14 results (0.020 seconds)

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet. Vulnerabilidad sin especificar en la funcionalidad de autenticación en el servidor de IBM Lotus Domino 8.x anteriores a 8.5.2 FP4 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete RPC Notes modificado. • http://secunia.com/advisories/47331 http://www.ibm.com/support/docview.wss?uid=swg21575247 http://www.osvdb.org/77990 https://exchange.xforce.ibmcloud.com/vulnerabilities/71805 •

CVSS: 10.0EPSS: 83%CPEs: 74EXPL: 0

Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23. Desbordamiento de búfer basado en pila en nrouter.exe en IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un parámetro de nombre largo en el encabezado Content-Type de convocatoria de reunión de calendario de Notes (también conocido como iCalendar o iCal con formato incorrecto), también conocido como SPR KLYH87LL23. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting request. The process copies the contents of the name parameter within the Content-Type header into a fixed size stack buffer. • http://secunia.com/advisories/43208 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 http://www.securityfocus.com/archive/1/516245/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-11-048 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 9%CPEs: 74EXPL: 0

Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache. Desbordamiento de búfer basado en pila en ndiiop.exe en la aplicación DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código de su elección mediante una petición getEnvironmentString de GIOP, relacionado con la caché de varible local. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. • http://secunia.com/advisories/43208 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 http://zerodayinitiative.com/advisories/ZDI-11-053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 14%CPEs: 74EXPL: 0

Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow. Error de presencia de signo (signedness) en enteros en ndiiop.exe en la aplicación DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código se elección mediante una petición del cliente GIOP, dando lugar a un desbordamiento de búfer en la memoria dinámica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP client Request packet type the process can be made to mis-allocate a buffer size due to a signed-ness bug. • http://secunia.com/advisories/43208 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 http://zerodayinitiative.com/advisories/ZDI-11-052 • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la tarea del Servidor Web (HTTP) en el IBM Lotus Domino anterior al 6.5.6 FP2 y el 7.x anterior al 7.0.2 FP2, permite a atacantes remotos autenticados la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://jvn.jp/jp/JVN%2384565055/index.html http://osvdb.org/39720 http://secunia.com/advisories/27509 http://www-1.ibm.com/support/docview.wss?uid=swg21263871 http://www-1.ibm.com/support/docview.wss?uid=swg27010980 http://www.vupen.com/english/advisories/2007/3700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •