Export limit exceeded: 357559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8272 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6360 | 1 Ibm | 1 Intelligent Operations Center | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields. | ||||
| CVE-2013-0472 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-11 | N/A |
| The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors. | ||||
| CVE-2013-0454 | 3 Canonical, Ibm, Samba | 3 Ubuntu Linux, Storwize, Samba | 2025-04-11 | N/A |
| The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. | ||||
| CVE-2013-0455 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0456 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path. | ||||
| CVE-2013-0457 | 1 Ibm | 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. | ||||
| CVE-2013-0458 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0459 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0460 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. | ||||
| CVE-2013-0461 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0492 | 1 Ibm | 1 Informix Open Admin Tool | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2013-0494 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-11 | N/A |
| IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. | ||||
| CVE-2013-0499 | 1 Ibm | 14 Websphere Datapower B2b Appliance Xb62, Websphere Datapower B2b Appliance Xb62 Firmware, Websphere Datapower Integration Appliance Xi50 and 11 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. | ||||
| CVE-2013-0500 | 1 Ibm | 2 Storwize V7000 Unified, Storwize V7000 Unified Software | 2025-04-11 | N/A |
| IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. | ||||
| CVE-2013-0501 | 1 Ibm | 1 Cognos Disclosure Management | 2025-04-11 | N/A |
| The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. | ||||
| CVE-2013-0502 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | ||||
| CVE-2013-0503 | 1 Ibm | 1 Lotus Connections | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0523 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | N/A |
| IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access. | ||||
| CVE-2013-0525 | 1 Ibm | 1 Lotus Inotes | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | ||||
| CVE-2013-0526 | 1 Ibm | 3 Avocent 1754 Kvm, Global Console Manager 16 Firmware, Global Console Manager 32 Firmware | 2025-04-11 | N/A |
| ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter. | ||||