CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2013-0538
https://notcve.org/view.php?id=CVE-2013-0538
Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. Vulnerabilidad XSS en IBM Lotus Notes 8.x anterior a 8.5.3 FP4 Interim Fix 1 y 9.0 anterior a Interim Fix 1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un elementro SCRIPT en un correo electrónico HTML. Aka SPRs JMOY95BLM6 y JMOY95BN49. • http://www-01.ibm.com/support/docview.wss?uid=swg21633819 http://www.kb.cert.org/vuls/id/912420 https://exchange.xforce.ibmcloud.com/vulnerabilities/83270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0127
https://notcve.org/view.php?id=CVE-2013-0127
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. IBM Lotus Notes v8.x anterior a v8.5.3 FP4 Interim Fix v1 y v9.0 anterior a Interim Fix 1 no bloquea elementos APPLET en correos HTML, lo cual permite a atacantes remotos eludir restricciones de ejecución de código Java y funcionalidades X-Confirm-Reading-To a través de un mensaje manipulado, también conocido como SPRs JMOY95BLM6 y JMOY95BN49. • http://seclists.org/fulldisclosure/2013/Apr/262 http://www-01.ibm.com/support/docview.wss?uid=swg21633819 http://www.kb.cert.org/vuls/id/912420 https://exchange.xforce.ibmcloud.com/vulnerabilities/83775 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 20EXPL: 0CVE-2002-0370
https://notcve.org/view.php?id=CVE-2002-0370
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediante ficheros ZIP que contienen nombres de ficheros largos, incluyendo Microsoft Windows 98 con el paquete Plus! Windows XP Windows Me Lotus Notes R4 a R6 (pre-gold) Verity KeyView, y Stuffit Expander antes de 7.0. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html http://marc.info/?l=bugtraq&m=103428193409223&w=2 http://securityreason.com/securityalert/587 http://www.info-zip.org/FAQ.html http://www.info.apple.com/usen/security/security_updates.html http://www.iss.net/security_center/static/10251.php http://www.kb.cert.org/vuls/id/383779 http://www.securityfocus.com/bid/5873 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054 •