Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-29 | CVE-2009-3453 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1.0 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. | 4.3 |
| 2009-09-21 | CVE-2009-2742 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. | 4.3 |
| 2009-09-08 | CVE-2009-3106 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | 5.0 |
| 2009-09-08 | CVE-2009-3105 | Cross-Site Scripting vulnerability in IBM Domino web Access 8.0.1 Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | 4.3 |
| 2009-09-08 | CVE-2009-3090 | Denial-Of-Service vulnerability in IBM Tivoli Directory Server 6.0 Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
| 2009-09-08 | CVE-2009-3087 | Denial-Of-Service vulnerability in IBM Lotus Domino 8.0 Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
| 2009-09-01 | CVE-2009-3038 | Denial-Of-Service vulnerability in Lotus Notes Connector A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element. | 4.3 |
| 2009-08-24 | CVE-2009-2956 | Information Exposure vulnerability in IBM Websphere Commerce Suite The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. | 5.0 |
| 2009-08-19 | CVE-2009-2860 | Unspecified vulnerability in IBM DB2 8.1 Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | 5.0 |
| 2009-08-19 | CVE-2009-2859 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1 IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | 4.6 |