Filtered by vendor Ibm
Subscriptions
Total
7296 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-2091 | 1 Ibm | 1 Websphere Application Server | 2024-11-20 | N/A |
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
CVE-2005-2073 | 1 Ibm | 1 Db2 | 2024-11-20 | N/A |
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | ||||
CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2024-11-20 | N/A |
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | ||||
CVE-2005-1442 | 1 Ibm | 1 Lotus Notes | 2024-11-20 | N/A |
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | ||||
CVE-2005-1441 | 1 Ibm | 1 Lotus Domino | 2024-11-20 | N/A |
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | ||||
CVE-2005-1405 | 1 Ibm | 1 Lotus Notes | 2024-11-20 | N/A |
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. | ||||
CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2024-11-20 | N/A |
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | ||||
CVE-2005-1182 | 1 Ibm | 1 Os 400 | 2024-11-20 | N/A |
Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. | ||||
CVE-2005-1176 | 1 Ibm | 1 Aix | 2024-11-20 | N/A |
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information. | ||||
CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2024-11-20 | N/A |
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | ||||
CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2024-11-20 | N/A |
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | ||||
CVE-2005-1101 | 1 Ibm | 1 Lotus Domino Server | 2024-11-20 | N/A |
Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields. | ||||
CVE-2005-1037 | 1 Ibm | 1 Aix | 2024-11-20 | N/A |
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. | ||||
CVE-2005-1025 | 1 Ibm | 1 Iseries As 400 | 2024-11-20 | N/A |
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | ||||
CVE-2005-0991 | 1 Ibm | 1 Aix | 2024-11-20 | N/A |
RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. | ||||
CVE-2005-0986 | 1 Ibm | 1 Lotus Domino Server | 2024-11-20 | N/A |
NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue. | ||||
CVE-2005-0899 | 1 Ibm | 1 Os 400 | 2024-11-20 | N/A |
AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search. | ||||
CVE-2005-0868 | 4 Bosanova, Ibm, Mochasoft and 1 more | 4 Launcher400, Client Access, Tn5250 and 1 more | 2024-11-20 | N/A |
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC. | ||||
CVE-2005-0539 | 1 Ibm | 1 Hardware Management Console | 2024-11-20 | N/A |
Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard. | ||||
CVE-2005-0425 | 1 Ibm | 1 Websphere Application Server | 2024-11-20 | N/A |
Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. |