CVSS: 7.8EPSS: 3%CPEs: 18EXPL: 0CVE-2005-2712
https://notcve.org/view.php?id=CVE-2005-2712
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. • http://securitytracker.com/id?1015611 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389 http://www.securityfocus.com/bid/16523 http://www.vupen.com/english/advisories/2006/0526 https://exchange.xforce.ibmcloud.com/vulnerabilities/24634 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2005-3015
https://notcve.org/view.php?id=CVE-2005-3015
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. • http://secunia.com/advisories/16830 http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850 http://www.securityfocus.com/bid/14845 http://www.securityfocus.com/bid/14846 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 3CVE-2005-2428 – Lotus Domino R6 Webmail - Remote Password Hash Dumper
https://notcve.org/view.php?id=CVE-2005-2428
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. Lotus Domino R5 and R6 WebMail almacena datos en campos ocultos en "names.nsf" (con permisos de lectura universal), lo que permite que atacantes remotos otengan información confidencial mirando el código HTML. • https://www.exploit-db.com/exploits/3302 https://www.exploit-db.com/exploits/39495 https://github.com/schwankner/CVE-2005-2428-IBM-Lotus-Domino-R8-Password-Hash-Extraction-Exploit http://marc.info/?l=bugtraq&m=112240869130356&w=2 http://secunia.com/advisories/16231 http://securitytracker.com/id?1014584 http://www-1.ibm.com/support/docview.wss?uid=swg21212934 http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf http://www.osvdb.org/18462 http:/ •
CVSS: 5.0EPSS: 3%CPEs: 9EXPL: 0CVE-2005-1441
https://notcve.org/view.php?id=CVE-2005-1441
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). • http://secunia.com/advisories/14879 http://securitytracker.com/id?1013842 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525 http://www.osvdb.org/15366 http://www.securityfocus.com/bid/13446 https://exchange.xforce.ibmcloud.com/vulnerabilities/20043 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2004-2369
https://notcve.org/view.php?id=CVE-2004-2369
Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command. • http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt http://secunia.com/advisories/11143 http://www.securityfocus.com/bid/9900 https://exchange.xforce.ibmcloud.com/vulnerabilities/15503 https://exchange.xforce.ibmcloud.com/vulnerabilities/15504 •