CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1487
https://notcve.org/view.php?id=CVE-2010-1487
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. IBM Lotus Notes v7.0, v8.0, y v8.5 almacena credenciales administrativas en cleartext en SURunAs.exe, lo que permite a usuarios locales obtener información sensible examinando ese archivo, conocido como SPR JSTN837SEG. • http://secunia.com/advisories/39507 http://www-01.ibm.com/support/docview.wss?uid=swg21427073 http://www.securityfocus.com/bid/39525 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 1CVE-2009-3032
https://notcve.org/view.php?id=CVE-2009-3032
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. Desbordamiento de entero en kvolefio.dll v8.5.0.8339 y v10.5.0.0 en Autonomy KeyView Filter SDK, tal y como se utiliza en IBM Lotus Notes v8.5, Symantec Mail Security para Microsoft Exchange desde v5.0.10 hasta v5.0.13, y otros productos, permite a atacantes dependientes del contexto ejecutar codigo arbitrario a traves de documentos OLE que inicianun desbordamiento de memoria dinamica. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858 http://www-01.ibm.com/support/docview.wss?uid=swg21440812 http://www.securityfocus.com/bid/38468 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2009-0306
https://notcve.org/view.php?id=CVE-2009-0306
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en el control ActiveX Intellisync en lnresobject.dll in BlackBerry Desktop Manager en Research In Motion (RIM) BlackBerry Desktop Software anterior a v5.0.1, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19701 http://www.securityfocus.com/bid/36903 http://www.vupen.com/english/advisories/2009/3133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3114
https://notcve.org/view.php?id=CVE-2009-3114
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. El widget RSS reader en Lotus Notes de IBM versiones 8.0 y 8.5, guarda elementos de una fuente RSS como documentos HTML locales, lo que permite a los atacantes remotos ejecutar scripts arbitrarios en la Local Machine Zone de Internet Explorer por medio de un feed diseñado, también se conoce como SPR RGAU7RDJ9K. • http://secunia.com/advisories/36813 http://www-01.ibm.com/support/docview.wss?uid=swg21403834 http://www.scip.ch/?vuldb.4021 http://www.securityfocus.com/archive/1/506296/100/0/threaded http://www.securityfocus.com/bid/36305 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3038 – Lotus note connector for BlackBerry Manager 5.0.0.11 - ActiveX Denial of Service
https://notcve.org/view.php?id=CVE-2009-3038
A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element. Un cierto control ActiveX en lnresobject.dll v7.1.1.119 en el conector Research In Motion (RIM) Lotus Notes para BlackBerry Desktop Manager v5.0.0.11 permite a atacantes remotos causar una denegación de servicio (caída Internet Explorer) referenciando el CLSID de control en el atributo classid de un elemento OBJECT. • https://www.exploit-db.com/exploits/9517 http://www.exploit-db.com/exploits/9517 •