CVSS: 9.3EPSS: 31%CPEs: 11EXPL: 0CVE-2007-5909 – Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-5909
31 Oct 2007 — Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (w... • http://secunia.com/advisories/27304 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 1EXPL: 0CVE-2007-4222
https://notcve.org/view.php?id=CVE-2007-4222
29 Oct 2007 — Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email. Desbordamiento de búfer en la función TagAttributeListCopy en nnotes.dll de BM Lotus Notes versiones anteriores a 7.0.3 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un correo electrónico HTM... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-5544
https://notcve.org/view.php?id=CVE-2007-5544
29 Oct 2007 — IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (... • http://secunia.com/advisories/27321 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.4EPSS: 30%CPEs: 20EXPL: 0CVE-2002-0370
https://notcve.org/view.php?id=CVE-2002-0370
05 Oct 2002 — Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecu... • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2000-0891
https://notcve.org/view.php?id=CVE-2000-0891
21 Jul 2001 — A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. • http://www.kb.cert.org/vuls/id/5962 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2000-1138
https://notcve.org/view.php?id=CVE-2000-1138
19 Dec 2000 — Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected. • http://marc.info/?l=bugtraq&m=97370725220953&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0429
https://notcve.org/view.php?id=CVE-1999-0429
01 Mar 1999 — The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. • http://marc.info/?l=bugtraq&m=92221437025743&w=2 •