Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-17 | CVE-2006-2435 | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." | 6.4 |
| 2006-05-17 | CVE-2006-2434 | Information Disclosure vulnerability in IBM Websphere Application Server 5.1.1 Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | 5.0 |
| 2006-05-17 | CVE-2006-2431 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. | 4.3 |
| 2006-04-20 | CVE-2006-1948 | Remote Security vulnerability in IBM Lotus Notes 6.0/6.5 The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. | 4.0 |
| 2006-04-05 | CVE-2006-1619 | Denial-Of-Service vulnerability in IBM Websphere Application Server 4.0.1/4.0.2/4.0.3 IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. | 5.0 |
| 2006-03-24 | CVE-2006-1384 | Cross-Site Scripting vulnerability in IBM Tivoli Business Systems Manager 3.1 Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. network ibm | 4.3 |
| 2006-03-10 | CVE-2006-0667 | Local Security vulnerability in AIX 5.2/5.3 lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. | 4.6 |
| 2006-03-09 | CVE-2006-1093 | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | 6.4 |
| 2006-02-15 | CVE-2006-0717 | LDAP Memory Corruption vulnerability in IBM Tivoli Directory Server 6.0 IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. | 5.0 |
| 2006-02-15 | CVE-2006-0666 | Local Kernel Denial Of Service vulnerability in IBM AIX 5.3/5.3L Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX. | 4.9 |