CVSS: 8.8EPSS: 12%CPEs: 5EXPL: 1CVE-2007-6593 – Autonomy KeyView Lotus 1-2-3 - File Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6593
28 Dec 2007 — Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. Múltiples desbordamientos de búfer basado en pila en l123sr.dll de Autonomy (anterior... • https://www.exploit-db.com/exploits/30816 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6594
https://notcve.org/view.php?id=CVE-2007-6594
28 Dec 2007 — IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. IBM Lotus Notes 8 para Linux anterior a 9.0.1 usa (1) permisos débiles no especificados para el kit de instalación obtenido a través de la descarga de Notes 8 y (2) permisos 0777 para el archivo installdata que crea setup.sh... • http://osvdb.org/40933 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 20%CPEs: 11EXPL: 0CVE-2007-5910
https://notcve.org/view.php?id=CVE-2007-5910
10 Nov 2007 — Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. Desbordamiento de búfer basado en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF ... • http://secunia.com/advisories/27304 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 53%CPEs: 11EXPL: 0CVE-2007-5909 – Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-5909
31 Oct 2007 — Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (w... • http://secunia.com/advisories/27304 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 75%CPEs: 1EXPL: 0CVE-2007-4222
https://notcve.org/view.php?id=CVE-2007-4222
29 Oct 2007 — Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email. Desbordamiento de búfer en la función TagAttributeListCopy en nnotes.dll de BM Lotus Notes versiones anteriores a 7.0.3 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un correo electrónico HTM... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-5544
https://notcve.org/view.php?id=CVE-2007-5544
29 Oct 2007 — IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (... • http://secunia.com/advisories/27321 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-4309
https://notcve.org/view.php?id=CVE-2007-4309
13 Aug 2007 — IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. IBM Lotus Notes 5.x hasta 7.0.2 permite a administradores autenticados remotamente, con la intervención del usuario, obtener una contraseña en texto claro de notes.id estableciendo las variables de depuración de notes.ini (1) KFM_ShowEntropy y (2) Deb... • http://securitytracker.com/id?1018433 •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2006-5835
https://notcve.org/view.php?id=CVE-2006-5835
10 Nov 2006 — The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. El protocolo de Notes Remote Procedure Call (NRPC) en el IBM Lotus Notes Domino en versiones anteriores a la 6.5.5 FP2 y 7.x antes de la 7.0.2 no requiere autenticación para realizar búsqueda de usuarios, lo que permite a atacantes remotos la obtención de los ficheros de identificació... • http://secunia.com/advisories/22741 •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2003-0123
https://notcve.org/view.php?id=CVE-2003-0123
18 Mar 2003 — Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. Desbordamiento de búfer en el cliente Web Retriever de Lotus Notes/Domino R4.5 a R.6 permite a servidores web remotos maliciosos causar una denegación de servicio (caída) mediante una línea de estado HTTP larga. • http://marc.info/?l=bugtraq&m=104757545500368&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 0CVE-2003-0122
https://notcve.org/view.php?id=CVE-2003-0122
18 Mar 2003 — Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. Desbordamiento de búfer en el servidor de Lotus Notes R4, R5 anteriores a 5.0.11 y betas de R6 permite a atacantes remotos ejecutar código arbitrario mediante un nombre distinguido (DN) largo durante la autenticación NotesRPC y una longitud ext... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html •