CVSS: 10.0EPSS: 83%CPEs: 5EXPL: 1CVE-2008-2240 – IBM Lotus Domino Web Server - Accept-Language Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2240
22 May 2008 — Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header. Desbordamiento de búfer basado en pila en el Servicio Web Server en IBM Lotus Domino anterior a 7.0.3 FP1 y 8.x anterior a 8.0.1, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) o la posibilidad de ejecutar código de su ... • https://www.exploit-db.com/exploits/16697 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2410
https://notcve.org/view.php?id=CVE-2008-2410
22 May 2008 — Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el motor de servlets y el contenedor Web en el servicio Web Server de IBM Lotus Domino anterior a 7.0.3 FP1 y 8.x anterior al 8.0.1, permite a usuarios autenticados remotamente in... • http://secunia.com/advisories/30310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0243
https://notcve.org/view.php?id=CVE-2008-0243
12 Jan 2008 — Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Lotus Domino 7.0.2, en versiones anteriores a la Fix Pack 3, permite que atacantes remotos provoquen una denegación de servicio a través de vectores desconocidos. • http://secunia.com/advisories/28411 •
CVSS: 9.3EPSS: 87%CPEs: 17EXPL: 6CVE-2007-4474 – IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4474
27 Dec 2007 — Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. Múltiples desbordamientos de búfer basado en pila en el control ActiveX IBM Lotus Dom... • https://www.exploit-db.com/exploits/4818 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5924
https://notcve.org/view.php?id=CVE-2007-5924
10 Nov 2007 — Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la tarea del Servidor Web (HTTP) en el IBM Lotus Domino anterior al 6.5.6 FP2 y el 7.x anterior al 7.0.2 FP2, permite a atacantes remotos autenticados la inyección de secuencias de comandos web o HTML de su ele... • http://jvn.jp/jp/JVN%2384565055/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 8%CPEs: 10EXPL: 0CVE-2007-3510
https://notcve.org/view.php?id=CVE-2007-3510
29 Oct 2007 — Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name. Desbordamiento de búfer en el servicio IMAP de IBM Lotus Domino versiones anteriores a 6.5.6 FP2, y 7.x versiones anteriores a 7.0.3, permite a usuarios remotos autenticados ejecutar código de su elección mediante un nombre de buzón de correo largo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-5544
https://notcve.org/view.php?id=CVE-2007-5544
29 Oct 2007 — IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (... • http://secunia.com/advisories/27321 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2007-5700
https://notcve.org/view.php?id=CVE-2007-5700
29 Oct 2007 — The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information. El método Evaluate LotusScript de IBM Lotus Domino versiones anteriores a 7.0.3 utiliza un contexto de seguridad incorrecto para comandos de fórumla @ en algunas circustancias, lo cual podría permitir a usuarios remotos autenticados obtener privilegios y conseguir inf... • http://osvdb.org/40951 •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2007-5701
https://notcve.org/view.php?id=CVE-2007-5701
29 Oct 2007 — Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. Vulnerabilidad de lista negra incompleta en la Autoridad de Certific... • http://osvdb.org/40952 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2007-0068
https://notcve.org/view.php?id=CVE-2007-0068
06 Jun 2007 — IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. IBM Lotus Domino 7.0.x versiones anteriores a 7.0.3 no revalida la firma en un agente planificado firmado después de que el agente se modifique, lo cual permite a usuarios remotos autenticados obtener privilegios mediante un agente modificado en un servidor de base de datos. • http://osvdb.org/35765 •