Search Results (8337 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4048 1 Ibm 1 Spss Analytical Decision Management 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to a page.
CVE-2013-4055 1 Ibm 1 Lotus Domino 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.
CVE-2013-4063 1 Ibm 2 Lotus Domino, Lotus Inotes 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.
CVE-2013-4065 1 Ibm 2 Lotus Domino, Lotus Inotes 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.
CVE-2013-4069 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2010-2638 1 Ibm 1 Websphere Mq 2025-04-11 N/A
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.
CVE-2010-2644 1 Ibm 1 Websphere Service Registry And Repository 2025-04-11 N/A
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface.
CVE-2011-1683 1 Ibm 2 Websphere Application Server, Z\/os 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
CVE-2010-2896 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.
CVE-2010-2985 1 Ibm 1 Websphere Service Registry And Repository 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do.
CVE-2010-3058 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-11 N/A
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors.
CVE-2011-1839 1 Ibm 1 Rational Build Forge 2025-04-11 N/A
IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
CVE-2010-3195 2 Ibm, Microsoft 2 Db2, Windows Server 2008 2025-04-11 N/A
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."
CVE-2010-3196 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
CVE-2010-3320 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2010-3398 1 Ibm 1 Lotus Sametime 2025-04-11 N/A
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.
CVE-2010-3470 1 Ibm 1 Filenet P8 Application Engine 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3472 1 Ibm 1 Filenet P8 Application Engine 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3474 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.
CVE-2010-3475 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.