CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4806
https://notcve.org/view.php?id=CVE-2008-4806
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en Lotus Connections 2.x anterior a v2.0.1 de IBM permiten a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro sortField a componentes no especificados. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/32466 http://www-01.ibm.com/support/docview.wss?uid=swg27014008 http://www.securityfocus.com/bid/31989 https://exchange.xforce.ibmcloud.com/vulnerabilities/46212 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4507
https://notcve.org/view.php?id=CVE-2008-4507
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. Vulnerabilidad no especificada en IBM Lotus Quickr 8.1 anterior a Fix pack 1 (8.1.0.1) permite a los editores borrar paginas que fueron creadas por un autor diferente mediante vectores desconocidos. • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45693 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4506
https://notcve.org/view.php?id=CVE-2008-4506
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. Una vulnerabilidad no especificada en Lotus Quickr de IBM versiones 8.1 anteriores al Fixpack 1 (8.1.0.1), permite a un administrador de lugares "demote or delete a place superuser group" por medio de vectores desconocidos. • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45694 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4505
https://notcve.org/view.php?id=CVE-2008-4505
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. Vulnerabilidad inespecifica en IBM Lotus Quickr v8.1 anterior al parche 1 (v8.1.0.1) que permite a atacantes producir una denegación de servicio (caida del sistema) a través de un argumento URL no estandar al comando OpenDocument.NOTA: Debido a la falta de detalles del vendedor, no queda claro que esto sea una vulnerabilidad • http://secunia.com/advisories/32098 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securityfocus.com/bid/31608 http://www.vupen.com/english/advisories/2008/2753 https://exchange.xforce.ibmcloud.com/vulnerabilities/45692 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3860
https://notcve.org/view.php?id=CVE-2008-3860
Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1)editores WYSIWYG (2)durante la creación de un grupo local, (3) durante redireccionamientos HTML, (4) en el HTML-import, (5) en el editor Rich-text, y (6) en la página de enlace del servicio IBM Lotus Quickr 8.1 para Lotus Domino anterior al parche (Hotfix) 15, permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados, incluyendo (7) la Imported-Page. NOTA: La vulnerabilidad en el editor WYSIWYG puede ser debida a una corrección incompleta de para el CVE-2008-2163. • http://osvdb.org/49772 http://osvdb.org/49776 http://secunia.com/advisories/31634 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www.securitytracker.com/id?1020762 http://www.vupen.com/english/advisories/2008/2444 https://exchange.xforce.ibmcloud.com/vulnerabilities/44694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •