Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-12-28 | CVE-2007-6593 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Notes Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. | 8.8 |
2007-12-27 | CVE-2007-6525 | Scripting vulnerability in IBM DB2 Content Manager Toolkit 8.3 Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting." | 10.0 |
2007-12-27 | CVE-2007-4474 | Buffer Errors vulnerability in IBM Domino web Access and Lotus Domino web Access Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. | 9.3 |
2007-12-17 | CVE-2007-6408 | Information Exposure vulnerability in IBM Tivoli Provisioning Manager Express IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames. | 5.0 |
2007-12-17 | CVE-2007-6407 | Cross-Site Scripting vulnerability in IBM Tivoli Provisioning Manager Express Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing." | 4.3 |
2007-12-15 | CVE-2007-6363 | Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | 2.1 |
2007-12-10 | CVE-2007-6305 | Buffer Errors vulnerability in IBM Hardware Management Console 7.3.2.0 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." | 4.6 |
2007-12-10 | CVE-2007-6295 | Cross-Site Scripting vulnerability in IBM Lotus Sametime Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
2007-12-10 | CVE-2007-6294 | Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console 3.3.7 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | 4.9 |
2007-12-10 | CVE-2007-6293 | Unspecified vulnerability in IBM Hardware Management Console 6.1.3 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands." | 10.0 |