CVE-2015-1976
https://notcve.org/view.php?id=CVE-2015-1976
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. IBM Security Directory Server podría permitir a un usuario autenticado ejecutar comandos en la herramienta de administración web que causaría la caída de la herramienta. • http://www.ibm.com/support/docview.wss?uid=swg21980585 http://www.securityfocus.com/bid/90526 • CWE-284: Improper Access Control •
CVE-2015-1977
https://notcve.org/view.php?id=CVE-2015-1977
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en la herramienta Web Administration en IBM Tivoli Directory Server (ITDS) en versiones anteriores a 6.1.0.74-ISS-ISDS-IF0074, 6.2.x en versiones anteriores a 6.2.0.50-ISS-ISDS-IF0050 y 6.3.x en versiones anteriores a 6.3.0.43-ISS-ISDS-IF0043 y IBM Security Directory Server (ISDS) en versiones anteriores a 6.3.1.18-ISS-ISDS-IF0018 y 6.4.x en versiones anteriores a 6.4.0.9-ISS-ISDS-IF0009 permite a atacantes remotos leer archivos arbitrarios a través de .. (punto punto) en una URL. • http://www-01.ibm.com/support/docview.wss?uid=swg21986452 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6100
https://notcve.org/view.php?id=CVE-2014-6100
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz del usuario de administración en IBM Tivoli Directory Server 6.1 anterior a 6.1.0.64-ISS-ITDS-IF0064, 6.2 anterior a 6.2.0.39-ISS-ITDS-FP0039, y 6.3 anterior a 6.3.0.33-ISS-ITDS-IF0033, e IBM Security Directory Server 6.3.1 anterior a 6.3.1.7-ISS-ISDS-IF0007, permite a usuarios remotos autenticados inyectar secuencias de comandos web a través de una URL manipulada. • http://secunia.com/advisories/61061 http://www-01.ibm.com/support/docview.wss?uid=swg21686581 https://exchange.xforce.ibmcloud.com/vulnerabilities/96005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •