By Risk Score
By Publish Date
By Recent Activity
ibm vulnerabilities and exploits
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."...
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472....
Tivoli Storage Manager
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 18.104.22.168 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 22.214.171.124 before devfix9, 6.6 before devfix5, 126.96.36.199 before devfix2, and 6.6.1 allows remote attackers to...
Rational Focal Point
IBM WebSphere Message Broker 6.1.x before 188.8.131.52 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs....
Websphere Message Broker
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors....
Curam Social Program Management
IBM WebSphere Cast Iron Solution 7.0.0 and 184.108.40.206 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP...
Websphere Cast Iron Solution
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images....
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges....