Page 2 of 13 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/archive/1/265380 http://www.securityfocus.com/bid/4406 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://marc.info/?l=bugtraq&m=101785616526383&w=2 http://www.securityfocus.com/bid/4049 •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. El servidor 5.0.8 de Lotus Domino con NoBanner habilitado permite que atacantes remotos (1) conozcan el path físico del servidor por medio de una petición de un fichero no existente con una estensión .pl (Perl), lo cual hace que se muestre el path absoluto en el mensaje de error, o (2) hagan cualquier petición que cause el error 500 de HTTP, lo cual lleva a que aparezca el nombre de la versión del servidor en el mensaje de error HTTP. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/bid/4049 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. bindsock en Lotus Domino 5.07 en Solaris permite a usuarios locales crear ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink attack) en ficheros temporales. • http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671 http://www.esecurityonline.com/advisories/eSO4125.asp http://www.securityfocus.com/bid/4318 https://exchange.xforce.ibmcloud.com/vulnerabilities/8586 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. • http://marc.info/?l=bugtraq&m=100780146532131&w=2L:1 http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B http://www.osvdb.org/2000 http://www.securityfocus.com/bid/3656 https://exchange.xforce.ibmcloud.com/vulnerabilities/7684 •