
CVE-2012-4846
https://notcve.org/view.php?id=CVE-2012-4846
19 Dec 2012 — IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. IBM Lotus Notes v8.5.x antes de v8.5.3 FP3 no incluye la bandera HttpOnly en la cabecera Set-Cookie para una cookie de aplicación web, lo que hace que sea más fácil para los atacantes remotos obtener información sensible a travé... • http://www.ibm.com/support/docview.wss?uid=swg21619604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2012-5308
https://notcve.org/view.php?id=CVE-2012-5308
08 Oct 2012 — Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en servlet/traveler en IBM Lotus Notes Traveler hasta la v8.5.3.3 Interim Fix 1, permite a atacantes remotos secuestrar la autenticación de los usuarios ... • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2012-5309
https://notcve.org/view.php?id=CVE-2012-5309
08 Oct 2012 — servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. servlet/traveler en IBM Lotus Notes Traveler hasta la v8.5.3.3 Interim Fix 1 no restringe los intentos de validación erróneos, lo que facilita a atacantes remotos obtener acceso a través de ataques por fuerza bruta. • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-287: Improper Authentication •

CVE-2012-5307
https://notcve.org/view.php?id=CVE-2012-5307
08 Oct 2012 — Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Notes Traveler anteriores a v8.5.3.3 Interim Fix 1, cuando se usa Firefox, permite a atacantes remotos inyectar secuencia... • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2012-4825
https://notcve.org/view.php?id=CVE-2012-4825
08 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en servlet/traveler/ILNT.mobileconfig en IBM Lotus Notes Traveler anteriores a v8.5.3.2, permite a atacantes remotos inyectar secuencias de comandos ... • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2012-2174 – IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2174
20 Jun 2012 — The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. El manejador de URLs en IBM Lotus Notes v8.x antes de v8.5.3 FP2 permite a atacantes remotos ejecutar código de su elección a través de una URL notes:// creada para tal fin. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability in that the target must visi... • https://www.exploit-db.com/exploits/23650 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2011-1213 – Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment)
https://notcve.org/view.php?id=CVE-2011-1213
31 May 2011 — Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W. Desbordamiento de enteros en lzhsr.dll en Autonomy KeyView, tal como se utiliza en IBM Lotus Notes antes de v8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección mediante una cabecera manipulada en un archivo adjunto .lzh que provoca un desb... • https://www.exploit-db.com/exploits/17448 • CWE-189: Numeric Errors •

CVE-2011-1216
https://notcve.org/view.php?id=CVE-2011-1216
31 May 2011 — Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7. Desbordamiento de buffer de pila en assr.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de datos de etiqueta en un adjunto de hoja de cálculo Applix. Tambi... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=907 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-1217
https://notcve.org/view.php?id=CVE-2011-1217
31 May 2011 — Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kpprzrdr.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .prz modificado. NOTA: algunos de estos d... • http://secunia.com/advisories/44624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-1512
https://notcve.org/view.php?id=CVE-2011-1512
31 May 2011 — Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. Desbordamiento de buffer de memoria dinámica en xlssr.dll de Autonomy KeyView, como se usa en IBM Lotus Notes en versiones anteriores a 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un registro BIFF mal formado en un adjunto de hoja... • http://secunia.com/advisories/44624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •