CVE-2013-6749 – IBM Lotus Quickr ActiveX Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-6749
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6748. Desbordamiento de buffer en el control ActiveX en qp2.cab en IBM Lotus Quickr para Domino 8.5.1 en versiones anteriores a 8.5.1.42-001b permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML manipulado, una vulnerabilidad diferente a CVE-2013-6748. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within an ActiveX control included in QP2.dll. The specific flaw is a stack buffer overflow in a vulnerable function in the control. • http://osvdb.org/102598 http://secunia.com/advisories/56696 http://www.ibm.com/support/docview.wss?uid=swg21662653 http://www.securityfocus.com/bid/65193 https://exchange.xforce.ibmcloud.com/vulnerabilities/89865 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-6748 – IBM Lotus Quickr ActiveX Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-6748
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6749. Desbordamiento de buffer en el control ActiveX en qp2.cab en IBM Lotus Quickr para Domino 8.5.1 en versiones anteriores a 8.5.1.42-001b permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML manipulado, una vulnerabilidad diferente a CVE-2013-6749. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within an ActiveX control included in QP2.dll. The specific flaw is a stack buffer overflow in a vulnerable function in the control. • http://osvdb.org/102597 http://secunia.com/advisories/56696 http://www.ibm.com/support/docview.wss?uid=swg21662653 http://www.securityfocus.com/bid/65191 https://exchange.xforce.ibmcloud.com/vulnerabilities/89864 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3026 – IBM Quickr for Domino ActiveX Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3026
Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2.cab in IBM Lotus Quickr 8.1 before FP 8.1.0.32-001a, 8.2 before FP 8.2.0.28-001a, and 8.5.1 before FP 8.5.1.39-002a for Domino allows remote attackers to execute arbitrary code via a crafted web site. Desbordamiento de búfer en el control ActiveX Lotus Quickr para Domino en qp2.cab IBM Lotus Quickr 8.1 anterior a FP 8.1.0.32-001a, 8.2 anterior a FP 8.2.0.28-001a, y 8.5.1 anterior a FP 8.5.1.39-002a para Domino, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of user provided input in an ActiveX control. An integer overflow exists which leads to a heap buffer overflow. • http://www-01.ibm.com/support/docview.wss?uid=swg21639643 https://exchange.xforce.ibmcloud.com/vulnerabilities/84381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2176 – IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2176
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method. Múltiples desbordamientos de búfer en cierto ActiveX en qp2.cab en IBM Lotus Quickr v8.2 anterior a v8.2.0.27-002a para Domino permite a atacantes remotos ejecutar código arbitrario mediante un argumento largo para el método (1) Attachment_Times o (2) Import_Times. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QP2.cab ActiveX control. When passing a long string argument to the Attachment_Times or Import_Times parameters during the control's instantiation it is possible to overflow a stack buffer causing memory corruption. • https://www.exploit-db.com/exploits/23737 http://www.ibm.com/support/docview.wss?uid=swg21596191 http://www.securityfocus.com/bid/53678 http://www.securitytracker.com/id?1027097 https://exchange.xforce.ibmcloud.com/vulnerabilities/75322 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-7284
https://notcve.org/view.php?id=CVE-2008-7284
IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8. IBM Lotus Quickr v8.1 anteriores a v8.100.003, para Lotus Domino permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) haciendo clic en un enlace de descarga, también conocido como QCAO7E6AM8 SPR. • http://www-01.ibm.com/support/docview.wss?uid=swg27013341 • CWE-399: Resource Management Errors •