Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-26 | CVE-2007-3333 | Buffer Errors vulnerability in IBM AIX 5.2.0/5.3 Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences. | 6.9 |
| 2007-06-26 | CVE-2007-3397 | Information Disclosure vulnerability in IBM WebSphere Application Server Closed Connection The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. | 5.0 |
| 2007-06-19 | CVE-2007-3265 | Cross-Site Scripting vulnerability in Websphere Application Server Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network ibm | 4.3 |
| 2007-06-19 | CVE-2007-3128 | SQL Injection vulnerability in IBM Websphere Portal 1.0 SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | 6.4 |
| 2007-06-19 | CVE-2007-3127 | Information Disclosure vulnerability in IBM Websphere Portal 1.0 content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. | 5.0 |
| 2007-06-04 | CVE-2007-2996 | Local Arbitrary Code Execution vulnerability in IBM AIX Perl Interpreter Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl." local ibm | 6.6 |
| 2007-06-04 | CVE-2007-2995 | Remote Security vulnerability in IBM AIX 5.2.0/5.3 Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. network ibm | 4.3 |
| 2007-04-24 | CVE-2007-2191 | HTML Injection vulnerability in Freepbx 2.2.1/2.2Rc1 Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. | 6.8 |
| 2007-04-11 | CVE-2007-1944 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Application Server The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. | 5.0 |
| 2007-04-11 | CVE-2007-1941 | HTML Injection vulnerability in IBM Lotus Domino Web Access Active Content Filter Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. network ibm | 4.3 |