CVSS: 9.8EPSS: 77%CPEs: 11EXPL: 4CVE-2010-3407 – IBM Lotus Domino iCalendar - Email Address Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-3407
16 Sep 2010 — Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V. Desbordamiento de búfer basado en pila en la función MailCheck821Address en nnotes.dll en el servicio nrouter.exe en el servidor IBM Lotus Domino... • https://www.exploit-db.com/exploits/15005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 2CVE-2010-0927
https://notcve.org/view.php?id=CVE-2010-0927
05 Mar 2010 — Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en help/readme.nsf/Header en the Help component en IBM Lotus Domino v7.x anteriores a v7.0.4 y v8.x anteriores a v8.0.2 permite a atacantes remoto... • http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 21%CPEs: 31EXPL: 0CVE-2010-0919
https://notcve.org/view.php?id=CVE-2010-0919
03 Mar 2010 — Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. Desbordamiento de búfer basado en pila en el control ActiveX Lotus Domino Web Access en IBM Lotus iNotes (alias Domino Web Access o DWA) 6.5, 7.0 en versiones anteriores a la 7.0.4, 8.0, 8.0.2 y ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-7253
https://notcve.org/view.php?id=CVE-2008-7253
25 Jan 2010 — The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. La configuración por defecto del servidor Web en IBM Lotus Domino Server, posiblemente v6.0 hasta v8.0, activa el método HTTP TRACE method, lo que facilita a atacantes remotos a robar las cookies y las... • http://www-01.ibm.com/support/docview.wss?&uid=swg21201202 • CWE-16: Configuration •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0358
https://notcve.org/view.php?id=CVE-2010-0358
20 Jan 2010 — Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087. Desbordamiento de búfer basado en pila en el servidor IBM Lotus Domino v7 y v8.5 FP1 permite a atacantes remotos producir una denegación de servicio (salida del demonio) y posiblemente obtener un impacto desconocido a trav... • http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3087
https://notcve.org/view.php?id=CVE-2009-3087
08 Sep 2009 — Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en nserver.... • http://intevydis.com/vd-list.shtml •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2CVE-2009-1286
https://notcve.org/view.php?id=CVE-2009-1286
13 Apr 2009 — The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. Vulnerabilidad en la tarea de servidor IMAP en IBM Lotus Domino v8.0.2 anterior a FP1 IF1 y v8.5 anterior IF3 permite a usuarios remotos causar una denegación de servicio (caída del servicio) a través de un mensaje de e-mail MIME con adjuntos RFC822 (o blobs... • http://secunia.com/advisories/34657 •
CVSS: 10.0EPSS: 83%CPEs: 5EXPL: 1CVE-2008-2240 – IBM Lotus Domino Web Server - Accept-Language Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2240
22 May 2008 — Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header. Desbordamiento de búfer basado en pila en el Servicio Web Server en IBM Lotus Domino anterior a 7.0.3 FP1 y 8.x anterior a 8.0.1, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) o la posibilidad de ejecutar código de su ... • https://www.exploit-db.com/exploits/16697 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •