CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0CVE-2015-0134 – IBM Lotus Domino SSL2 Client Master Key Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0134
06 Apr 2015 — Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en la implementación SSLv2 en IBM Domino 8.5.x anterior a 8.5.1 FP5 IF3, 8.5.2 anterior a FP4 IF3, 8.5.3 anterior a FP6 IF6, 9.0 anterior a IF7, y 9.0.1 anterior a FP2 IF3 permite a atacantes remotos ejecutar código arbitrario a través de ve... • http://www-01.ibm.com/support/docview.wss?uid=swg21700029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 4CVE-2002-2191 – Lotus Domino 5.0.8-9 - Non-Existent NSF Database Banner Information Disclosure
https://notcve.org/view.php?id=CVE-2002-2191
31 Dec 2002 — Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner. • https://www.exploit-db.com/exploits/21996 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0407
https://notcve.org/view.php?id=CVE-2002-0407
11 Jun 2002 — htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0408
https://notcve.org/view.php?id=CVE-2002-0408
11 Jun 2002 — htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2002-0245
https://notcve.org/view.php?id=CVE-2002-0245
03 May 2002 — Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. El servidor 5.0.8 de Lotus Domino con NoBanner habilitado permite que atacantes remotos (1) conozcan el path físico del servidor por medio de una petición de ... • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0087
https://notcve.org/view.php?id=CVE-2002-0087
07 Mar 2002 — bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. bindsock en Lotus Domino 5.07 en Solaris permite a usuarios locales crear ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink attack) en ficheros temporales. • http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0954
https://notcve.org/view.php?id=CVE-2001-0954
07 Dec 2001 — Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. • http://marc.info/?l=bugtraq&m=100780146532131&w=2L:1 •
CVSS: 10.0EPSS: 2%CPEs: 14EXPL: 0CVE-2001-0846
https://notcve.org/view.php?id=CVE-2001-0846
06 Dec 2001 — Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). • http://marc.info/?l=bugtraq&m=100448721830960&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2001-0939
https://notcve.org/view.php?id=CVE-2001-0939
30 Nov 2001 — Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. • http://marc.info/?l=bugtraq&m=100715316426817&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1018
https://notcve.org/view.php?id=CVE-2001-1018
20 Sep 2001 — Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. • http://marc.info/?l=bugtraq&m=100094373621813&w=2 •