Page 17 of 97 results (0.005 seconds)

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2005-2454

https://notcve.org/view.php?id=CVE-2005-2454

IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. • http://secunia.com/advisories/19537 http://secunia.com/advisories/27342 http://secunia.com/secunia_research/2005-29/advisory http://securitytracker.com/id?1017086 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773 http://www.kb.cert.org/vuls/id/383092 http://www.osvdb.org/29761 http://www.securityfocus.com/archive/1/449126/100/0/threaded http://www.securityfocus.com/bid/20612 http://www.vupen.com/english/advisories/2006/4093 https://exchange.xforce • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2005-2696

https://notcve.org/view.php?id=CVE-2005-2696

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. • http://marc.info/?l=bugtraq&m=112456040418543&w=2 http://www.venera.com/downloads/Lotus_password_disclosures.pdf •

CVSS: 5.0EPSS: 86%CPEs: 1EXPL: 1

CVE-2005-2175 – IBM Lotus Domino Notes 6.0/6.5 - Mail Template Automatic Script Execution

https://notcve.org/view.php?id=CVE-2005-2175

The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. • https://www.exploit-db.com/exploits/25944 http://archives.neohapsis.com/archives/bugtraq/2005-07/0075.html http://securitytracker.com/id?1014440 •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2005-1405

https://notcve.org/view.php?id=CVE-2005-1405

HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. • http://secunia.com/advisories/14879 http://securitytracker.com/id?1013839 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437 http://www.kb.cert.org/vuls/id/699798 http://www.osvdb.org/15365 https://exchange.xforce.ibmcloud.com/vulnerabilities/20045 •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0

CVE-2005-1442

https://notcve.org/view.php?id=CVE-2005-1442

Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. • http://secunia.com/advisories/1013841 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526 http://www.osvdb.org/15367 http://www.securityfocus.com/bid/13447 https://exchange.xforce.ibmcloud.com/vulnerabilities/20044 •