6 results (0.002 seconds)

CVSS: 7.6EPSS: 5%CPEs: 31EXPL: 0

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. Desbordamiento de búfer basado en pila en el control ActiveX Lotus Domino Web Access en IBM Lotus iNotes (alias Domino Web Access o DWA) 6.5, 7.0 en versiones anteriores a la 7.0.4, 8.0, 8.0.2 y en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos ejecutar código de su elección mediante un argumento URL largo a un método no especificado, alias PRAD7JTNHJ. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857 http://secunia.com/advisories/38681 http://secunia.com/advisories/38744 http://secunia.com/advisories/38755 http://securitytracker.com/id?1023662 http://www-01.ibm.com/support/docview.wss?uid=swg21421808 http://www-01.ibm.com/support/docview.wss?uid=swg27018109 http://www.osvdb.org/62612 http://www.securityfocus.com/bid/38457 http://www.securityfocus.com/bid/38459 http://www.vupen.com/english/advisories&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus iNotes (alias Domino Web Access o DWA) en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores relacionado con la falta de "XSS/CSRF Get Filter and Referer Check fixes." • http://www-01.ibm.com/support/docview.wss?uid=swg27018109 http://www.securityfocus.com/bid/38459 http://www.vupen.com/english/advisories/2010/0496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0

Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en IBM Lotus iNotes (alias Domino Web Access o DWA) en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos secuestrar la autenticación de victímas al azar mediante vectores relacionados con la falta de "XSS/CSRF Get Filter and Referer Check fixes." • http://www-01.ibm.com/support/docview.wss?uid=swg27018109 http://www.securityfocus.com/bid/38459 http://www.vupen.com/english/advisories/2010/0496 https://exchange.xforce.ibmcloud.com/vulnerabilities/56556 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0

Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en la funcionalidad UltraLite en IBM Lotus iNotes (alias Domino Web Access o DWA) en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 tienen un impacto y unos vectores de ataque desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg27018109 http://www.securityfocus.com/bid/38459 http://www.vupen.com/english/advisories/2010/0496 https://exchange.xforce.ibmcloud.com/vulnerabilities/56557 •

CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0

Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58. Modo Ultra-light en IBM Lotus iNotes (también conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 no maneja adecuadamente secuencias de comando en la URL status-alerts, tiene un impacto y vectores de ataque sin especificar, también conocido como SPR LSHR7TBM58. • http://secunia.com/advisories/38026 http://www-01.ibm.com/support/docview.wss?uid=swg27017776 http://www.securityfocus.com/bid/37675 http://www.vupen.com/english/advisories/2010/0077 https://exchange.xforce.ibmcloud.com/vulnerabilities/55471 •