CVE-2006-3778
https://notcve.org/view.php?id=CVE-2006-3778
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients. IBM Lotus Notes 6.0, 6.5, y 7.0 no maneja adecuadamente las respuestas a mensajes de correo con nombres de usuario alternativo cuando la opción(1) "Guardar como borrador" es utilizada o (2) una "," (coma) está dentro de la porción de una dirección, la cual podría hacer que el email sea envíado a usuarios que fueron borrados desde los campos To, CC y BBC, lo cual permite a un atacante remotos obtener una lista de receptores originales. • http://secunia.com/advisories/21096 http://securitytracker.com/id?1016516 http://securitytracker.com/id?1016819 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602 http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386 •
CVE-2006-1948
https://notcve.org/view.php?id=CVE-2006-1948
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. • http://securitytracker.com/id?1015914 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21232945 •
CVE-2006-0663 – IBM Lotus Domino 6.x/7.0 - iNotes JavaScript: Filter Bypass
https://notcve.org/view.php?id=CVE-2006-0663
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. • https://www.exploit-db.com/exploits/27181 https://www.exploit-db.com/exploits/27182 http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.osvdb.org/23078 http://www.osvdb.org/23079 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-0662
https://notcve.org/view.php?id=CVE-2006-0662
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. • http://secunia.com/advisories/16340 http://secunia.com/secunia_research/2005-38/advisory http://securitytracker.com/id?1015610 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229919 http://www.osvdb.org/23077 http://www.securityfocus.com/bid/16577 http://www.vupen.com/english/advisories/2006/0499 https://exchange.xforce.ibmcloud.com/vulnerabilities/24612 •
CVE-2006-0580
https://notcve.org/view.php?id=CVE-2006-0580
IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). IBM Lotus Domino Server 7.0 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) mediante un paquete artesanal al puerto LDAP (389/TCP). • http://lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html http://secunia.com/advisories/18738 http://securitytracker.com/id?1015592 http://www.securityfocus.com/bid/16523 http://www.vupen.com/english/advisories/2006/0458 https://exchange.xforce.ibmcloud.com/vulnerabilities/24518 •