CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar códigoa través de vectores relacionados con "uso inseguro de uso [de] métodos múltiples en la clase java.lang.class class." • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •
CVE-2012-2174 – IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2174
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. El manejador de URLs en IBM Lotus Notes v8.x antes de v8.5.3 FP2 permite a atacantes remotos ejecutar código de su elección a través de una URL notes:// creada para tal fin. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within notes.exe. When handling URLs, it is possible to inject the -RPARAMS command line argument into the call to notes.exe, which will then launch rcplauncher.exe. • https://www.exploit-db.com/exploits/23650 http://www.ibm.com/support/docview.wss?uid=swg21598348 https://exchange.xforce.ibmcloud.com/vulnerabilities/75320 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-1217
https://notcve.org/view.php?id=CVE-2011-1217
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kpprzrdr.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .prz modificado. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • http://secunia.com/advisories/44624 http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67624 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14822 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1215
https://notcve.org/view.php?id=CVE-2011-1215
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. Desbordamiento de búfer basado en pila en mw8sr.dll en Autonomy KeyView, tal como se utiliza en IBM Lotus Notes antes de v8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un enlace manipulado en un archivo adjunto de documento de Microsoft Office, también conocido como SPR PRAD8823ND. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=906 http://secunia.com/advisories/44624 http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67622 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1214
https://notcve.org/view.php?id=CVE-2011-1214
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ. Desbordamiento de búfer basado en pila en rtfsr.dll en Autonomy KeyView, tal como se utiliza en IBM Lotus Notes antes de v8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un enlace a manipulado en un archivo .rtf adjunto, también conocido como SPR PRAD8823JQ. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=905 http://secunia.com/advisories/44624 http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67621 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14309 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •