CVSS: 6.4EPSS: 0%CPEs: 19EXPL: 0CVE-2012-0726
https://notcve.org/view.php?id=CVE-2012-0726
22 Apr 2012 — The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. La configuración por defecto de TLS en Tivoli Directory Server (TDS) v6.3 y anteriores, soporta los cifrados (1) NULL-MD5 y (2) NULL-SHA, lo que permite a atacantes remotos lanzar comunicaciones no cifradas a través de TLS Handshake Protocol. • http://www-01.ibm.com/support/docview.wss?uid=swg21591272 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0740
https://notcve.org/view.php?id=CVE-2012-0740
22 Apr 2012 — Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Web Admin Tool ien IBM Tivoli Directory Server (TDS) v6.2 antes de v6.2.0.22 y v6.3 antes de v6.3.0.11, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no espec... • http://www-01.ibm.com/support/docview.wss?uid=swg24032290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 0CVE-2012-0743
https://notcve.org/view.php?id=CVE-2012-0743
22 Apr 2012 — IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. IBM Tivoli Director Server (TDS) v6.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición de búsqueda paginada LDAP mal formada. • http://www-01.ibm.com/support/docview.wss?uid=swg21591267 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2758
https://notcve.org/view.php?id=CVE-2011-2758
17 Jul 2011 — IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. La herramienta de administración Web de IBM Tivoli Directory Server (TDS) v6.2 y anteriores a 6.2.0.3-TIV-ITDS-IF0004, IDSWebApp, no requiere autenticación para el acceso a los archivos del servidor LDAP de registro, que permite a atacantes remotos ... • http://secunia.com/advisories/45107 • CWE-287: Improper Authentication •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2759
https://notcve.org/view.php?id=CVE-2011-2759
17 Jul 2011 — The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. En la herramienta de administración Web de IBM Tivoli Directory Server (TDS) v6.2 y anteriores a 6.2.0.3-TIV-ITDS-IF0004, La página de inicio de sesión IDSWebApp, no tiene un atributo de autocompletar para los... • http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2011-1820
https://notcve.org/view.php?id=CVE-2011-1820
21 Apr 2011 — IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log. IBM Tivoli Directory Server (TDS) v5.2 ante... • http://secunia.com/advisories/44184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2010-4789
https://notcve.org/view.php?id=CVE-2010-4789
21 Apr 2011 — Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation. Vulnerabilidad de uso después de la liberación en la aplicación proxy-server en IBM Tivoli Directory Server (TDS) v6.0 anterior a v6.0.0.65 (también conocido como... • http://www.ibm.com/support/docview.wss?uid=swg1IO13364 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 59%CPEs: 84EXPL: 1CVE-2011-1206 – IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1206
18 Apr 2011 — Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information. Desbordamiento de ... • https://www.exploit-db.com/exploits/17188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •