CVE-2007-5924
https://notcve.org/view.php?id=CVE-2007-5924
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la tarea del Servidor Web (HTTP) en el IBM Lotus Domino anterior al 6.5.6 FP2 y el 7.x anterior al 7.0.2 FP2, permite a atacantes remotos autenticados la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://jvn.jp/jp/JVN%2384565055/index.html http://osvdb.org/39720 http://secunia.com/advisories/27509 http://www-1.ibm.com/support/docview.wss?uid=swg21263871 http://www-1.ibm.com/support/docview.wss?uid=swg27010980 http://www.vupen.com/english/advisories/2007/3700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5544
https://notcve.org/view.php?id=CVE-2007-5544
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (Control Total:Todos) para ficheros mapeados en memoria (memoria compartida) en IPC, lo cual permite a usuarios locales obtener información confidencial, o inyectar Lotus Script u otras secuencias de caracteres en una sesión. • http://secunia.com/advisories/27321 http://www-1.ibm.com/support/docview.wss?uid=swg21257030 http://www.securityfocus.com/bid/26146 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt http://www.vupen.com/english/advisories/2007/3598 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2007-0067
https://notcve.org/view.php?id=CVE-2007-0067
Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. Vulnerabilidad no especificada en en el servidor web de Lotus Domino 6.0, 6.5.x anterior a 6.5.6, y 7.0.x anterior a 7.0.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante peticiones de URLs que referencian determinados archivos. • http://osvdb.org/35766 http://secunia.com/advisories/25542 http://www-1.ibm.com/support/docview.wss?uid=swg21257251 http://www.securityfocus.com/bid/24307 http://www.securitytracker.com/id?1018189 http://www.vupen.com/english/advisories/2007/2046 https://exchange.xforce.ibmcloud.com/vulnerabilities/34689 •
CVE-2006-5818
https://notcve.org/view.php?id=CVE-2006-5818
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar código de su elección a través de vectores sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 http://secunia.com/advisories/22724 http://securitytracker.com/id?1017198 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21249173 http://www.securityfocus.com/bid/20967 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30151 •
CVE-2005-2712
https://notcve.org/view.php?id=CVE-2005-2712
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. • http://securitytracker.com/id?1015611 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389 http://www.securityfocus.com/bid/16523 http://www.vupen.com/english/advisories/2006/0526 https://exchange.xforce.ibmcloud.com/vulnerabilities/24634 •