CVSS: 10.0EPSS: 92%CPEs: 13EXPL: 3CVE-2007-1675 – IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-1675
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. Desbordamiento de búfer en el mecanismo de autenticación CRAM-MD5 del servidor IMAP (nimap.exe) de IBM Lotus Domino anterior a 6.5.6 y 7.x anterior a 7.0.2 FP1 permite a atacantes remotos provocar una denegación de servicio mediante un nombre de usuario largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP port 143. No check is done on the length on the supplied username prior to processing it through a custom copy loop. • https://www.exploit-db.com/exploits/3602 https://www.exploit-db.com/exploits/3616 https://www.exploit-db.com/exploits/4207 http://secunia.com/advisories/24633 http://www-1.ibm.com/support/docview.wss?uid=swg21257028 http://www.securityfocus.com/bid/23172 http://www.securityfocus.com/bid/23173 http://www.securitytracker.com/id?1017823 http://www.vupen.com/english/advisories/2007/1133 http://www.zerodayinitiative.com/advisories/ZDI-07-011.html https://exchange.xforce.ibm •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2006-5818
https://notcve.org/view.php?id=CVE-2006-5818
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar código de su elección a través de vectores sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 http://secunia.com/advisories/22724 http://securitytracker.com/id?1017198 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21249173 http://www.securityfocus.com/bid/20967 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30151 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4CVE-2006-0663 – IBM Lotus Domino 6.x/7.0 - iNotes JavaScript: Filter Bypass
https://notcve.org/view.php?id=CVE-2006-0663
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. • https://www.exploit-db.com/exploits/27181 https://www.exploit-db.com/exploits/27182 http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.osvdb.org/23078 http://www.osvdb.org/23079 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0662
https://notcve.org/view.php?id=CVE-2006-0662
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. • http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange.xforce.ibmcloud.com/vulnerabilities/24612 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2006-0121
https://notcve.org/view.php?id=CVE-2006-0121
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. • http://secunia.com/advisories/18328 http://www-1.ibm.com/support/docview.wss?uid=swg27007054 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0%2CMKIN67MQVW http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0%2CMKIN693QUT http://www.securityfocus.com/bid/16158 http://www.vupen.com/english/advisories/2006/0081 https://exchange.xforce.ibmcloud.com/vulnerabilities/24223 •