Page 2 of 10 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (Control Total:Todos) para ficheros mapeados en memoria (memoria compartida) en IPC, lo cual permite a usuarios locales obtener información confidencial, o inyectar Lotus Script u otras secuencias de caracteres en una sesión. • http://secunia.com/advisories/27321 http://www-1.ibm.com/support/docview.wss?uid=swg21257030 http://www.securityfocus.com/bid/26146 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt http://www.vupen.com/english/advisories/2007/3598 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0

Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar código de su elección a través de vectores sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 http://secunia.com/advisories/22724 http://securitytracker.com/id?1017198 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21249173 http://www.securityfocus.com/bid/20967 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30151 •

CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 0

Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. Desbordamiento de búfer en el cliente Web Retriever de Lotus Notes/Domino R4.5 a R.6 permite a servidores web remotos maliciosos causar una denegación de servicio (caída) mediante una línea de estado HTTP larga. • http://marc.info/?l=bugtraq&m=104757545500368&w=2 http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060 http://www.cert.org/advisories/CA-2003-11.html http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.kb.cert.org/vuls/id/411489 http://www.rapid7.com/advisories/R7-0011.html http://www.securityfocus.com/bid/7038 https://exchange.xforce.ibmcloud.com/vulnerabilities/11525 •

CVSS: 5.0EPSS: 1%CPEs: 29EXPL: 0

Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. Desbordamiento de búfer en el servidor de Lotus Notes R4, R5 anteriores a 5.0.11 y betas de R6 permite a atacantes remotos ejecutar código arbitrario mediante un nombre distinguido (DN) largo durante la autenticación NotesRPC y una longitud externa del campo menor que la del campo DN. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html http://marc.info/?l=bugtraq&m=104757319829443&w=2 http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101 http://www.cert.org/advisories/CA-2003-11.html http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.kb.cert.org/vuls/id/433489 http://www.rapid7.com/advisories/R7-0010.html http://www.securityfocus.com/bid/7037 https://exchange.xforce.ibmcloud.com/vulnerabilities/11526 •

CVSS: 5.0EPSS: 1%CPEs: 14EXPL: 0

Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0037.html http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/945e97608fda942a85256b37007905b1?OpenDocument&Highlight=0%2CJCHN547JWV http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/a77f8a5132cce70085256b8000792112?OpenDocument&Highlight=0%2CJCHN4UMKLA http://www.securityfocus.com/archive/1/253830 http://www.securityfocus.com/bid/4019 http://www.securityfocus.com/bid/4020 •