3781 matches found
CVE-2008-5328
The CVE-2008-5328 entry concerns the ClearQuest Maintenance Tool in IBM Rational ClearQuest before version 7. It states that the product stores the database password in cleartext inside an object in a ClearQuest connection profile or export file, enabling remote authenticated users to retrieve th...
CVE-2008-5327
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the obje...
CVE-2008-5328
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object...
CVE-2008-5329
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file...
CVE-2008-5330
Multiple cross-site scripting XSS vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATHIN...
IBM Rational ClearCase跨站脚本漏洞
BUGTRAQ ID: 32574 Rational ClearCase是一款功能强大的软件配置管理(SCM)工具。 ClearCase RWP服务器没有正确的过滤某些用户提供输入,远程攻击者可以通过向WEB管理接口提交恶意请求执行跨站脚本攻击。 IBM ClearCase 7.x IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ers.ibm.com/ http://otter/ccrc/??''??script?alert1234?/script?=123...
IBM Rational ClearCase 78 - Cross-Site Scripting
IBM Rational ClearCase 78 - Cross-Site Scripting source: https://www.securityfocus.com/bid/32574/info IBM Rational ClearCase is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...
IBM Rational ClearCase 7/8 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/32574/info IBM Rational ClearCase is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability
Description Microsoft XML Core Services MSXML is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain...
CVE-2008-3550
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information page source code via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting XSS vulnerability...
Cross site scripting
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information page source code via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting XSS vulnerability...
CVE-2008-3550
The CVE-2008-3550 entry affects IBM Rational ClearQuest 7.0.1 CQWeb: the login page may reveal potentially sensitive information (page source code) via crafted id field input using ?script? and ?/script? sequences, indicating a cross-site scripting (XSS) issue. The issue is described consistently...
CVE-2008-3550
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information page source code via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting XSS vulnerability...
CVE-2008-2122
IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service CPU consumption via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets...
Code injection
IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service CPU consumption via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets...
CVE-2008-2122
CVE-2008-2122 affects IBM Rational Build Forge 7.0.2. A port scan can trigger multiple bfagent server processes that attempt to read from closed sockets, causing CPU consumption and a DoS (availability impact). Public references describe the issue as remote, with the impact described as partial (...
CVE-2008-2122
IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service CPU consumption via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets...
IBM Rational Build Forge远程拒绝服务漏洞
BUGTRAQ ID: 29036 IBM Rational Build Forge提供了企业级构建管理和发布管理,能提高软件质量,加速中小企业的软件和系统交付。 Build Forge在处理大量恶意连接时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。 在使用端口扫描软件检查网络漏洞时,如果端口扫描器在Build Forge代理的端口打开了套接字的话,则扫描器关闭端口后代理应立即关闭套接字,但代理错误的解释了关闭的套接字,仍从已关闭的套接字读取垃圾数据,这可能导致生成大量无限循环的伪造bfagent进程,必须手动杀死这些进程才能保证系统的正常运行。 IBM Rational Buil...
IBM Rational ClearQuest多个参数跨站脚本漏洞
BUGTRAQ ID: 28296 CVECAN ID: CVE-2007-4592 IBM Rational ClearQuest是全面的软件变更、追踪管理解决方案。 Rational ClearQuest没有正确地验证对contextid、schema、userNameVal、username变量的输入参数,允许远程攻击者通过提交特制的URL请求执行跨站脚本攻击。 IBM Rational ClearQuest 7.0.1.0iFix01 IBM Rational ClearQuest 7.0.0.1iFix04 IBM Rational ClearQuest 2003.06.16...
CVE-2007-4592
Multiple cross-site scripting XSS vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2iFix01, and 7.0.1.1iFix01 allow remote attackers to inject arbitrary web script or HTML via the 1 contextid, 2 username, 3 userNameVal, and 4 schema parameters ...