Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-08 | CVE-2006-3861 | Multiple vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. | 4.0 |
| 2006-08-08 | CVE-2006-3857 | Multiple vulnerability in IBM Informix Dynamic Server Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179). | 6.5 |
| 2006-08-08 | CVE-2006-3855 | Multiple vulnerability in IBM Informix Dynamic Server The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR." This vulnerability is addressed in the following product releases: IBM, Informix IDS, 9.40 xC7 IBM, Informix IDS, 10.00 xC4 | 6.5 |
| 2006-08-08 | CVE-2006-3853 | Multiple vulnerability in IBM Informix Dynamic Server Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. | 5.1 |
| 2006-07-24 | CVE-2006-3778 | Unspecified vulnerability in IBM Lotus Notes 6.0/6.5/7.0 IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients. | 5.0 |
| 2006-07-13 | CVE-2006-3569 | Unspecified vulnerability in IBM Network Appliance Data Ontap Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, 7.1x, 7.1.0.1x, and 7.2RC1, RC2, and RC3, as used in IBM N series Filers and other products, allows unauthorized users to gain access to privileged commands via unknown vectors, probably related to incorrect capabilities with the audit role. | 4.6 |
| 2006-06-27 | CVE-2006-3231 | Multiple vulnerability in IBM Websphere Application Server Prior to 6.0.2.11 Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." network ibm | 4.3 |
| 2006-06-19 | CVE-2006-3068 | Resource Management Errors vulnerability in IBM DB2 Universal Database 8.1 IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... | 5.0 |
| 2006-06-19 | CVE-2006-3067 | Denial-Of-Service vulnerability in IBM DB2 Universal Database 8.0/8.1 Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow. | 5.0 |
| 2006-06-19 | CVE-2006-3066 | Denial of Service vulnerability in IBM DB2 Universal Database Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. | 5.0 |