CVE-2004-2310 – IBM Lotus Domino 6.5.1 - HTTP webadmin.nsf Quick Console Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2310
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. • https://www.exploit-db.com/exploits/23837 http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt http://secunia.com/advisories/11143 http://www.osvdb.org/4306 http://www.securityfocus.com/bid/9901 https://exchange.xforce.ibmcloud.com/vulnerabilities/15502 •
CVE-2004-2369
https://notcve.org/view.php?id=CVE-2004-2369
Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command. • http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt http://secunia.com/advisories/11143 http://www.securityfocus.com/bid/9900 https://exchange.xforce.ibmcloud.com/vulnerabilities/15503 https://exchange.xforce.ibmcloud.com/vulnerabilities/15504 •
CVE-2004-2311 – IBM Lotus Domino 6/7 - HTTP webadmin.nsf Directory Traversal
https://notcve.org/view.php?id=CVE-2004-2311
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog. • https://www.exploit-db.com/exploits/23836 http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt http://secunia.com/advisories/11143 http://www.securityfocus.com/bid/9900 https://exchange.xforce.ibmcloud.com/vulnerabilities/15504 •
CVE-2004-2667
https://notcve.org/view.php?id=CVE-2004-2667
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/11925 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21171253 http://www.osvdb.org/displayvuln.php?osvdb_id=7268 •
CVE-2004-1621 – IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injection
https://notcve.org/view.php?id=CVE-2004-1621
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature • https://www.exploit-db.com/exploits/24690 http://marc.info/?l=bugtraq&m=109812960023736&w=2 http://marc.info/?l=bugtraq&m=109841682529328&w=2 http://secunia.com/advisories/12891 http://securitytracker.com/id?1011779 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833 http://www.kb.cert.org/vuls/id/404382 http://www.securityfocus.com/bid/11458 https://exchange.xforce.ibmcloud.com/vulnerabilities/17758 •