CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2280
https://notcve.org/view.php?id=CVE-2010-2280
Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. Una vulnerabilidad de redirección abierta en el componente Mobile de IBM Lotus Connections v2.5.x antes de v2.5.0.2 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados, relacionados con "acciones de edición móvil". Esta vulnerabilidad tiene en IBM, el código interno SPR ASRE83PPVH. • http://secunia.com/advisories/40007 http://www-01.ibm.com/support/docview.wss?uid=swg21431472 http://www.vupen.com/english/advisories/2010/1281 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2277
https://notcve.org/view.php?id=CVE-2010-2277
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Connections v2.5.x anterior a v2.5.0.2 permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de (1) create o (2) edit form -editar formulario- del componente Communities, (3) el campo verbiage del componente Bookmarks o (4) vectores no especificados relacionados con el componente Mobile Blogs. • http://secunia.com/advisories/40007 http://www-01.ibm.com/support/docview.wss?uid=swg21431472 http://www-1.ibm.com/support/docview.wss?uid=swg1LO47214 http://www-1.ibm.com/support/docview.wss?uid=swg1LO47362 http://www-1.ibm.com/support/docview.wss?uid=swg1LO47921 http://www.vupen.com/english/advisories/2010/1281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 15%CPEs: 3EXPL: 0CVE-2010-1608
https://notcve.org/view.php?id=CVE-2010-1608
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en pila en IBM Lotus Notes v8.5 y v8.5fp1, y posiblemente otras versiones, permite a atacantes remotos ejecutar código arbitrario a través de vectores de ataque desconocidos, como lo demuestra el módulo vd_ln en VulnDisco v9.0. NOTA: a 22/02/2010, esta revelación no tiene información de acciones concretas. • http://secunia.com/advisories/38622 http://www.securityfocus.com/bid/38300 https://exchange.xforce.ibmcloud.com/vulnerabilities/58322 https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14489 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1487
https://notcve.org/view.php?id=CVE-2010-1487
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. IBM Lotus Notes v7.0, v8.0, y v8.5 almacena credenciales administrativas en cleartext en SURunAs.exe, lo que permite a usuarios locales obtener información sensible examinando ese archivo, conocido como SPR JSTN837SEG. • http://secunia.com/advisories/39507 http://www-01.ibm.com/support/docview.wss?uid=swg21427073 http://www.securityfocus.com/bid/39525 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 1CVE-2009-3032
https://notcve.org/view.php?id=CVE-2009-3032
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. Desbordamiento de entero en kvolefio.dll v8.5.0.8339 y v10.5.0.0 en Autonomy KeyView Filter SDK, tal y como se utiliza en IBM Lotus Notes v8.5, Symantec Mail Security para Microsoft Exchange desde v5.0.10 hasta v5.0.13, y otros productos, permite a atacantes dependientes del contexto ejecutar codigo arbitrario a traves de documentos OLE que inicianun desbordamiento de memoria dinamica. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858 http://www-01.ibm.com/support/docview.wss?uid=swg21440812 http://www.securityfocus.com/bid/38468 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00 • CWE-189: Numeric Errors •