Lucene search
+L

3781 matches found

CVE
CVE
added 2008/12/05 12:0 a.m.49 views

CVE-2008-5328

The CVE-2008-5328 entry concerns the ClearQuest Maintenance Tool in IBM Rational ClearQuest before version 7. It states that the product stores the database password in cleartext inside an object in a ClearQuest connection profile or export file, enabling remote authenticated users to retrieve th...

4.6CVSS5.8AI score0.01441EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2008/12/05 12:0 a.m.25 views

CVE-2008-5327

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the obje...

5.8AI score0.01096EPSS
Exploits0References3
Cvelist
Cvelist
added 2008/12/05 12:0 a.m.22 views

CVE-2008-5328

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object...

5.8AI score0.01441EPSS
Exploits0References3
Cvelist
Cvelist
added 2008/12/05 12:0 a.m.21 views

CVE-2008-5329

ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file...

6.5AI score0.01594EPSS
Exploits0References3
Cvelist
Cvelist
added 2008/12/05 12:0 a.m.19 views

CVE-2008-5330

Multiple cross-site scripting XSS vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATHIN...

5.7AI score0.0173EPSS
Exploits0References6
seebug.org
seebug.org
added 2008/12/04 12:0 a.m.6 views

IBM Rational ClearCase跨站脚本漏洞

BUGTRAQ ID: 32574 Rational ClearCase是一款功能强大的软件配置管理(SCM)工具。 ClearCase RWP服务器没有正确的过滤某些用户提供输入,远程攻击者可以通过向WEB管理接口提交恶意请求执行跨站脚本攻击。 IBM ClearCase 7.x IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ers.ibm.com/ http://otter/ccrc/??''??script?alert1234?/script?=123...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2008/12/01 12:0 a.m.7 views

IBM Rational ClearCase 78 - Cross-Site Scripting

IBM Rational ClearCase 78 - Cross-Site Scripting source: https://www.securityfocus.com/bid/32574/info IBM Rational ClearCase is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2008/12/01 12:0 a.m.24 views

IBM Rational ClearCase 7/8 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/32574/info IBM Rational ClearCase is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

7.4AI score
Exploits0
Symantec
Symantec
added 2008/11/11 12:0 a.m.14 views

Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability

Description Microsoft XML Core Services MSXML is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain...

6.8AI score
Exploits0References1Affected Software9
NVD
NVD
added 2008/08/08 7:41 p.m.21 views

CVE-2008-3550

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information page source code via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting XSS vulnerability...

5CVSS5.6AI score0.01198EPSS
Exploits0References4
Prion
Prion
added 2008/08/08 7:41 p.m.19 views

Cross site scripting

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information page source code via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting XSS vulnerability...

5CVSS5.8AI score0.01198EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2008/08/08 7:0 p.m.57 views

CVE-2008-3550

The CVE-2008-3550 entry affects IBM Rational ClearQuest 7.0.1 CQWeb: the login page may reveal potentially sensitive information (page source code) via crafted id field input using ?script? and ?/script? sequences, indicating a cross-site scripting (XSS) issue. The issue is described consistently...

5CVSS5.6AI score0.01198EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/08/08 7:0 p.m.27 views

CVE-2008-3550

The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information page source code via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting XSS vulnerability...

5.6AI score0.01198EPSS
Exploits0References4
NVD
NVD
added 2008/05/09 3:20 p.m.9 views

CVE-2008-2122

IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service CPU consumption via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets...

7.5CVSS7.3AI score0.02334EPSS
Exploits0References6
Prion
Prion
added 2008/05/09 3:20 p.m.13 views

Code injection

IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service CPU consumption via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets...

5CVSS6.9AI score0.02334EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2008/05/09 3:0 p.m.43 views

CVE-2008-2122

CVE-2008-2122 affects IBM Rational Build Forge 7.0.2. A port scan can trigger multiple bfagent server processes that attempt to read from closed sockets, causing CPU consumption and a DoS (availability impact). Public references describe the issue as remote, with the impact described as partial (...

7.5CVSS7.3AI score0.02334EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2008/05/09 3:0 p.m.19 views

CVE-2008-2122

IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service CPU consumption via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets...

7.3AI score0.02334EPSS
Exploits0References6
seebug.org
seebug.org
added 2008/05/07 12:0 a.m.13 views

IBM Rational Build Forge远程拒绝服务漏洞

BUGTRAQ ID: 29036 IBM Rational Build Forge提供了企业级构建管理和发布管理,能提高软件质量,加速中小企业的软件和系统交付。 Build Forge在处理大量恶意连接时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。 在使用端口扫描软件检查网络漏洞时,如果端口扫描器在Build Forge代理的端口打开了套接字的话,则扫描器关闭端口后代理应立即关闭套接字,但代理错误的解释了关闭的套接字,仍从已关闭的套接字读取垃圾数据,这可能导致生成大量无限循环的伪造bfagent进程,必须手动杀死这些进程才能保证系统的正常运行。 IBM Rational Buil...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/03/21 12:0 a.m.33 views

IBM Rational ClearQuest多个参数跨站脚本漏洞

BUGTRAQ ID: 28296 CVECAN ID: CVE-2007-4592 IBM Rational ClearQuest是全面的软件变更、追踪管理解决方案。 Rational ClearQuest没有正确地验证对contextid、schema、userNameVal、username变量的输入参数,允许远程攻击者通过提交特制的URL请求执行跨站脚本攻击。 IBM Rational ClearQuest 7.0.1.0iFix01 IBM Rational ClearQuest 7.0.0.1iFix04 IBM Rational ClearQuest 2003.06.16...

4.3CVSS6.4AI score0.04495EPSS
Exploits2
NVD
NVD
added 2008/03/20 12:44 a.m.24 views

CVE-2007-4592

Multiple cross-site scripting XSS vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2iFix01, and 7.0.1.1iFix01 allow remote attackers to inject arbitrary web script or HTML via the 1 contextid, 2 username, 3 userNameVal, and 4 schema parameters ...

4.3CVSS5.6AI score0.04495EPSS
Exploits2References7
Rows per page
Query Builder