Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2697 | Race Condition vulnerability in IBM AIX 4.3.3/5.1/5.1L The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). | 6.9 |
| 2004-12-31 | CVE-2004-2667 | Cross-Site Scripting vulnerability in Lotus Domino Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network ibm | 6.8 |
| 2004-12-31 | CVE-2004-2634 | Console Commands Symbolic Link vulnerability in Multiple IBM AIX The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors. | 6.2 |
| 2004-12-31 | CVE-2004-2526 | Directory Traversal vulnerability in IBM Tivoli Directory Server LDACGI Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2490 | Local Privilege Escalation vulnerability in IBM products Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable. | 4.6 |
| 2004-12-31 | CVE-2004-2489 | Local Privilege Escalation vulnerability in IBM Informix Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename. | 4.6 |
| 2004-12-31 | CVE-2004-2369 | Directory Traversal vulnerability in IBM Lotus Domino 6.5.1 Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. | 6.4 |
| 2004-12-31 | CVE-2004-2310 | Cross-Site Scripting vulnerability in IBM Lotus Domino 6.5.1 Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. network ibm | 4.3 |
| 2004-12-31 | CVE-2004-2280 | Java Applet vulnerability in IBM Lotus Notes Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. | 5.0 |
| 2004-12-31 | CVE-2004-1442 | Cross-Site Scripting vulnerability in IBM Net.Data 7.0/7.2 Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E." network ibm | 4.3 |