Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-09 | CVE-2005-2175 | Remote Security vulnerability in Lotus Notes The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | 5.0 |
| 2005-07-05 | CVE-2005-2091 | Cross-Site Scripting vulnerability in Websphere Application Server 5.0/5.1.0 IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network ibm | 4.3 |
| 2005-05-03 | CVE-2005-1442 | Local NOTES.INI Buffer Overflow vulnerability in IBM Lotus Notes Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | 4.6 |
| 2005-05-03 | CVE-2005-1441 | Remote Procedure Call Remote Format String vulnerability in IBM Lotus Domino Server Notes Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | 5.0 |
| 2005-05-02 | CVE-2005-1182 | Denial-Of-Service vulnerability in IBM OS 400 R510/R520/R530 Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. | 5.0 |
| 2005-05-02 | CVE-2005-1133 | Remote Information Disclosure vulnerability in IBM iSeries AS400 POP3 Server The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | 5.0 |
| 2005-05-02 | CVE-2005-1112 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | 5.0 |
| 2005-05-02 | CVE-2005-1025 | Information Disclosure vulnerability in IBM Iseries AS 400 4.3 The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | 5.0 |
| 2005-05-02 | CVE-2005-0539 | Local Security vulnerability in IBM Hardware Management Console 4.1/4.2 Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard. | 4.6 |
| 2005-05-02 | CVE-2005-0425 | Remote Security vulnerability in Websphere Application Server 5.0/5.1.0/6.0 Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. | 5.0 |