IBM

25 exploits Active since Dec 2008
CVE-2021-33560 NOMISEC HIGH SCANNER
Libgcrypt <1.8.8 & <1.9.3 - Info Disclosure
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
1 stars
CVSS 7.5
CVE-2024-29032 WRITEUP MEDIUM WRITEUP
Qiskit IBM Runtime 0.1.0-0.21.1 - Remote Code Execution via RuntimeDecoder JSON Deserialization
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.
CVSS 5.3
CVE-2014-6332 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
CVSS 8.8
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4120 EXPLOITDB text WORKING POC
IBM Tivoli Access Manager for e-business 6.1.0 - Cross-Site Scripting via TAM Console Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2008-5330 EXPLOITDB text WORKING POC
IBM Rational ClearCase <7.0.0.4-7.0.1.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page.
CVE-2009-0855 EXPLOITDB text WORKING POC
IBM WebSphere Application Server 6.1 - Cross-Site Scripting in Administrative Console
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4034 EXPLOITDB xml WORKING POC
IBM Cognos Business Intelligence 8.4.1-10.2.1.1 - Authenticated XML External Entity Injection
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
EIP-2026-103931 EXPLOITDB text WRITEUP
IBM Java - UTF8 Byte Sequences Security Bypass
EIP-2026-103940 EXPLOITDB text WRITEUP
IBM Tivoli Identity Manager 5.0.5 - User Profile HTML Injection
CVE-2012-0200 EXPLOITDB text WORKING POC
IBM solidDB < 6.5.0.8 - Authenticated Denial of Service via SELECT Statement with Redundant WHERE Condition
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition.
CVE-2009-3730 EXPLOITDB text WORKING POC
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
CVE-2009-3730 EXPLOITDB text WORKING POC
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
CVE-2009-3730 EXPLOITDB text WORKING POC
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
CVE-2009-3469 EXPLOITDB text WORKING POC
IBM Lotus Connections 2.0.1 - Cross-Site Scripting via Simple Search Name Parameter
Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2010-2433 EXPLOITDB text WORKING POC
IBM WebSphere ILOG JRules 6.7 - Cross-Site Scripting via RTS URL to explore.jsp, compose.jsp, or home.jsp
Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/.