Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-31 | CVE-2008-0509 | Buffer Errors vulnerability in IBM AIX 4.3 Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh. | 4.4 |
| 2008-01-23 | CVE-2008-0402 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Business Modeler 6.0.21 Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. | 6.0 |
| 2008-01-19 | CVE-2008-0369 | Local Privilege Escalation vulnerability in IBM Informix Dynamic Server 10.00 Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. local ibm | 6.9 |
| 2008-01-18 | CVE-2008-0354 | Cross-Site Scripting vulnerability in IBM Lotus Sametime 7.5/7.5.1 Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. | 4.3 |
| 2007-12-28 | CVE-2007-6594 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
| 2007-12-17 | CVE-2007-6408 | Information Exposure vulnerability in IBM Tivoli Provisioning Manager Express IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames. | 5.0 |
| 2007-12-17 | CVE-2007-6407 | Cross-Site Scripting vulnerability in IBM Tivoli Provisioning Manager Express Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing." | 4.3 |
| 2007-12-10 | CVE-2007-6305 | Buffer Errors vulnerability in IBM Hardware Management Console 7.3.2.0 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." | 4.6 |
| 2007-12-10 | CVE-2007-6295 | Cross-Site Scripting vulnerability in IBM Lotus Sametime Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2007-12-10 | CVE-2007-6294 | Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console 3.3.7 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | 4.9 |