Page 50 of 290 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. • http://secunia.com/advisories/16830 http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850 http://www.securityfocus.com/bid/14845 http://www.securityfocus.com/bid/14846 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. • http://marc.info/?l=bugtraq&m=112456040418543&w=2 http://www.venera.com/downloads/Lotus_password_disclosures.pdf •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 3

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. Lotus Domino R5 and R6 WebMail almacena datos en campos ocultos en "names.nsf" (con permisos de lectura universal), lo que permite que atacantes remotos otengan información confidencial mirando el código HTML. • https://www.exploit-db.com/exploits/3302 https://www.exploit-db.com/exploits/39495 https://github.com/schwankner/CVE-2005-2428-IBM-Lotus-Domino-R8-Password-Hash-Extraction-Exploit http://marc.info/?l=bugtraq&m=112240869130356&w=2 http://secunia.com/advisories/16231 http://securitytracker.com/id?1014584 http://www-1.ibm.com/support/docview.wss?uid=swg21212934 http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf http://www.osvdb.org/18462 http:/ •

CVSS: 5.0EPSS: 86%CPEs: 1EXPL: 1

The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. • https://www.exploit-db.com/exploits/25944 http://archives.neohapsis.com/archives/bugtraq/2005-07/0075.html http://securitytracker.com/id?1014440 •

CVSS: 5.0EPSS: 3%CPEs: 9EXPL: 0

Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). • http://secunia.com/advisories/14879 http://securitytracker.com/id?1013842 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525 http://www.osvdb.org/15366 http://www.securityfocus.com/bid/13446 https://exchange.xforce.ibmcloud.com/vulnerabilities/20043 •