Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.
Max CVSS
10.0
EPSS Score
13.54%
Published
2012-01-19
Updated
2017-08-17
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
Max CVSS
9.3
EPSS Score
22.54%
Published
2012-01-18
Updated
2017-08-29
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.
Max CVSS
9.3
EPSS Score
89.29%
Published
2012-01-18
Updated
2017-08-29
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
Max CVSS
9.3
EPSS Score
89.29%
Published
2012-01-18
Updated
2017-08-29
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
Max CVSS
9.3
EPSS Score
11.02%
Published
2012-01-23
Updated
2017-08-29

CVE-2012-0198

Public exploit
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
Max CVSS
9.3
EPSS Score
95.88%
Published
2012-03-06
Updated
2017-08-29

CVE-2012-0201

Public exploit
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
Max CVSS
9.3
EPSS Score
91.21%
Published
2012-03-02
Updated
2017-08-29

CVE-2012-0202

Public exploit
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
Max CVSS
10.0
EPSS Score
97.15%
Published
2012-05-04
Updated
2017-08-29

CVE-2012-0708

Public exploit
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
Max CVSS
9.3
EPSS Score
96.52%
Published
2012-04-22
Updated
2017-12-19
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
9.83%
Published
2012-03-20
Updated
2018-10-10
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
Max CVSS
9.3
EPSS Score
1.88%
Published
2012-05-03
Updated
2017-08-29

CVE-2012-2174

Public exploit
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
Max CVSS
9.3
EPSS Score
97.07%
Published
2012-06-20
Updated
2017-08-29

CVE-2012-2175

Public exploit
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.
Max CVSS
9.3
EPSS Score
96.96%
Published
2012-06-20
Updated
2017-08-29

CVE-2012-2176

Public exploit
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
Max CVSS
9.3
EPSS Score
76.26%
Published
2012-05-25
Updated
2017-08-29
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.
Max CVSS
7.1
EPSS Score
8.70%
Published
2012-07-25
Updated
2017-12-22
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.
Max CVSS
9.0
EPSS Score
92.61%
Published
2012-09-25
Updated
2017-08-29
Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.
Max CVSS
8.5
EPSS Score
12.05%
Published
2012-10-20
Updated
2013-03-02
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
7.9
EPSS Score
2.69%
Published
2012-12-20
Updated
2017-08-29
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.
Max CVSS
9.0
EPSS Score
9.49%
Published
2012-12-08
Updated
2017-08-29
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!