3781 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object...
CVE-2008-5330
Multiple cross-site scripting XSS vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATHIN...
CVE-2008-5329
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file...
CVE-2008-5327
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the obje...
CVE-2008-5325
Multiple cross-site scripting XSS vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATHIN...
CVE-2008-5328
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the obje...
Default credentials
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain 1 user and 2 database passwords by using a password revealer utility on a field containing a series of asterisks...
CVE-2008-5327
The CVE-2008-5327 entry concerns the IBM Rational ClearQuest Maintenance Tool (ClearQuest 7 before 7.1). The vulnerability arises because the maintenance tool stores the database password in cleartext within an object in a ClearQuest connection profile or export file, enabling remote authenticate...
CVE-2008-5324
Multiple cross-site scripting XSS vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-5325
Multiple cross-site scripting XSS vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-5326
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain 1 user and 2 database passwords by using a password revealer utility on a field containing a series of asterisks...
CVE-2008-5325
Technical details (affected products/versions/root cause/fixes) are not publicly available in the provided connected documents. Monitor for updates.
CVE-2008-5324
CVE-2008-5324 describes multiple cross-site scripting (XSS) vulnerabilities in CQ Web of IBM Rational ClearQuest 2007 (before 2007D) and 2008 (before 2008B). The underlying issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact includes...
CVE-2008-5326
The CVE-2008-5326 issue affects IBM Rational ClearQuest (Maintenance Tool) for Windows, specifically 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3. The vulnerability allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a serie...
CVE-2008-5330
CVE-2008-5330 involves multiple XSS vulnerabilities in the web interface of IBM Rational ClearCase RWP server. Affected products/releases include ClearCase 7.0.0 prior to 7.0.0.4 and 7.0.1.1-RATL-RCC-IFIX02, and possibly other 7.0.1 versions before 7.0.1.3. The issue allows remote attackers to in...
CVE-2008-5329
The CVE-2008-5329 issue affects ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 . An attacker could direct a client’s submissions and changes to an arbitrary database by configuring multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties fi...