Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-13 | CVE-2008-0740 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. | 2.1 |
2008-02-13 | CVE-2007-5757 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.0 Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. | 6.9 |
2008-02-13 | CVE-2007-3676 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. | 10.0 |
2008-02-12 | CVE-2008-0717 | Cross-Site Scripting vulnerability in IBM Websphere Edge Server Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. | 4.3 |
2008-02-12 | CVE-2008-0699 | Remote Security vulnerability in IBM DB2 8.2/9.1/9.5 Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors. | 9.0 |
2008-02-12 | CVE-2008-0698 | Buffer Errors vulnerability in IBM DB2 8.2Fixpack15 Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | 7.8 |
2008-02-12 | CVE-2008-0697 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15 Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | 7.2 |
2008-02-12 | CVE-2008-0696 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15 IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | 7.5 |
2008-02-12 | CVE-2008-0694 | Cross-Site Scripting vulnerability in IBM OS 400 V5R3M0/V5R4M0 Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | 4.3 |
2008-02-05 | CVE-2008-0589 | Information Exposure vulnerability in IBM AIX 5.2/5.3/6.1 The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. | 4.9 |