CVSS: 9.8EPSS: 87%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
11 Jan 2013 — Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote... • http://rhn.redhat.com/errata/RHSA-2012-1465.html •
CVSS: 9.8EPSS: 86%CPEs: 128EXPL: 0CVE-2012-4823 – JDK: java.lang.ClassLoder defineClass() code execution
https://notcve.org/view.php?id=CVE-2012-4823
11 Jan 2013 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers... • http://rhn.redhat.com/errata/RHSA-2012-1466.html •
CVSS: 4.7EPSS: 0%CPEs: 15EXPL: 0CVE-2012-3301
https://notcve.org/view.php?id=CVE-2012-3301
21 Aug 2012 — Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers. Múltiples vulnerabilidades de inyección CRLF en el servidor HTTP en IBM Lotus Domino v8.5.x anterior a v8.5.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respue... • http://websecurity.com.ua/5839 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2012-3302
https://notcve.org/view.php?id=CVE-2012-3302
21 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en IBM Lotus Domino v7.x y v8.x anterior a v8.5.4 permite a atacantes remotos inyectar código arbitrario web o HTML a travé... • http://websecurity.com.ua/5839 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2011-1393
https://notcve.org/view.php?id=CVE-2011-1393
27 Dec 2011 — Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet. Vulnerabilidad sin especificar en la funcionalidad de autenticación en el servidor de IBM Lotus Domino 8.x anteriores a 8.5.2 FP4 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete RPC Notes modificado. • http://secunia.com/advisories/47331 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3576
https://notcve.org/view.php?id=CVE-2011-3576
17 Sep 2011 — Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. Vulnerabilidad cross-site scripting (XSS) en IBM Lotus Domino v8.5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro PanelIcon en una acción fmpgPanelHeader ReadForm a WebAdmin.nsf. • http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 93%CPEs: 1EXPL: 3CVE-2011-3575 – IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3575
17 Sep 2011 — Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. Desbordamiento de búfer basado en pila en la función NSFComputeEvaluateExt en Nnotes.dll en IBM Lotus Domino v8.5.2 permite a usuarios autenticados remotamente ejecutar código de su elección a través de un parámetro largo tHPRAgentName en acción OpenForm... • https://www.exploit-db.com/exploits/36145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-1424
https://notcve.org/view.php?id=CVE-2011-1424
24 May 2011 — The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. La configuración por defecto de ExShortcut\Web.config en EMC SourceOne Email Management anteriores a v6.6 Service Pack 1, cuando se utiliza el componente Mobile Services, no fija de forma adecua... • http://securityreason.com/securityalert/8258 • CWE-16: Configuration •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1520
https://notcve.org/view.php?id=CVE-2011-1520
25 Mar 2011 — The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. La configuración por defecto de la consola del servidor de IBM Lotus Domino no requiere una contraseña (Server_Console_Password), lo que permite realizar cambios administrativos u obtener información sensible a atac... • http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 8%CPEs: 33EXPL: 1CVE-2011-1519 – IBM Lotus Domino Server Controller - Authentication Bypass
https://notcve.org/view.php?id=CVE-2011-1519
25 Mar 2011 — The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920. La consola remota en el controlador del servidor de IBM Lotus Domino v7.x y v8.x comprueba las credenciales contra un archivo ubicado en una ruta de acceso ... • https://www.exploit-db.com/exploits/18179 • CWE-287: Improper Authentication •