CVE-2007-1675 – IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-1675
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. Desbordamiento de búfer en el mecanismo de autenticación CRAM-MD5 del servidor IMAP (nimap.exe) de IBM Lotus Domino anterior a 6.5.6 y 7.x anterior a 7.0.2 FP1 permite a atacantes remotos provocar una denegación de servicio mediante un nombre de usuario largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP port 143. No check is done on the length on the supplied username prior to processing it through a custom copy loop. • https://www.exploit-db.com/exploits/3602 https://www.exploit-db.com/exploits/3616 https://www.exploit-db.com/exploits/4207 http://secunia.com/advisories/24633 http://www-1.ibm.com/support/docview.wss?uid=swg21257028 http://www.securityfocus.com/bid/23172 http://www.securityfocus.com/bid/23173 http://www.securitytracker.com/id?1017823 http://www.vupen.com/english/advisories/2007/1133 http://www.zerodayinitiative.com/advisories/ZDI-07-011.html https://exchange.xforce.ibm •
CVE-2007-0977 – Lotus Domino R6 Webmail - Remote Password Hash Dumper
https://notcve.org/view.php?id=CVE-2007-0977
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. IBM Lotus Domino R5 y R6 WebMail, con "Generar HTML para todos los campos" habilitado, almacena tablas hash HTTPPassword de names.nsf de una manera accesible a través de peticiones Readviewentries y OpenDocument a la vista defaultview, vector distinto a CVE-2005-2428. • https://www.exploit-db.com/exploits/3302 http://osvdb.org/35764 •
CVE-2006-5835
https://notcve.org/view.php?id=CVE-2006-5835
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. El protocolo de Notes Remote Procedure Call (NRPC) en el IBM Lotus Notes Domino en versiones anteriores a la 6.5.5 FP2 y 7.x antes de la 7.0.2 no requiere autenticación para realizar búsqueda de usuarios, lo que permite a atacantes remotos la obtención de los ficheros de identificación (ID) de los usuarios. • http://secunia.com/advisories/22741 http://securitytracker.com/id?1017203 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026 http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf http://www.securityfocus.com/bid/20960 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30118 •
CVE-2006-5818
https://notcve.org/view.php?id=CVE-2006-5818
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar código de su elección a través de vectores sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 http://secunia.com/advisories/22724 http://securitytracker.com/id?1017198 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21249173 http://www.securityfocus.com/bid/20967 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30151 •
CVE-2006-4763
https://notcve.org/view.php?id=CVE-2006-4763
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. IBM Lotus Domino Web Access (DWA) 7.0.1 no expira una ficha de autenticación de terceros ligera (LtpaToken) en el logout, lo cual permite a atacantes remotos obtener privilegios de usuario interceptando la cookie LtpaToken. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049408.html http://securityreason.com/securityalert/1571 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589 http://www.fishnetsecurity.com/csirt/disclosure/ibm http://www.securityfocus.com/archive/1/445821/100/0/threaded http://www.securityfocus.com/bid/19966 https://exchange.xforce.ibmcloud.com/vulnerabilities/28881 •