CVE-2007-5544
https://notcve.org/view.php?id=CVE-2007-5544
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (Control Total:Todos) para ficheros mapeados en memoria (memoria compartida) en IPC, lo cual permite a usuarios locales obtener información confidencial, o inyectar Lotus Script u otras secuencias de caracteres en una sesión. • http://secunia.com/advisories/27321 http://www-1.ibm.com/support/docview.wss?uid=swg21257030 http://www.securityfocus.com/bid/26146 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt http://www.vupen.com/english/advisories/2007/3598 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2007-4309
https://notcve.org/view.php?id=CVE-2007-4309
IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. IBM Lotus Notes 5.x hasta 7.0.2 permite a administradores autenticados remotamente, con la intervención del usuario, obtener una contraseña en texto claro de notes.id estableciendo las variables de depuración de notes.ini (1) KFM_ShowEntropy y (2) Debug_Outfile, una vulnerabilidad diferente de CVE-2005-2696. • http://securitytracker.com/id?1018433 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21266085 http://www.heise-security.co.uk/news/92958 •
CVE-2006-5835
https://notcve.org/view.php?id=CVE-2006-5835
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. El protocolo de Notes Remote Procedure Call (NRPC) en el IBM Lotus Notes Domino en versiones anteriores a la 6.5.5 FP2 y 7.x antes de la 7.0.2 no requiere autenticación para realizar búsqueda de usuarios, lo que permite a atacantes remotos la obtención de los ficheros de identificación (ID) de los usuarios. • http://secunia.com/advisories/22741 http://securitytracker.com/id?1017203 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026 http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf http://www.securityfocus.com/bid/20960 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30118 •
CVE-2003-0123
https://notcve.org/view.php?id=CVE-2003-0123
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. Desbordamiento de búfer en el cliente Web Retriever de Lotus Notes/Domino R4.5 a R.6 permite a servidores web remotos maliciosos causar una denegación de servicio (caída) mediante una línea de estado HTTP larga. • http://marc.info/?l=bugtraq&m=104757545500368&w=2 http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060 http://www.cert.org/advisories/CA-2003-11.html http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.kb.cert.org/vuls/id/411489 http://www.rapid7.com/advisories/R7-0011.html http://www.securityfocus.com/bid/7038 https://exchange.xforce.ibmcloud.com/vulnerabilities/11525 •
CVE-2002-0370
https://notcve.org/view.php?id=CVE-2002-0370
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediante ficheros ZIP que contienen nombres de ficheros largos, incluyendo Microsoft Windows 98 con el paquete Plus! Windows XP Windows Me Lotus Notes R4 a R6 (pre-gold) Verity KeyView, y Stuffit Expander antes de 7.0. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html http://marc.info/?l=bugtraq&m=103428193409223&w=2 http://securityreason.com/securityalert/587 http://www.info-zip.org/FAQ.html http://www.info.apple.com/usen/security/security_updates.html http://www.iss.net/security_center/static/10251.php http://www.kb.cert.org/vuls/id/383779 http://www.securityfocus.com/bid/5873 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054 •