CVSS: 7.5EPSS: 34%CPEs: 1EXPL: 0CVE-2013-6748 – IBM Lotus Quickr ActiveX Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-6748
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6749. Desbordamiento de buffer en el control ActiveX en qp2.cab en IBM Lotus Quickr para Domino 8.5.1 en versiones anteriores a 8.5.1.42-001b permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML manipulado, una vulnerabilidad diferente a CVE-2013-6749. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within an ActiveX control included in QP2.dll. The specific flaw is a stack buffer overflow in a vulnerable function in the control. • http://osvdb.org/102597 http://secunia.com/advisories/56696 http://www.ibm.com/support/docview.wss?uid=swg21662653 http://www.securityfocus.com/bid/65191 https://exchange.xforce.ibmcloud.com/vulnerabilities/89864 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4063
https://notcve.org/view.php?id=CVE-2013-4063
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP. Vulnerabilidad cross-site scripitng (XSS) en iNotes de IBM Domino 8.5.x anteriores a 8.5.3 FP6 y 9.0.x anteriores a 9.0.1 permite a atacantes remotos inyectar script web o HTML a través de contenido activo en un mensaje de email, tambien conocido como SPRs PTHN9AQMV7 y TCLE98ZKRP. • http://www-01.ibm.com/support/docview.wss?uid=swg21659959 https://exchange.xforce.ibmcloud.com/vulnerabilities/86594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4064
https://notcve.org/view.php?id=CVE-2013-4064
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA. Vulnerabilidad cross-site scripting (XSS) en iNotes de IBM Domino 8.5.x anteriores a 8.5.3 FP6 y 9.0.x anteriores a 9.0.1, cuando el modo ultra-light está activado, permite a usuarios remotos autenticados inyectar script web o HTML a través de vectores no especificados, tambien conocido como SPR PTHN9ARMFA. • http://www-01.ibm.com/support/docview.wss?uid=swg21659959 https://exchange.xforce.ibmcloud.com/vulnerabilities/86595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4065
https://notcve.org/view.php?id=CVE-2013-4065
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP. Vulnerabilidad cross-site scripting (XSS) en iNotes de IBM Domino 8.5.x anteriores a 8.5.3 FP6 y 9.0.x anteriores a 9.0.1, cuando el modo ultra-light está activado, permite a atacantes remotos inyectar script web o HTML a través de contenido activo en un mensaje de email, tambien conocido como SPR TCLE98ZKRP. • http://www-01.ibm.com/support/docview.wss?uid=swg21659959 https://exchange.xforce.ibmcloud.com/vulnerabilities/86596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4055
https://notcve.org/view.php?id=CVE-2013-4055
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051. Vulnerabilidad de XSS en webadmin.nsf en Domino Web Administrator de IBM Domino 8.5 y 9.0 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-4051. • http://www-01.ibm.com/support/docview.wss?uid=swg21652988 https://exchange.xforce.ibmcloud.com/vulnerabilities/86544 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •