Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4866 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. | 6.8 |
| 2005-12-31 | CVE-2005-4834 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | 5.0 |
| 2005-12-31 | CVE-2005-4833 | Unspecified vulnerability in IBM Websphere Application Server 6.0 IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format. network ibm | 4.3 |
| 2005-12-31 | CVE-2005-4819 | Cross-Site Scripting vulnerability in Lotus Domino Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network ibm | 6.8 |
| 2005-12-31 | CVE-2005-4740 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | 4.0 |
| 2005-12-31 | CVE-2005-4739 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | 6.8 |
| 2005-12-31 | CVE-2005-4738 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | 6.5 |
| 2005-12-31 | CVE-2005-4736 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | 6.8 |
| 2005-12-31 | CVE-2005-4735 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | 6.8 |
| 2005-12-31 | CVE-2005-2454 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | 4.6 |