Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-27 | CVE-2006-5007 | Local Privilege Escalation vulnerability in IBM AIX 5.2.0/5.3.0 Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux. | 4.6 |
| 2006-09-27 | CVE-2006-5002 | Local Arbitrary File Overwrite vulnerability in IBM AIX Inventory Scout Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors. | 5.0 |
| 2006-09-11 | CVE-2006-4683 | Remote Input Validation vulnerability in IBM Director 3.1 IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. | 5.0 |
| 2006-09-11 | CVE-2006-4682 | Remote Input Validation vulnerability in IBM Director 3.1 Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. | 5.0 |
| 2006-09-11 | CVE-2006-4681 | Directory Traversal vulnerability in IBM Director 3.1 Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-08-21 | CVE-2006-4257 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | 4.0 |
| 2006-08-18 | CVE-2006-4223 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137. | 5.0 |
| 2006-08-18 | CVE-2006-4222 | Remote Security vulnerability in Websphere Application Server Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. | 5.0 |
| 2006-08-17 | CVE-2006-3859 | Remote Security vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands. | 4.0 |
| 2006-08-14 | CVE-2006-4137 | Multiple vulnerability in IBM WebSphere Application Server 6.1.0 IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. | 5.0 |