Page 4 of 25 results (0.005 seconds)

CVSS: 6.3EPSS: 0%CPEs: 10EXPL: 0

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information. El método Evaluate LotusScript de IBM Lotus Domino versiones anteriores a 7.0.3 utiliza un contexto de seguridad incorrecto para comandos de fórumla @ en algunas circustancias, lo cual podría permitir a usuarios remotos autenticados obtener privilegios y conseguir información confidencial. • http://osvdb.org/40951 http://secunia.com/advisories/27321 http://www-1.ibm.com/support/docview.wss?uid=swg21273266 http://www.securityfocus.com/bid/26176 http://www.vupen.com/english/advisories/2007/3598 https://exchange.xforce.ibmcloud.com/vulnerabilities/37369 •

CVSS: 9.0EPSS: 82%CPEs: 10EXPL: 0

Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name. Desbordamiento de búfer en el servicio IMAP de IBM Lotus Domino versiones anteriores a 6.5.6 FP2, y 7.x versiones anteriores a 7.0.3, permite a usuarios remotos autenticados ejecutar código de su elección mediante un nombre de buzón de correo largo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605 http://secunia.com/advisories/27321 http://www-1.ibm.com/support/docview.wss?uid=swg21270623 http://www.securityfocus.com/bid/26176 http://www.securitytracker.com/id?1018854 http://www.vupen.com/english/advisories/2007/3598 https://exchange.xforce.ibmcloud.com/vulnerabilities/37365 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (Control Total:Todos) para ficheros mapeados en memoria (memoria compartida) en IPC, lo cual permite a usuarios locales obtener información confidencial, o inyectar Lotus Script u otras secuencias de caracteres en una sesión. • http://secunia.com/advisories/27321 http://www-1.ibm.com/support/docview.wss?uid=swg21257030 http://www.securityfocus.com/bid/26146 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt http://www.vupen.com/english/advisories/2007/3598 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. IBM Lotus Domino 7.0.x versiones anteriores a 7.0.3 no revalida la firma en un agente planificado firmado después de que el agente se modifique, lo cual permite a usuarios remotos autenticados obtener privilegios mediante un agente modificado en un servidor de base de datos. • http://osvdb.org/35765 http://secunia.com/advisories/25520 http://www-1.ibm.com/support/docview.wss?uid=swg21258784 http://www.securityfocus.com/bid/24322 http://www.vupen.com/english/advisories/2007/2063 https://exchange.xforce.ibmcloud.com/vulnerabilities/34718 •

CVSS: 7.8EPSS: 1%CPEs: 21EXPL: 0

Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. Vulnerabilidad no especificada en en el servidor web de Lotus Domino 6.0, 6.5.x anterior a 6.5.6, y 7.0.x anterior a 7.0.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante peticiones de URLs que referencian determinados archivos. • http://osvdb.org/35766 http://secunia.com/advisories/25542 http://www-1.ibm.com/support/docview.wss?uid=swg21257251 http://www.securityfocus.com/bid/24307 http://www.securitytracker.com/id?1018189 http://www.vupen.com/english/advisories/2007/2046 https://exchange.xforce.ibmcloud.com/vulnerabilities/34689 •