CVE-2013-0522
https://notcve.org/view.php?id=CVE-2013-0522
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531. La característica Notes Client Single Logon en IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 y 9.0 en Windows permite que usuarios locales descubran contraseñas mediante vectores relacionados con un mecanismo de comunicación de un sistema operativo no especificado para la transmisión de contraseñas entre Windows y Notes. IBM X-Force ID: 82531. • https://exchange.xforce.ibmcloud.com/vulnerabilities/82531 https://www-01.ibm.com/support/docview.wss?uid=swg21634508 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2991
https://notcve.org/view.php?id=CVE-2016-2991
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Lotus Protector para Mail Security 2.8.0.0 hasta la versión 2.8.1.0 en versiones anteriores a 2.8.1.0-22115 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21985280 http://www.securityfocus.com/bid/92391 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0282
https://notcve.org/view.php?id=CVE-2016-0282
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. Vulnerabilidad de XSS en IBM iNotes en versiones anteriores a 8.5.3 FP6 IF2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, vulnerabilidad también conocida como SPR KLYHAAHNUS. • http://www-01.ibm.com/support/docview.wss?uid=swg21991722 http://www.securityfocus.com/bid/94558 http://www.securitytracker.com/id/1037383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6196
https://notcve.org/view.php?id=CVE-2014-6196
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere Portal configuration, leading to improper construction of a response page by an application. Vulnerabilidad de XSS en IBM Web Experience Factory (WEF) 6.1.5 hasta 8.5.0.1, utilizado en WebSphere Dashboard Framework (WDF) y Lotus Widget Factory (LWF), permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante el aprovechamiento de un error del constructor Dojo en una configuración no especificada de WebSphere Portal, que conduce a la construcción indebida de una página de respuestas de parte de una aplicación. • http://secunia.com/advisories/59546 http://www-01.ibm.com/support/docview.wss?uid=swg1LO82672 http://www-01.ibm.com/support/docview.wss?uid=swg1LO82673 http://www-01.ibm.com/support/docview.wss?uid=swg1LO82674 http://www-01.ibm.com/support/docview.wss?uid=swg1LO82675 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3086 – JDK: Privilege escalation issue
https://notcve.org/view.php?id=CVE-2014-3086
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. Vulnerabilidad no especificada en IBM Java Virtual Machine, utilizado en IBM WebSphere Real Time 3 anterior a Service Refresh 7 FP1 y otros productos, permite a atacantes remotos ganar privilegios mediante el aprovechamiento de la habilidad de ejecutar código en el contexto de un gestor de seguridad. • http://secunia.com/advisories/59680 http://secunia.com/advisories/60081 http://secunia.com/advisories/60317 http://secunia.com/advisories/60622 http://secunia.com/advisories/61577 http://secunia.com/advisories/61640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634 http://www-01.ibm.com/support/docview.wss?uid=swg21680333 http://www-01.ibm.com/support/docview.wss?uid=swg21680334 http://www-01.ibm.com/support/docview.wss?uid=swg21686383 http://www-01.ibm.com/ • CWE-266: Incorrect Privilege Assignment •