Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3862 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable). | |||||
| CVE-2006-3858 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 2.1 LOW | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772). | |||||
| CVE-2006-3855 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 6.5 MEDIUM | N/A |
| The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR." | |||||
| CVE-2006-3854 | 1 Ibm | 1 Informix Dynamic Database Server | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. | |||||
| CVE-2006-3853 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 5.1 MEDIUM | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. | |||||
| CVE-2006-3857 | 1 Ibm | 1 Informix Dynamic Database Server | 2018-10-17 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179). | |||||
| CVE-2006-3856 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 2.1 LOW | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2015-7446 | 1 Ibm | 5 Flashsystem 9846-ac2, Flashsystem 9846-ae2, Flashsystem 9848-ac2 and 2 more | 2018-10-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2007-3127 | 1 Ibm | 1 Websphere Portal | 2018-10-16 | 5.0 MEDIUM | N/A |
| content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. | |||||
| CVE-2007-3128 | 1 Ibm | 1 Websphere Portal | 2018-10-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2007-2582 | 1 Ibm | 1 Db2 | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | |||||
| CVE-2007-2137 | 1 Ibm | 1 Tivoli Monitoring Express | 2018-10-16 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port. | |||||
| CVE-2007-1468 | 1 Ibm | 1 Rational Clearquest | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry. | |||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | |||||
| CVE-2007-0392 | 1 Ibm | 1 Aix | 2018-10-16 | 4.6 MEDIUM | N/A |
| IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||||
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||
| CVE-2008-0727 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-15 | 8.5 HIGH | N/A |
| Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. | |||||
| CVE-2008-0247 | 1 Ibm | 1 Tivoli Storage Manager Express | 2018-10-15 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value. | |||||
| CVE-2008-0066 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. | |||||
| CVE-2007-6593 | 1 Ibm | 1 Lotus Notes | 2018-10-15 | 8.8 HIGH | N/A |
| Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. | |||||