Page 13 of 80 results (0.014 seconds)

CVSS: 7.8EPSS: 3%CPEs: 18EXPL: 0

The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. • http://securitytracker.com/id?1015611 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389 http://www.securityfocus.com/bid/16523 http://www.vupen.com/english/advisories/2006/0526 https://exchange.xforce.ibmcloud.com/vulnerabilities/24634 •

CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21201845 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21217285 http://www.osvdb.org/displayvuln.php?osvdb_id=19614 http://www.securityfocus.com/bid/14901 http://www.securitytracker.com/alerts/2005/Sep/1014946.html https://exchange.xforce.ibmcloud.com/vulnerabilities/22358 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. • http://secunia.com/advisories/16830 http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850 http://www.securityfocus.com/bid/14845 http://www.securityfocus.com/bid/14846 •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 3

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. Lotus Domino R5 and R6 WebMail almacena datos en campos ocultos en "names.nsf" (con permisos de lectura universal), lo que permite que atacantes remotos otengan información confidencial mirando el código HTML. • https://www.exploit-db.com/exploits/3302 https://www.exploit-db.com/exploits/39495 https://github.com/schwankner/CVE-2005-2428-IBM-Lotus-Domino-R8-Password-Hash-Extraction-Exploit http://marc.info/?l=bugtraq&m=112240869130356&w=2 http://secunia.com/advisories/16231 http://securitytracker.com/id?1014584 http://www-1.ibm.com/support/docview.wss?uid=swg21212934 http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf http://www.osvdb.org/18462 http:/ •

CVSS: 5.0EPSS: 3%CPEs: 9EXPL: 0

Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). • http://secunia.com/advisories/14879 http://securitytracker.com/id?1013842 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525 http://www.osvdb.org/15366 http://www.securityfocus.com/bid/13446 https://exchange.xforce.ibmcloud.com/vulnerabilities/20043 •