The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.
Max CVSS
9.3
EPSS Score
3.43%
Published
2007-03-31
Updated
2017-07-29
Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.
Max CVSS
7.8
EPSS Score
23.14%
Published
2007-03-28
Updated
2017-07-29
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
Max CVSS
10.0
EPSS Score
92.68%
Published
2007-03-28
Updated
2017-07-29
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
Max CVSS
7.5
EPSS Score
2.52%
Published
2007-03-22
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.
Max CVSS
4.3
EPSS Score
0.76%
Published
2007-03-16
Updated
2018-10-16
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
Max CVSS
4.4
EPSS Score
0.06%
Published
2007-03-02
Updated
2009-02-11
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."
Max CVSS
5.0
EPSS Score
1.19%
Published
2007-03-20
Updated
2011-03-08
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."
Max CVSS
4.3
EPSS Score
1.19%
Published
2007-03-20
Updated
2011-03-08
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
Max CVSS
4.3
EPSS Score
0.16%
Published
2007-03-20
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.
Max CVSS
4.3
EPSS Score
18.28%
Published
2007-03-29
Updated
2017-07-20
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!