CVE-2004-2667
https://notcve.org/view.php?id=CVE-2004-2667
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/11925 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21171253 http://www.osvdb.org/displayvuln.php?osvdb_id=7268 •
CVE-2004-1621 – IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injection
https://notcve.org/view.php?id=CVE-2004-1621
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature • https://www.exploit-db.com/exploits/24690 http://marc.info/?l=bugtraq&m=109812960023736&w=2 http://marc.info/?l=bugtraq&m=109841682529328&w=2 http://secunia.com/advisories/12891 http://securitytracker.com/id?1011779 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833 http://www.kb.cert.org/vuls/id/404382 http://www.securityfocus.com/bid/11458 https://exchange.xforce.ibmcloud.com/vulnerabilities/17758 •
CVE-2003-0180
https://notcve.org/view.php?id=CVE-2003-0180
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. Lotus Domino Web Server (nhttp.exe) anteriores a la 6.0.1 permite a atacantes remotos causar la Denegación de Servicios mediante una petición POST incompleta, como se demuestra utilizando el formulario h_PageUI. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html http://www-1.ibm.com/support/docview.wss?uid=swg21104528 http://www.cert.org/advisories/CA-2003-11.html http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.kb.cert.org/vuls/id/355169 http://www.nextgenss.com/advisories/lotus-60dos.txt http://www.securityfocus.com/bid/6951 https://exchange.xforce.ibmcloud.com/vulnerabilities/11360 •
CVE-2003-0181
https://notcve.org/view.php?id=CVE-2003-0181
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html http://www-1.ibm.com/support/docview.wss?uid=swg21104528 http://www.cert.org/advisories/CA-2003-11.html http://www.nextgenss.com/advisories/lotus-60dos.txt http://www.securityfocus.com/bid/6951 https://exchange.xforce.ibmcloud.com/vulnerabilities/11361 •
CVE-2003-0179
https://notcve.org/view.php?id=CVE-2003-0179
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. Desbordamiento de búfer en el manejador de control de objetos COM para Lotus Domino 6.0.1 y versiones anteriores, permite a atacantes remotos la ejecución de código arbitrario mediante vectores de ataque múltiple, como se demuestra utilizando el método InitializeUsingNotesUserName en el control ActiveX de iNotes. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html http://marc.info/?l=bugtraq&m=104550124032513&w=2 http://marc.info/?l=bugtraq&m=104550335103136&w=2 http://marc.info/?l=ntbugtraq&m=104558778131373&w=2 http://marc.info/?l=ntbugtraq&m=104558778331387&w=2 http://www-1.ibm.com/support/docview.wss? •