Page 36 of 290 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-5011

https://notcve.org/view.php?id=CVE-2008-5011

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections v2.x anterior a v2.0.1 de IBM Lotus Quickr v8.1 anteriores a v8.1.0.2, servicios para Lotus Domino, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados, posiblemente relativo a qpconfig_sample.xml, (también conocido como) SPR CWIR7KMPVP y THES7F9NVR, es una vulnerabilidad diferente a CVE-2008-2163 y CVE-2008-3860. • http://osvdb.org/49777 http://osvdb.org/49778 http://secunia.com/advisories/32574 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/32212 http://www.vupen.com/english/advisories/2008/3081 https://exchange.xforce.ibmcloud.com/vulnerabilities/46463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-4808

https://notcve.org/view.php?id=CVE-2008-4808

IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Lotus Connections 2.x anterior a v2.0.1 de IBM permite a atacantes descubrir contraseñas mediante vectores no especificados. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46216 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-4807

https://notcve.org/view.php?id=CVE-2008-4807

IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Lotus Connections 2.x anterior a v2.0.1 de IBM almacena la contraseña para el usuario administrador en el archivo trace.log, lo que permite a usuarios locales obtner información sensible leyendo este archivo. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46213 • CWE-255: Credentials Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-4805

https://notcve.org/view.php?id=CVE-2008-4805

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections 2.x anterior a v2.0.1 de IBM permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante 1) the community title, (2) API input, y vectores relacionados con (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities y (8) Global Search components. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46210 https://exchange.xforce.ibmcloud.com/vulnerabilities/46211 https://exchange.xforce.ibmcloud.com/vulnerabilities/46215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-4809

https://notcve.org/view.php?id=CVE-2008-4809

Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades sin especificar en las páginas de búsqueda Profiles en IBM Lotus Connections 2.x antes de v2.0.1 tienen impacto desconocido y vectores relacionados con contenido "Activo". NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46217 •