Page 2 of 33 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. IBM Domino versiones 8.5 y 9.0 podría permitir a un atacante robar credenciales utilizando varias sesiones y grandes cantidades de datos mediante la validación de Domino TLS Key Exchange. IBM X-Force ID: 117918. • http://www.ibm.com/support/docview.wss?uid=swg22002808 http://www.securityfocus.com/bid/98794 http://www.securitytracker.com/id/1038606 https://exchange.xforce.ibmcloud.com/vulnerabilities/117918 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. IBM Domino versiones 8.5.3 y 9.0 es vulnerable a desbordamiento basado en pila en el servicio IMAP lo que podría permitir a un atacante autenticado ejecutar código arbitrario especificando un nombre largo de buzón. IBM X-Force ID: 124749. • https://www.exploit-db.com/exploits/46808 http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html http://www.ibm.com/support/docview.wss?uid=swg22002280 http://www.securityfocus.com/bid/97910 http://www.securityfocus.com/bid/98019 http://www.securitytracker.com/id/1038358 https://www.kb.cert.org/vuls/id/676632 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21992835 http://www.securityfocus.com/bid/94604 http://www.securitytracker.com/id/1037383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0

IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Verse es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21992835 http://www.securityfocus.com/bid/94603 http://www.securitytracker.com/id/1037383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21992835 http://www.securityfocus.com/bid/94600 http://www.securitytracker.com/id/1037383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •