06-20 | CVE-2012-2175 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Inotes Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument. | 9.3 |
2012-06-20 | CVE-2012-2174 | Code Injection vulnerability in IBM Lotus Notes The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. | 9.3 |
2012-06-20 | CVE-2012-2173 | Credentials Management vulnerability in IBM Security Appscan Source The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2012-06-20 | CVE-2012-2170 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. | 4.3 |
2012-06-20 | CVE-2012-2161 | Cross-Site Scripting vulnerability in IBM Security Appscan Source and Spss Data Collection Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |