IBM DB2 10.5 < 10.5.0 FP11 41247 / 11.1 < 11.1.4 FP6 41246 / 11.5 < 11.5.8 FP0 26513 Information Disclosure (Unix)

According to its self-reported version number, IBM Db2 is affected by an information disclosure due to improper privilege management when a specially crafted table access is used. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2020-4129

HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later...

Design/Logic Flaw

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later...

CVE-2020-4126

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later...

Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995).

Summary A vulnerability in IBM DB2 for Linux, Unix and Windows could allow a local user to gain elevated privilege. Vulnerability Details CVEID: CVE-2016-5995 DESCRIPTION: DB2 for Linux, Unix and Windows is vulnerable to a privilege escalation due to loading libraries from insecure locations. A...

Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in which a malformated DRDA message may cause the DB2 server to terminate abnormally (CVE-2016-0211)

Summary IBM DB2 LUW contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted DRDA message and cause DB2 server to terminate abnormally. Vulnerability Details CVEID: CVE-2016-0211 DESCRIPTION: IBM DB2 LUW contains ...

Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-0204)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM DB2 LUW. IBM DB2 LUW has addressed the applicable CVEs. Vulnerability Details CVEID:...

IBM DB2 9.7 < FP11 Special Build 37314 / 10.1 < FP6 Special Build 37313 / 10.5 < FP10 Special Build 37311 / 11.1.3 < FP3 JDBC Driver Unsafe Deserialization Local Privilege Escalation (UNIX)

According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to Fix Pack 11 Special Build 37314, 10.1 prior to Fix Pack 6 Special Build 37313, 10.5 prior to Fix Pack 10 Special Build 37311, or 11.1.3 prior to Fix Pack 3. It is, therefore, affected by a loca...

IBM DB2 9.7 < FP11 Special Build 36826 / 10.1 < FP6 Special Build 36827 / 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (UNIX)

According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to fix pack 11 Special Build 36826, 10.1 prior to fix pack 6 Special Build 36827, 10.5 prior to fix pack 7 Special Build 36828, or 11.1.2.2 prior to fix pack 2 Special Build 36792. It is, therefor...

Lotus Notes Diagnostic Tool 8.5 / 9.0 Privilege Escalation

Exploit Title: Lotus Notes Diagnostic Tool nsd.exe Privelege Escalation Date: 02-09-2017 Exploit Author: ParagonSec Website: https://github.com/paragonsec Version: 8.5 & 9.0 Tested on: Windows 7 Enterprise CVE: CVE-2015-0179 Vendor CVE URL: http://www-01.ibm.com/support/docview.wss?uid=swg2170002...

IBM INotes and Domino Cross-site Scripting Vulnerability (Nov 2016)

IBM Domino is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:lotusdomino";...

CVE-2013-2992

The CVE-2013-2992 entry affects IBM WebSphere Commerce 7.0 (FP4–FP6) in the Search component, where certain search-term association configurations allow a remote attacker to trigger a denial of service via a crafted query. The vulnerability is embedded in the WebSphere Commerce Search functionali...

IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability

The host is installed with IBM DB2 and is prone to Buffer Overflow vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2bofvulnlinfeb10.nasl 5306 2017-02-16 09:00:16Z teissa $ IBM DB2 'REPEAT' Heap Buffer Overflow Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks...

CVE-2008-4691

Unspecified vulnerability in the SQLNLSUNPADDEDCHARLEN function in the New Compiler aka Starburst derived compiler component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service segmentation violation and trap via unknown vectors...