CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-5062
https://notcve.org/view.php?id=CVE-2009-5062
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. UsIBM Lotus Quickr 8.1 anteriores a la versión 8.1.0.15 services para Lotus Domino en AIX permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) mediante la suscripción de un feed Atom. También conocido como SPR JRIE7VKMP9. • http://www-01.ibm.com/support/docview.wss?uid=swg27013341 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2011-0920 – IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0920
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS. La consola remota en IBM Lotus Domino, cuando se utiliza una determinada configuración no compatible implicada en rutas de acceso UNC, permite a atacantes remotos evitar la autenticación y ejecutar código de su elección a través de vectores no especificados, también conocido como SPR PRAD89WGRS. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability. The flaw exists within the remote console functionality which listens by default on TCP port 2050. When handling A user authentication the server uses a user supplied COOKIEFILE path to retrieve stored credentials. • https://www.exploit-db.com/exploits/18179 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 84%CPEs: 74EXPL: 0CVE-2011-0915 – IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0915
Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23. Desbordamiento de búfer basado en pila en nrouter.exe en IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un parámetro de nombre largo en el encabezado Content-Type de convocatoria de reunión de calendario de Notes (también conocido como iCalendar o iCal con formato incorrecto), también conocido como SPR KLYH87LL23. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting request. The process copies the contents of the name parameter within the Content-Type header into a fixed size stack buffer. • http://secunia.com/advisories/43208 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 http://www.securityfocus.com/archive/1/516245/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-11-048 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 84%CPEs: 1EXPL: 0CVE-2011-0919 – IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0919
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ. Múltiples desbordamientos de búfer basados en la pila en los servicios (1) POP3 y (2) IMAP en IBM Lotus Domino permite a atacantes remotos ejecutar código de su elección a través de caracteres no imprimibles en una dirección del remitente, también conocido como SPR KLYH87LLVJ. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the POP3 and IMAP services while processing malformed e-mails. The vulnerable code expands specific non-printable characters within a "mail from" command without allocating adequate space. • http://secunia.com/advisories/43224 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 http://www.securityfocus.com/archive/1/516232/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-11-045 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 74EXPL: 0CVE-2011-0913 – Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0913
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache. Desbordamiento de búfer basado en pila en ndiiop.exe en la aplicación DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código de su elección mediante una petición getEnvironmentString de GIOP, relacionado con la caché de varible local. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. • http://secunia.com/advisories/43208 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 http://zerodayinitiative.com/advisories/ZDI-11-053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •