CVSS: 7.1EPSS: 60%CPEs: 2EXPL: 1CVE-2007-0977 – Lotus Domino R6 Webmail - Remote Password Hash Dumper
https://notcve.org/view.php?id=CVE-2007-0977
16 Feb 2007 — IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. IBM Lotus Domino R5 y R6 WebMail, con "Generar HTML para todos los campos" habilitado, almacena tablas hash HTTPPassword de names.nsf de una manera accesible a través de peticiones Readviewentries y OpenDocument a la vista defaultview, vector distinto ... • https://www.exploit-db.com/exploits/3302 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-5818
https://notcve.org/view.php?id=CVE-2006-5818
08 Nov 2006 — Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar código de su elección a través de vectores sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 •
CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 0CVE-2005-2712
https://notcve.org/view.php?id=CVE-2005-2712
31 Dec 2005 — The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. • http://securitytracker.com/id?1015611 •
CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 3CVE-2005-2428 – Lotus Domino R6 Webmail - Remote Password Hash Dumper
https://notcve.org/view.php?id=CVE-2005-2428
03 Aug 2005 — Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a... • https://www.exploit-db.com/exploits/3302 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2005-1441
https://notcve.org/view.php?id=CVE-2005-1441
03 May 2005 — Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). • http://secunia.com/advisories/14879 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2667
https://notcve.org/view.php?id=CVE-2004-2667
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/11925 •
CVSS: 6.1EPSS: 1%CPEs: 8EXPL: 5CVE-2004-1621 – IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injection
https://notcve.org/view.php?id=CVE-2004-1621
18 Oct 2004 — NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly han... • https://www.exploit-db.com/exploits/24690 •
CVSS: 10.0EPSS: 58%CPEs: 1EXPL: 0CVE-2003-0178
https://notcve.org/view.php?id=CVE-2003-0178
29 Mar 2003 — Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation. Multiples desbordamiento de búfer en Lotus Domino Web Server anteriores a la 6.0.1 permiten a atacantes remotos causa... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html •
CVSS: 9.8EPSS: 35%CPEs: 2EXPL: 0CVE-2003-0179
https://notcve.org/view.php?id=CVE-2003-0179
29 Mar 2003 — Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. Desbordamiento de búfer en el manejador de control de objetos COM para Lotus Domino 6.0.1 y versiones anteriores, permite a atacantes remotos la ejecución de código arbitrario mediante vectores de ataque múltiple, como se demuestra utilizando el método In... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2003-0180
https://notcve.org/view.php?id=CVE-2003-0180
29 Mar 2003 — Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. Lotus Domino Web Server (nhttp.exe) anteriores a la 6.0.1 permite a atacantes remotos causar la Denegación de Servicios mediante una petición POST incompleta, como se demuestra utilizando el formulario h_PageUI. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html •