IBM : Security Vulnerabilities Published In 2011 (Execute Code)

2011 : January February March April May June July August September October November December

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2011-4668	94		Exec Code	2011-12-02	2011-12-12	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
2	CVE-2011-3575	119		Exec Code Overflow	2011-09-19	2011-09-22	9.0	None	Remote	Low	Single system	Complete	Complete	Complete
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
3	CVE-2011-2141	89		Exec Code Sql	2011-05-16	2011-09-06	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
4	CVE-2011-1519	287		Exec Code Bypass	2011-03-25	2012-04-23	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
5	CVE-2011-1512	119		Exec Code Overflow	2011-05-31	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.
6	CVE-2011-1367			Exec Code	2011-10-30	2011-11-21	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.
7	CVE-2011-1366			Exec Code	2011-10-30	2011-11-21	8.8	None	Remote	Medium	Not required	None	Complete	Complete
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.
8	CVE-2011-1343	89		Exec Code Sql	2011-03-09	2011-03-10	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
9	CVE-2011-1220	119		Exec Code Overflow	2011-06-02	2011-09-21	9.0	None	Remote	Low	Single system	Complete	Complete	Complete
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
10	CVE-2011-1218	119		Exec Code Overflow	2011-05-31	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.
11	CVE-2011-1217	119		Exec Code Overflow	2011-05-31	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.
12	CVE-2011-1216	119		Exec Code Overflow	2011-05-31	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.
13	CVE-2011-1215	119		Exec Code Overflow	2011-05-31	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
14	CVE-2011-1214	119		Exec Code Overflow	2011-05-31	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.
15	CVE-2011-1213	189		Exec Code Overflow	2011-05-31	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
16	CVE-2011-1207	264		Exec Code	2011-05-04	2011-05-31	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.
17	CVE-2011-1206	119		Exec Code Overflow	2011-04-21	2011-09-21	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information.
18	CVE-2011-1033	119		Exec Code Overflow	2011-02-14	2011-09-21	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.
19	CVE-2011-0920	287		Exec Code Bypass	2011-02-08	2011-02-14	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
20	CVE-2011-0919	119		Exec Code Overflow	2011-02-08	2011-04-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ.
21	CVE-2011-0918	119		Exec Code Overflow	2011-02-08	2011-02-23	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.
22	CVE-2011-0917	119	1	Exec Code Overflow	2011-02-08	2011-02-25	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
23	CVE-2011-0916	119		Exec Code Overflow	2011-02-08	2011-02-23	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H.
24	CVE-2011-0915	119		Exec Code Overflow	2011-02-08	2011-04-20	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23.
25	CVE-2011-0914	189		Exec Code Overflow	2011-02-08	2011-02-23	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow.
26	CVE-2011-0913	119		Exec Code Overflow	2011-02-08	2011-02-23	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.
27	CVE-2011-0912	20		Exec Code	2011-02-08	2012-01-26	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.
28	CVE-2011-0731	119		Exec Code Overflow	2011-02-01	2012-01-26	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
29	CVE-2011-0314	119		DoS Exec Code Overflow	2011-01-11	2011-01-20	6.5	None	Remote	Low	Single system	Partial	Partial	Partial
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.
30	CVE-2011-0310	119		DoS Exec Code Overflow	2011-01-13	2011-02-05	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.

Total number of vulnerabilities : 30 Page : 1 (This Page)