Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-20 | CVE-2005-4413 | HTML Injection vulnerability in IBM Websphere Application Server 6.0 Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1. network ibm | 4.3 |
| 2005-11-16 | CVE-2005-3569 | Denial of Service vulnerability in IBM DB2 Content Manager 8.2 INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. | 5.0 |
| 2005-11-16 | CVE-2005-3567 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Directory Server 5.2.0/6.0 slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors. | 5.8 |
| 2005-11-04 | CVE-2005-3498 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. | 4.3 |
| 2005-09-21 | CVE-2005-3015 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Domino Enterprise Server Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. network ibm | 4.3 |
| 2005-09-20 | CVE-2005-2994 | Cross-Site Scripting vulnerability in Rational ClearQuest Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS). network ibm | 6.8 |
| 2005-08-26 | CVE-2005-2696 | Information Disclosure vulnerability in Lotus Notes IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | 5.0 |
| 2005-08-03 | CVE-2005-2428 | Unspecified vulnerability in IBM Lotus Domino 5.0/6.0/6.5 Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. | 5.0 |
| 2005-07-12 | CVE-2005-2232 | Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3 Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | 4.6 |
| 2005-07-11 | CVE-2005-2170 | Remote Denial Of Service vulnerability in IBM Tivoli Management Framework 4.1.1 The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data. | 5.0 |