CVSS: 9.0EPSS: 94%CPEs: 1EXPL: 3CVE-2011-3575 – IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3575
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. Desbordamiento de búfer basado en pila en la función NSFComputeEvaluateExt en Nnotes.dll en IBM Lotus Domino v8.5.2 permite a usuarios autenticados remotamente ejecutar código de su elección a través de un parámetro largo tHPRAgentName en acción OpenForm fmHttpPostRequest a WebAdmin.nsf. • https://www.exploit-db.com/exploits/36145 http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211 http://www.securityfocus.com/bid/49705 https://exchange.xforce.ibmcloud.com/vulnerabilities/69802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3576
https://notcve.org/view.php?id=CVE-2011-3576
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. Vulnerabilidad cross-site scripting (XSS) en IBM Lotus Domino v8.5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro PanelIcon en una acción fmpgPanelHeader ReadForm a WebAdmin.nsf. • http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211 http://www.securityfocus.com/bid/49701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2885
https://notcve.org/view.php?id=CVE-2011-2885
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un documento .doc que incorpora una barra de herramientas definida por el usuario. • http://osvdb.org/74159 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68891 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 3%CPEs: 4EXPL: 0CVE-2011-2887
https://notcve.org/view.php?id=CVE-2011-2887
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document. IBM Lotus Symphony 3 anterior a FP3 en Linux permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un documento de ejemplo determinado. • http://osvdb.org/74163 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68889 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2884
https://notcve.org/view.php?id=CVE-2011-2884
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." Múltiples vulnerabilidades no especificadas en IBM Lotus Symphony 3 anteriores a FP3 tienen un impacto desconocido y vectores de ataque, relacionado con "temas críticos de vulnerabilidades de seguridad." • http://secunia.com/advisories/45271 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.osvdb.org/73988 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68892 https://www-304.ibm.com/jct03001c/software/lotus/symp •