CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 1CVE-2004-2280 – IBM Lotus Notes 6.0/6.5 - Multiple Java Applet Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2280
31 Dec 2004 — Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. • https://www.exploit-db.com/exploits/24275 •
CVSS: 10.0EPSS: 49%CPEs: 2EXPL: 1CVE-2004-0480
https://notcve.org/view.php?id=CVE-2004-0480
30 Jun 2004 — Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe. Vulnerabilidad de inyección de argumentos en IBM Lotus Notes 6.0.3 y 6.5 permite a atacantes remotos ejecutar código de su eleccion mediante una URI notes: que usa un nombre de ruta de red UNC para proveer un fichero de configuración notes.ini alternativo a notes.exe. • http://marc.info/?l=bugtraq&m=108843896506099&w=2 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2003-0179
https://notcve.org/view.php?id=CVE-2003-0179
29 Mar 2003 — Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. Desbordamiento de búfer en el manejador de control de objetos COM para Lotus Domino 6.0.1 y versiones anteriores, permite a atacantes remotos la ejecución de código arbitrario mediante vectores de ataque múltiple, como se demuestra utilizando el método In... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2003-0123
https://notcve.org/view.php?id=CVE-2003-0123
18 Mar 2003 — Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. Desbordamiento de búfer en el cliente Web Retriever de Lotus Notes/Domino R4.5 a R.6 permite a servidores web remotos maliciosos causar una denegación de servicio (caída) mediante una línea de estado HTTP larga. • http://marc.info/?l=bugtraq&m=104757545500368&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 0CVE-2003-0122
https://notcve.org/view.php?id=CVE-2003-0122
18 Mar 2003 — Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. Desbordamiento de búfer en el servidor de Lotus Notes R4, R5 anteriores a 5.0.11 y betas de R6 permite a atacantes remotos ejecutar código arbitrario mediante un nombre distinguido (DN) largo durante la autenticación NotesRPC y una longitud ext... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html •
CVSS: 8.4EPSS: 9%CPEs: 20EXPL: 0CVE-2002-0370
https://notcve.org/view.php?id=CVE-2002-0370
05 Oct 2002 — Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecu... • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2001-1504
https://notcve.org/view.php?id=CVE-2001-1504
31 Dec 2001 — Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. • http://www.securityfocus.com/archive/1/221986 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0891
https://notcve.org/view.php?id=CVE-2000-0891
21 Jul 2001 — A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. • http://www.kb.cert.org/vuls/id/5962 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2000-1117
https://notcve.org/view.php?id=CVE-2000-1117
19 Dec 2000 — The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. • http://archives.neohapsis.com/archives/bugtraq/2000-11/0341.html • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 0CVE-2000-1138
https://notcve.org/view.php?id=CVE-2000-1138
19 Dec 2000 — Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected. • http://marc.info/?l=bugtraq&m=97370725220953&w=2 •