Page 24 of 158 results (0.009 seconds)

CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0

Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar código de su elección a través de vectores sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 http://secunia.com/advisories/22724 http://securitytracker.com/id?1017198 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21249173 http://www.securityfocus.com/bid/20967 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30151 •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. IBM Lotus Domino Web Access (DWA) 7.0.1 no expira una ficha de autenticación de terceros ligera (LtpaToken) en el logout, lo cual permite a atacantes remotos obtener privilegios de usuario interceptando la cookie LtpaToken. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049408.html http://securityreason.com/securityalert/1571 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589 http://www.fishnetsecurity.com/csirt/disclosure/ibm http://www.securityfocus.com/archive/1/445821/100/0/threaded http://www.securityfocus.com/bid/19966 https://exchange.xforce.ibmcloud.com/vulnerabilities/28881 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. • https://www.exploit-db.com/exploits/27181 https://www.exploit-db.com/exploits/27182 http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.osvdb.org/23078 http://www.osvdb.org/23079 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. • http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange.xforce.ibmcloud.com/vulnerabilities/24612 •

CVSS: 5.0EPSS: 74%CPEs: 1EXPL: 0

IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). IBM Lotus Domino Server 7.0 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) mediante un paquete artesanal al puerto LDAP (389/TCP). • http://lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html http://secunia.com/advisories/18738 http://securitytracker.com/id?1015592 http://www.securityfocus.com/bid/16523 http://www.vupen.com/english/advisories/2006/0458 https://exchange.xforce.ibmcloud.com/vulnerabilities/24518 •