AIX piodmgrsu command allows local users to gain additional group privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
1997-10-29
Updated
2022-08-17
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Max CVSS
4.6
EPSS Score
0.05%
Published
1996-12-03
Updated
2022-08-17
Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-05-06
Updated
2016-10-18
Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.05%
Published
1997-09-08
Updated
2017-12-19
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-01-09
Updated
2017-10-10
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-08-02
Updated
2017-10-10
Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.
Max CVSS
4.6
EPSS Score
0.14%
Published
2001-12-06
Updated
2016-10-18
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-10-09
Updated
2016-09-17
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-10-09
Updated
2013-07-25
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-12-13
Updated
2008-09-05
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-03-31
Updated
2008-09-05
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-03-31
Updated
2008-09-05
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-08-18
Updated
2016-10-18
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-17
Updated
2016-10-18
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
Max CVSS
4.3
EPSS Score
2.35%
Published
2003-12-15
Updated
2018-10-30
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-09-28
Updated
2017-07-11
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
Max CVSS
4.3
EPSS Score
0.16%
Published
2003-12-31
Updated
2008-09-05
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-01-20
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."
Max CVSS
4.3
EPSS Score
0.41%
Published
2004-12-31
Updated
2017-07-12
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
Max CVSS
4.3
EPSS Score
0.93%
Published
2004-10-18
Updated
2024-03-21
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.
Max CVSS
4.3
EPSS Score
0.82%
Published
2004-12-31
Updated
2017-07-11
Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.
Max CVSS
4.6
EPSS Score
0.11%
Published
2004-12-31
Updated
2017-07-11
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.
Max CVSS
4.3
EPSS Score
1.44%
Published
2009-03-31
Updated
2017-08-17
Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-05
1249 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!