Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-21 | CVE-2008-0862 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. | 4.3 |
| 2008-02-21 | CVE-2008-0861 | Cross-Site Scripting vulnerability in IBM Lotus Quickplace 7.0 Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action. | 4.3 |
| 2008-02-20 | CVE-2008-0834 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.0/8.0.2 Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-02-13 | CVE-2008-0768 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Informix Dynamic Server and Informix Storage Manager Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. | 10.0 |
| 2008-02-13 | CVE-2008-0741 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors. | 10.0 |
| 2008-02-13 | CVE-2008-0740 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. | 2.1 |
| 2008-02-13 | CVE-2007-5757 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.0 Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. | 6.9 |
| 2008-02-13 | CVE-2007-3676 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. | 10.0 |
| 2008-02-12 | CVE-2008-0717 | Cross-Site Scripting vulnerability in IBM Websphere Edge Server Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. | 4.3 |
| 2008-02-12 | CVE-2008-0699 | Remote Security vulnerability in IBM DB2 8.2/9.1/9.5 Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors. | 9.0 |