CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0740
https://notcve.org/view.php?id=CVE-2012-0740
22 Apr 2012 — Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Web Admin Tool ien IBM Tivoli Directory Server (TDS) v6.2 antes de v6.2.0.22 y v6.3 antes de v6.3.0.11, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no espec... • http://www-01.ibm.com/support/docview.wss?uid=swg24032290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2011-1820
https://notcve.org/view.php?id=CVE-2011-1820
21 Apr 2011 — IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log. IBM Tivoli Directory Server (TDS) v5.2 ante... • http://secunia.com/advisories/44184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2010-4789
https://notcve.org/view.php?id=CVE-2010-4789
21 Apr 2011 — Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation. Vulnerabilidad de uso después de la liberación en la aplicación proxy-server en IBM Tivoli Directory Server (TDS) v6.0 anterior a v6.0.0.65 (también conocido como... • http://www.ibm.com/support/docview.wss?uid=swg1IO13364 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 59%CPEs: 84EXPL: 1CVE-2011-1206 – IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1206
18 Apr 2011 — Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information. Desbordamiento de ... • https://www.exploit-db.com/exploits/17188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •