Page 40 of 290 results (0.006 seconds)

CVSS: 9.3EPSS: 35%CPEs: 3EXPL: 0

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. Múltiples desbordamientos de búfer en htmsr.dll en el lector rápido HTML de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 and 7.0.3, permiten a atacantes remotos ejecutar código de su elección a través un documento HTML con (1)"large chunks of data," (grandes cadenas/trozos de datos) o una URL larga en (2) el atributo BACKGROUND del elemento BODY (3) o a través del atributo SRC de una etiqueta IMG. • http://secunia.com/advisories/28140 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/secunia_research/2008-3/advisory http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 http://www.securityfocus.com/archive/1/490828/100/0/threaded http://www.securityfocus.com/bid/28454 http://www.securitytracker.com/id?1019843 http://www.vupen.com/english/advisories/2008/1153 http://www.vupen.com/english/advisories/2008/1156 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 53%CPEs: 7EXPL: 0

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document. Desbordamiento de búfer en el motor del visor de documentos KeyView de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 y 7.0.3, permite a atacantes remotos ejecutar código de su elección a través de un nombre de ruta largo, como se ha demostrado usando un atributo SRC largo en una etiqueta IMG de un documento HTML. • http://secunia.com/advisories/28140 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/secunia_research/2008-12/advisory http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 http://www.securityfocus.com/archive/1/490826/100/0/threaded http://www.securityfocus.com/bid/28454 http://www.vupen.com/english/advisories/2008/1153 http://www.vupen.com/english/advisories/2008/1156 https://exchange.xforce.ibmcloud.com/vulnerabilities/4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 9%CPEs: 3EXPL: 0

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. Vulnerabilidad sin especificar en nlnotes.dll en el cliente de IBM Lotus Notes 6.5, 7.0.x antes de 7.0.2 CCH or 7.0.3, y posiblemente 8.0 permite a atacantes remotos ejecutar código de su elección a través de un texto manipulado en un email enviado por SMTP. • http://osvdb.org/40956 http://secunia.com/advisories/27279 http://securitytracker.com/id?1019464 http://www-1.ibm.com/support/docview.wss?uid=swg21271957 http://www.vupen.com/english/advisories/2007/3597 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element. El servidor IBM Lotus Quickr 8.0 y posiblemnte QuickPlace 7.x, no identifica correctamente URIs que contienen cadenas de ataque de secuencias de comandos en sitios cruzados (XSS), lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de una acción Calendar OpenDocument a main.nsf con un parámetro Count que contiene un evento JavaScript en un elemento mal formado, como se demostró por un un evento onload en un elemento IFRAME. • http://secunia.com/advisories/29072 http://securityreason.com/securityalert/3721 http://www.securityfocus.com/archive/1/488620/100/100/threaded http://www.securityfocus.com/bid/27925 http://www.vupen.com/english/advisories/2008/0667 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706. Una vulnerabilidad no especificada en la biblioteca nlnotes.dll en el cliente en IBM Lotus Notes versiones 6.5, 7.0.x anterior a 7.0.2 CCH y versión 8.0.x anterior a 8.0.1, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo adjunto creado en un mensaje de correo electrónico enviado por medio de SMTP, esta es una variante del CVE-2007-6706. • http://securitytracker.com/id?1019464 http://www-1.ibm.com/support/docview.wss?uid=swg21271957 • CWE-94: Improper Control of Generation of Code ('Code Injection') •