CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2005-3015
https://notcve.org/view.php?id=CVE-2005-3015
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. • http://secunia.com/advisories/16830 http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850 http://www.securityfocus.com/bid/14845 http://www.securityfocus.com/bid/14846 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2005-2696
https://notcve.org/view.php?id=CVE-2005-2696
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. • http://marc.info/?l=bugtraq&m=112456040418543&w=2 http://www.venera.com/downloads/Lotus_password_disclosures.pdf •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 3CVE-2005-2428 – Lotus Domino R6 Webmail - Remote Password Hash Dumper
https://notcve.org/view.php?id=CVE-2005-2428
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. Lotus Domino R5 and R6 WebMail almacena datos en campos ocultos en "names.nsf" (con permisos de lectura universal), lo que permite que atacantes remotos otengan información confidencial mirando el código HTML. • https://www.exploit-db.com/exploits/3302 https://www.exploit-db.com/exploits/39495 https://github.com/schwankner/CVE-2005-2428-IBM-Lotus-Domino-R8-Password-Hash-Extraction-Exploit http://marc.info/?l=bugtraq&m=112240869130356&w=2 http://secunia.com/advisories/16231 http://securitytracker.com/id?1014584 http://www-1.ibm.com/support/docview.wss?uid=swg21212934 http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf http://www.osvdb.org/18462 http:/ •
CVSS: 5.0EPSS: 86%CPEs: 1EXPL: 1CVE-2005-2175 – IBM Lotus Domino Notes 6.0/6.5 - Mail Template Automatic Script Execution
https://notcve.org/view.php?id=CVE-2005-2175
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. • https://www.exploit-db.com/exploits/25944 http://archives.neohapsis.com/archives/bugtraq/2005-07/0075.html http://securitytracker.com/id?1014440 •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1442
https://notcve.org/view.php?id=CVE-2005-1442
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. • http://secunia.com/advisories/1013841 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526 http://www.osvdb.org/15367 http://www.securityfocus.com/bid/13447 https://exchange.xforce.ibmcloud.com/vulnerabilities/20044 •