22 results (0.011 seconds)

CVSS: 1.9EPSS: 0%CPEs: 55EXPL: 0

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output. IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (también conocido como Spectrum Protect for Databases) 5.5 en versiones anteriores a 5.5.6.2, 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (también conocido como Spectrum Protect for Mail) 5.5 en versiones anteriores a 5.5.1.1, 6.1 y 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; y Tivoli Storage FlashCopy Manager for Windows (también conocido como Spectrum Protect Snapshot) 2.x y 3.1 en versiones anteriores a 3.1.1.6, 3.2 en versiones anteriores a 3.2.1.8 y 4.1 en versiones anteriores a 4.1.4, cuando se configura el trazado de aplicación, escribir contraseñas en texto plano durante la ejecución del comando changetsmpassword, lo que permite a usuarios locales obtener información sensible mediante la lectura de la traza de salida de la aplicación. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349 http://www-01.ibm.com/support/docview.wss?uid=swg21969514 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 93%CPEs: 16EXPL: 0

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. • http://secunia.com/advisories/18368 http://securityreason.com/securityalert/330 http://securityreason.com/securityalert/331 http://securitytracker.com/id?1015460 http://securitytracker.com/id?1015461 http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm http://www.kb.cert.org/vuls/id/252146 http://www.securityfocus.com/archive/1/421518/100/0/threaded http://www.securityfocus.com/archive/1/421520/100/0/threaded http://www.securityfocus.com/bid/16197 http://www.us- •

CVSS: 4.3EPSS: 96%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc
ript:") in an IMG tag. Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente Microsoft Outlook Web Access (OWA) en Exchange Server 5.5 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un mensaje de correo electrónico con una codificación de JavaScript: "jav & # X41sc & # 0010; ript : ") en una etiqueta IMG. • http://secunia.com/advisories/15697 http://www.idefense.com/application/poi/display?id=261&type=vulnerabilities http://www.securityfocus.com/bid/13952 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 95%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. Vulnerabilidad de secuencias de comandos en sitios cruzados en Outlook Web Access de Exchange Server 5.5 Service Pack 4 permite a atacantes remotos la inserción de rutinas arbitrarias y falsificar el contenido de correos HTML o cachés web mediante petición HTML redirigida. • http://www.kb.cert.org/vuls/id/948750 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/16583 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la codificación HTML en el formulario Componer Nuevo Mensaje en Microsoft Exchange Server 5.5 Outolook Web Access (OWA) permite a atacantes remotos ejecutar script web arbitrario. • http://marc.info/?l=bugtraq&m=106631918405915&w=2 http://www.cert.org/advisories/CA-2003-27.html http://www.kb.cert.org/vuls/id/435444 http://www.securityfocus.com/bid/8832 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •