Page 3 of 22 results (0.008 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. IBM Lotus Notes 8 para Linux anterior a 9.0.1 usa (1) permisos débiles no especificados para el kit de instalación obtenido a través de la descarga de Notes 8 y (2) permisos 0777 para el archivo installdata que crea setup.sh, lo cual permite a usuarios locales obtener privilegios mediante un archivo troyano (Trojan horse file). • http://osvdb.org/40933 http://osvdb.org/40934 http://secunia.com/advisories/27860 http://securitytracker.com/id?1019009 http://www-1.ibm.com/support/docview.wss?uid=swg21289273 http://www.vupen.com/english/advisories/2007/4037 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 11%CPEs: 5EXPL: 1

Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. Múltiples desbordamientos de búfer basado en pila en l123sr.dll de Autonomy (anteriormente Verity) KeyView SDK, usado por IBM Lotus Notes 5.x hasta 8.x, permiten a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de los campos (1) Length y (2) Value para determinados tipos (Types en un archivo Lotus 1-2-3 (.123) en el formato Worksheet File (WKS), como se ha demostrado mediante un archivo con un registro SRANGE manipulado, una vulnerabilidad diferente de CVE-2007-5909. • https://www.exploit-db.com/exploits/30816 http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058680.html http://secunia.com/advisories/27835 http://secunia.com/advisories/27836 http://secunia.com/advisories/27849 http://securityreason.com/securityalert/3499 http://securitytracker.com/id?1019002 http://www.coresecurity.com/index.php5?action=item&id=2008 http://www.ibm.com/support/docview.wss?rs=475&uid=swg21285600 http://www.securityfocus.com/archive/1/484272/100/0&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 4%CPEs: 11EXPL: 0

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. Desbordamiento de búfer basado en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF DocConverter, en el wp6sr.dll del IBM Lotus Notes 8.0 y anteriores al 7.0.3, en el Symantec Mail Security y en otros productos, permite a atacantes remotos ejecutar código de su elección a través de un fichero modificado de WordPerfect (WPD). • http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702wpd-en.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www.securityfocus.com/archive/1/482664 http://www.securityfocus.com/bid/26175 http://www.vupen.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 88%CPEs: 11EXPL: 0

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910. Múltiples desbordamientos de búfer basados en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF DocConverter, en el IBM Lotus Notes anterior al 7.0.3, en el Symantec Mail Security y en otros productos, permiten a atacantes remotos ejecutar código de su elección a través de modificaciones en (1) el fichero AG del kpagrdr.dll, (2) en el fichero AW del awsr.dll, (3) en el fichero DLL o el (4) EXE del exesr.dll, (5) en el fichero DOC del mwsr.dll, (6) en el fichero MIF del mifsr.dll, (7) en el fichero SAM del lasr.dll o (8) en el fichero RTF del rtfsr.dll. NOTA: el vector WPD (wp6sr.dll) se trata en la vulnerabilidad CVE-2007-5910. Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. • http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702doc-en.html http://vuln.sg/lotusnotes702mif-en.html http://vuln.sg/lotusnotes702sam-en.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www-1.ibm.com/suppor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 82%CPEs: 1EXPL: 0

Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email. Desbordamiento de búfer en la función TagAttributeListCopy en nnotes.dll de BM Lotus Notes versiones anteriores a 7.0.3 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un correo electrónico HTML manipulado, relativo a duplicar una conversión RTF cuando el destinatario opera con este correo electrónico. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604 http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21272930 http://www.securityfocus.com/bid/26200 http://www.securitytracker.com/id?1018857 https://exchange.xforce.ibmcloud.com/vulnerabilities/37363 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •