CVSS: 10.0EPSS: 3%CPEs: 14EXPL: 0CVE-2006-0119
https://notcve.org/view.php?id=CVE-2006-0119
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP). • http://secunia.com/advisories/18328 http://secunia.com/advisories/20855 http://securitytracker.com/id?1016390 http://www-1.ibm.com/support/docview.wss?uid=swg27007054 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument&Highlight=0%2CJGAN6B6TZ3 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument&Highlight=0%2CHSAO6BNL6Y http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001 •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2005-4819
https://notcve.org/view.php?id=CVE-2005-4819
Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21201845 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21217285 http://www.osvdb.org/displayvuln.php?osvdb_id=19614 http://www.securityfocus.com/bid/14901 http://www.securitytracker.com/alerts/2005/Sep/1014946.html https://exchange.xforce.ibmcloud.com/vulnerabilities/22358 •
CVSS: 7.8EPSS: 3%CPEs: 18EXPL: 0CVE-2005-2712
https://notcve.org/view.php?id=CVE-2005-2712
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. • http://securitytracker.com/id?1015611 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389 http://www.securityfocus.com/bid/16523 http://www.vupen.com/english/advisories/2006/0526 https://exchange.xforce.ibmcloud.com/vulnerabilities/24634 •
CVSS: 5.0EPSS: 3%CPEs: 9EXPL: 0CVE-2005-1441
https://notcve.org/view.php?id=CVE-2005-1441
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). • http://secunia.com/advisories/14879 http://securitytracker.com/id?1013842 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525 http://www.osvdb.org/15366 http://www.securityfocus.com/bid/13446 https://exchange.xforce.ibmcloud.com/vulnerabilities/20043 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 5CVE-2004-1621 – IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injection
https://notcve.org/view.php?id=CVE-2004-1621
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature • https://www.exploit-db.com/exploits/24690 http://marc.info/?l=bugtraq&m=109812960023736&w=2 http://marc.info/?l=bugtraq&m=109841682529328&w=2 http://secunia.com/advisories/12891 http://securitytracker.com/id?1011779 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833 http://www.kb.cert.org/vuls/id/404382 http://www.securityfocus.com/bid/11458 https://exchange.xforce.ibmcloud.com/vulnerabilities/17758 •