Page 2 of 8 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/archive/1/265380 http://www.securityfocus.com/bid/4406 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://marc.info/?l=bugtraq&m=101785616526383&w=2 http://www.securityfocus.com/bid/4049 •

CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 0

Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. • http://marc.info/?l=vuln-dev&m=95886062521327&w=2 http://www.securityfocus.com/archive/1/209754 http://www.securityfocus.com/bid/3212 http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1 https://exchange.xforce.ibmcloud.com/vulnerabilities/7012 •