Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-18 | CVE-2008-0949 | Remote vulnerability in IBM Informix Dynamic Server Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. | 10.0 |
| 2008-03-18 | CVE-2008-0727 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. | 8.5 |
| 2008-03-11 | CVE-2008-1288 | Information Exposure vulnerability in IBM Rational Clearquest 7.0.0.2/7.0.1.1 IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | 5.0 |
| 2008-03-11 | CVE-2008-1287 | Configuration vulnerability in IBM Rational Clearquest 7.0.0.2/7.0.1.1 IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | 5.0 |
| 2008-03-10 | CVE-2008-1274 | Local Privilege Escalation vulnerability in IBM AIX 6.1.0 Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory. local ibm | 6.9 |
| 2008-03-09 | CVE-2008-1217 | Code Injection vulnerability in IBM Lotus Notes 6.5/7.0.2/8.0.0 Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706. | 9.3 |
| 2008-03-09 | CVE-2008-1216 | Improper Input Validation vulnerability in IBM Lotus Quickr Server 8.0 IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. | 6.8 |
| 2008-03-09 | CVE-2007-6706 | Code Injection vulnerability in IBM Lotus Notes Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. | 9.3 |
| 2008-03-09 | CVE-2007-6705 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere MQ The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | 3.3 |
| 2008-03-04 | CVE-2008-1130 | Improper Authentication vulnerability in IBM Websphere MQ 5.3/6 Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. | 6.6 |