Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-04 | CVE-2007-6232 | Cross-Site Scripting vulnerability in FTP Admin 0.1.0 Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. | 4.3 |
| 2007-12-04 | CVE-2007-6219 | Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-11-14 | CVE-2007-5957 | Multiple vulnerability in IBM Informix Dynamic Server Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. | 4.9 |
| 2007-11-14 | CVE-2007-5944 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | 4.3 |
| 2007-11-10 | CVE-2007-5924 | Cross-Site Scripting vulnerability in IBM Lotus Domino 7.0/7.0.2 Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-11-05 | CVE-2007-5805 | Link Following vulnerability in IBM AIX 5.2/5.3 cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. | 6.9 |
| 2007-11-05 | CVE-2007-5804 | Unspecified vulnerability in IBM AIX 5.2/5.3 cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. local ibm | 6.9 |
| 2007-11-03 | CVE-2007-5799 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | 4.3 |
| 2007-11-03 | CVE-2007-5798 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | 4.3 |
| 2007-10-30 | CVE-2007-4348 | Cross-Site Scripting vulnerability in IBM Tivoli Storage Manager Client Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface. | 4.3 |