Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-09 | CVE-2008-1216 | Improper Input Validation vulnerability in IBM Lotus Quickr Server 8.0 IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. | 6.8 |
| 2008-03-04 | CVE-2008-1130 | Improper Authentication vulnerability in IBM Websphere MQ 5.3/6 Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. | 6.6 |
| 2008-02-21 | CVE-2008-0862 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. | 4.3 |
| 2008-02-21 | CVE-2008-0861 | Cross-Site Scripting vulnerability in IBM Lotus Quickplace 7.0 Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action. | 4.3 |
| 2008-02-20 | CVE-2008-0834 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.0/8.0.2 Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-02-13 | CVE-2007-5757 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.0 Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. | 6.9 |
| 2008-02-12 | CVE-2008-0717 | Cross-Site Scripting vulnerability in IBM Websphere Edge Server Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. | 4.3 |
| 2008-02-12 | CVE-2008-0694 | Cross-Site Scripting vulnerability in IBM OS 400 V5R3M0/V5R4M0 Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | 4.3 |
| 2008-02-05 | CVE-2008-0589 | Information Exposure vulnerability in IBM AIX 5.2/5.3/6.1 The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors. | 4.9 |
| 2008-02-05 | CVE-2008-0585 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3 sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files. | 6.6 |