CVSS: 9.3EPSS: 33%CPEs: 11EXPL: 0CVE-2007-5406
https://notcve.org/view.php?id=CVE-2007-5406
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file. kpagrdr.dll 2.0.0.2 y 10.3.0.0 en el lector Applix Presents de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, no parsea adecuadamente los token largos, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de un fichero .ag manipulado. • http://secunia.com/advisories/27763 http://secunia.com/advisories/28140 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/advisories/29342 http://secunia.com/secunia_research/2007-95/advisory http://secunia.com/secunia_research/2007-96/advisory http://secunia.com/secunia_research/2007-97/advisory http://secunia.com/secunia_research/2007-98/advisory http://securitytracker.com/id?1019805 http://www.securityfocus.com/archive/1/490825/100/0& •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2008-1718
https://notcve.org/view.php?id=CVE-2008-1718
Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment. Desbordamiento de búfer en mimesr.dll en Autonomy (anteriormente Verity) KeyView, usado en IBM Lotus Notes anterior a 8.0, puede permitir a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un mensaje de correo electrónico con un adjunto (MIME) manipulado. • http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 https://exchange.xforce.ibmcloud.com/vulnerabilities/41856 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 0CVE-2007-6706
https://notcve.org/view.php?id=CVE-2007-6706
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. Vulnerabilidad sin especificar en nlnotes.dll en el cliente de IBM Lotus Notes 6.5, 7.0.x antes de 7.0.2 CCH or 7.0.3, y posiblemente 8.0 permite a atacantes remotos ejecutar código de su elección a través de un texto manipulado en un email enviado por SMTP. • http://osvdb.org/40956 http://secunia.com/advisories/27279 http://securitytracker.com/id?1019464 http://www-1.ibm.com/support/docview.wss?uid=swg21271957 http://www.vupen.com/english/advisories/2007/3597 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2008-1217
https://notcve.org/view.php?id=CVE-2008-1217
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706. Una vulnerabilidad no especificada en la biblioteca nlnotes.dll en el cliente en IBM Lotus Notes versiones 6.5, 7.0.x anterior a 7.0.2 CCH y versión 8.0.x anterior a 8.0.1, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo adjunto creado en un mensaje de correo electrónico enviado por medio de SMTP, esta es una variante del CVE-2007-6706. • http://securitytracker.com/id?1019464 http://www-1.ibm.com/support/docview.wss?uid=swg21271957 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0862
https://notcve.org/view.php?id=CVE-2008-0862
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. IBM Lotus Notes 6.0, 6.5, 7.0, y 8.0 firma un applet sin asignación cuando un usuario reenvía un correo a otro, que permite a atacantes remotos asistidos por el usuario evitar la protección Execution Control List (ECL. • http://secunia.com/advisories/29031 http://www-1.ibm.com/support/docview.wss?uid=swg21257250 http://www.vupen.com/english/advisories/2008/0600/references • CWE-264: Permissions, Privileges, and Access Controls •