Page 4 of 19 results (0.011 seconds)

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. IBM Lotus Domino 7.0.x versiones anteriores a 7.0.3 no revalida la firma en un agente planificado firmado después de que el agente se modifique, lo cual permite a usuarios remotos autenticados obtener privilegios mediante un agente modificado en un servidor de base de datos. • http://osvdb.org/35765 http://secunia.com/advisories/25520 http://www-1.ibm.com/support/docview.wss?uid=swg21258784 http://www.securityfocus.com/bid/24322 http://www.vupen.com/english/advisories/2007/2063 https://exchange.xforce.ibmcloud.com/vulnerabilities/34718 •

CVSS: 4.3EPSS: 8%CPEs: 13EXPL: 1

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Active Content Filter de IBM Lotus Domino anterior a 6.5.6 y 7.x anterior a 7.0.2 FP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante "secuencias de código" no especificadas que evitan el esquema de protección. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493 http://secunia.com/advisories/24633 http://www-1.ibm.com/support/docview.wss?uid=swg21257026 http://www.securityfocus.com/bid/23173 http://www.securitytracker.com/id?1017824 http://www.vupen.com/english/advisories/2007/1133 https://exchange.xforce.ibmcloud.com/vulnerabilities/33280 •

CVSS: 7.8EPSS: 27%CPEs: 3EXPL: 1

Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation. Desbordamiento de búfer basado en pila en el servidor LDAP en IBM Lotus Domino versiones anteriores a 6.5.6 y 7.x versiones anteriores a 7.0.2 FP1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición DN larga y malformada, que provoca que solamente los 16bits menos significativos de la longitud de la cadena se usen para alojamiento de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494 http://secunia.com/advisories/24633 http://www-1.ibm.com/support/docview.wss?uid=swg21257248 http://www.kb.cert.org/vuls/id/927988 http://www.securityfocus.com/bid/23173 http://www.securityfocus.com/bid/23174 http://www.securitytracker.com/id?1017825 http://www.vupen.com/english/advisories/2007/1133 https://exchange.xforce.ibmcloud.com/vulnerabilities/33278 •

CVSS: 10.0EPSS: 92%CPEs: 13EXPL: 3

Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. Desbordamiento de búfer en el mecanismo de autenticación CRAM-MD5 del servidor IMAP (nimap.exe) de IBM Lotus Domino anterior a 6.5.6 y 7.x anterior a 7.0.2 FP1 permite a atacantes remotos provocar una denegación de servicio mediante un nombre de usuario largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP port 143. No check is done on the length on the supplied username prior to processing it through a custom copy loop. • https://www.exploit-db.com/exploits/3602 https://www.exploit-db.com/exploits/3616 https://www.exploit-db.com/exploits/4207 http://secunia.com/advisories/24633 http://www-1.ibm.com/support/docview.wss?uid=swg21257028 http://www.securityfocus.com/bid/23172 http://www.securityfocus.com/bid/23173 http://www.securitytracker.com/id?1017823 http://www.vupen.com/english/advisories/2007/1133 http://www.zerodayinitiative.com/advisories/ZDI-07-011.html https://exchange.xforce.ibm •