CVSS: 9.8EPSS: 13%CPEs: 128EXPL: 0CVE-2012-4823 – JDK: java.lang.ClassLoder defineClass() code execution
https://notcve.org/view.php?id=CVE-2012-4823
11 Jan 2013 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers... • http://rhn.redhat.com/errata/RHSA-2012-1466.html •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2012-4846
https://notcve.org/view.php?id=CVE-2012-4846
19 Dec 2012 — IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. IBM Lotus Notes v8.5.x antes de v8.5.3 FP3 no incluye la bandera HttpOnly en la cabecera Set-Cookie para una cookie de aplicación web, lo que hace que sea más fácil para los atacantes remotos obtener información sensible a travé... • http://www.ibm.com/support/docview.wss?uid=swg21619604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5251
https://notcve.org/view.php?id=CVE-2010-5251
07 Sep 2012 — Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de path de búsqueda no confiable en IBM Lotus Notes v8.5, podría permitir a usuario locales obten... • http://secunia.com/advisories/41223 •
CVSS: 9.3EPSS: 68%CPEs: 27EXPL: 1CVE-2012-2174 – IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2174
20 Jun 2012 — The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. El manejador de URLs en IBM Lotus Notes v8.x antes de v8.5.3 FP2 permite a atacantes remotos ejecutar código de su elección a través de una URL notes:// creada para tal fin. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability in that the target must visi... • https://www.exploit-db.com/exploits/23650 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 81%CPEs: 106EXPL: 1CVE-2011-1213 – Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment)
https://notcve.org/view.php?id=CVE-2011-1213
31 May 2011 — Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W. Desbordamiento de enteros en lzhsr.dll en Autonomy KeyView, tal como se utiliza en IBM Lotus Notes antes de v8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección mediante una cabecera manipulada en un archivo adjunto .lzh que provoca un desb... • https://www.exploit-db.com/exploits/17448 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 19%CPEs: 106EXPL: 0CVE-2011-1214
https://notcve.org/view.php?id=CVE-2011-1214
31 May 2011 — Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ. Desbordamiento de búfer basado en pila en rtfsr.dll en Autonomy KeyView, tal como se utiliza en IBM Lotus Notes antes de v8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un enlace a manipulado en un archivo .rtf adjunto, también conocido como SPR PRAD8823JQ. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=905 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 21%CPEs: 37EXPL: 0CVE-2011-1215
https://notcve.org/view.php?id=CVE-2011-1215
31 May 2011 — Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. Desbordamiento de búfer basado en pila en mw8sr.dll en Autonomy KeyView, tal como se utiliza en IBM Lotus Notes antes de v8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un enlace manipulado en un archivo adjunto de documento de Microsoft ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=906 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 21%CPEs: 106EXPL: 0CVE-2011-1216
https://notcve.org/view.php?id=CVE-2011-1216
31 May 2011 — Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7. Desbordamiento de buffer de pila en assr.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de datos de etiqueta en un adjunto de hoja de cálculo Applix. Tambi... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=907 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 15%CPEs: 106EXPL: 0CVE-2011-1217
https://notcve.org/view.php?id=CVE-2011-1217
31 May 2011 — Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kpprzrdr.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .prz modificado. NOTA: algunos de estos d... • http://secunia.com/advisories/44624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 107EXPL: 0CVE-2011-1218
https://notcve.org/view.php?id=CVE-2011-1218
31 May 2011 — Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kvarcve.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .zip modificado. Tambié... • http://secunia.com/advisories/44624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •