Page 4 of 34 results (0.006 seconds)

CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 0

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. Vulnerabilidad sin especificar en nlnotes.dll en el cliente de IBM Lotus Notes 6.5, 7.0.x antes de 7.0.2 CCH or 7.0.3, y posiblemente 8.0 permite a atacantes remotos ejecutar código de su elección a través de un texto manipulado en un email enviado por SMTP. • http://osvdb.org/40956 http://secunia.com/advisories/27279 http://securitytracker.com/id?1019464 http://www-1.ibm.com/support/docview.wss?uid=swg21271957 http://www.vupen.com/english/advisories/2007/3597 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. IBM Lotus Notes 6.0, 6.5, 7.0, y 8.0 firma un applet sin asignación cuando un usuario reenvía un correo a otro, que permite a atacantes remotos asistidos por el usuario evitar la protección Execution Control List (ECL. • http://secunia.com/advisories/29031 http://www-1.ibm.com/support/docview.wss?uid=swg21257250 http://www.vupen.com/english/advisories/2008/0600/references • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 7%CPEs: 5EXPL: 1

Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. Múltiples desbordamientos de búfer basado en pila en l123sr.dll de Autonomy (anteriormente Verity) KeyView SDK, usado por IBM Lotus Notes 5.x hasta 8.x, permiten a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de los campos (1) Length y (2) Value para determinados tipos (Types en un archivo Lotus 1-2-3 (.123) en el formato Worksheet File (WKS), como se ha demostrado mediante un archivo con un registro SRANGE manipulado, una vulnerabilidad diferente de CVE-2007-5909. • https://www.exploit-db.com/exploits/30816 http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058680.html http://secunia.com/advisories/27835 http://secunia.com/advisories/27836 http://secunia.com/advisories/27849 http://securityreason.com/securityalert/3499 http://securitytracker.com/id?1019002 http://www.coresecurity.com/index.php5?action=item&id=2008 http://www.ibm.com/support/docview.wss?rs=475&uid=swg21285600 http://www.securityfocus.com/archive/1/484272/100/0&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. IBM Lotus Notes 8 para Linux anterior a 9.0.1 usa (1) permisos débiles no especificados para el kit de instalación obtenido a través de la descarga de Notes 8 y (2) permisos 0777 para el archivo installdata que crea setup.sh, lo cual permite a usuarios locales obtener privilegios mediante un archivo troyano (Trojan horse file). • http://osvdb.org/40933 http://osvdb.org/40934 http://secunia.com/advisories/27860 http://securitytracker.com/id?1019009 http://www-1.ibm.com/support/docview.wss?uid=swg21289273 http://www.vupen.com/english/advisories/2007/4037 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 4%CPEs: 11EXPL: 0

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. Desbordamiento de búfer basado en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF DocConverter, en el wp6sr.dll del IBM Lotus Notes 8.0 y anteriores al 7.0.3, en el Symantec Mail Security y en otros productos, permite a atacantes remotos ejecutar código de su elección a través de un fichero modificado de WordPerfect (WPD). • http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702wpd-en.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www.securityfocus.com/archive/1/482664 http://www.securityfocus.com/bid/26175 http://www.vupen.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •