CVSS: 9.3EPSS: 15%CPEs: 106EXPL: 0CVE-2011-1217
https://notcve.org/view.php?id=CVE-2011-1217
31 May 2011 — Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kpprzrdr.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .prz modificado. NOTA: algunos de estos d... • http://secunia.com/advisories/44624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 107EXPL: 0CVE-2011-1218
https://notcve.org/view.php?id=CVE-2011-1218
31 May 2011 — Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kvarcve.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .zip modificado. Tambié... • http://secunia.com/advisories/44624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 107EXPL: 1CVE-2011-1512
https://notcve.org/view.php?id=CVE-2011-1512
31 May 2011 — Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. Desbordamiento de buffer de memoria dinámica en xlssr.dll de Autonomy KeyView, como se usa en IBM Lotus Notes en versiones anteriores a 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un registro BIFF mal formado en un adjunto de hoja... • http://secunia.com/advisories/44624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2011-0912 – IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0912
07 Feb 2011 — Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2. Una vulnerabilidad de inyección de argumentos en Lotus Notes de IBM versiones 8.0.x anteriores a 8.0.2 FP6 y versiones 8.5.x anteriores a 8.5.1 FP5, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL cai... • http://secunia.com/advisories/43222 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2010-4544
https://notcve.org/view.php?id=CVE-2010-4544
16 Dec 2010 — Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Notes Traveler anterior a v8.5.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos. • http://www-1.ibm.com/support/docview.wss?uid=swg1LO52324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2010-4547
https://notcve.org/view.php?id=CVE-2010-4547
16 Dec 2010 — IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. IBM Lotus Notes Traveler anterior a v8.5.1.3, cuando se utiliza un entorno multidominio, no se aplican adecuadamente los documentos de política a los usuarios móviles de un dominio diferente d... • http://www-1.ibm.com/support/docview.wss?uid=swg1LO49967 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4549
https://notcve.org/view.php?id=CVE-2010-4549
16 Dec 2010 — IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. IBM Lotus Notes Traveler anterior a v8.5.1.3 en el dispositivo Nokia S60 realiza exitosamente una operación de sustitución de datos para una aplicación prohibida, lo que permite a usuarios autenticados remotamente eludir las restricciones de acceso previsto a través de es... • http://www-1.ibm.com/support/docview.wss?uid=swg1LO53572 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-4550
https://notcve.org/view.php?id=CVE-2010-4550
16 Dec 2010 — IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. IBM Lotus Notes Traveler anterior a v8.5.1.3 permite a atacantes remotos provocar una denegación de servicio (fallo de sincronización) a través de un documento mal formado. • http://www-1.ibm.com/support/docview.wss?uid=swg1LO51818 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 12%CPEs: 3EXPL: 0CVE-2010-1608
https://notcve.org/view.php?id=CVE-2010-1608
29 Apr 2010 — Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en pila en IBM Lotus Notes v8.5 y v8.5fp1, y posiblement... • http://secunia.com/advisories/38622 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 30%CPEs: 20EXPL: 0CVE-2002-0370
https://notcve.org/view.php?id=CVE-2002-0370
05 Oct 2002 — Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecu... • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html •