CVSS: 10.0EPSS: 26%CPEs: 5EXPL: 0CVE-2015-0134 – IBM Lotus Domino SSL2 Client Master Key Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0134
Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en la implementación SSLv2 en IBM Domino 8.5.x anterior a 8.5.1 FP5 IF3, 8.5.2 anterior a FP4 IF3, 8.5.3 anterior a FP6 IF6, 9.0 anterior a IF7, y 9.0.1 anterior a FP2 IF3 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nldap.exe component which listens by default on TCP port 636. When handling Client Master Key Message packets, the process blindly copies attacker supplied data into an undersized buffer. • http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 91%CPEs: 5EXPL: 0CVE-2015-0117 – IBM Lotus Domino LDAP ModifyRequest add Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0117
The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM. El servidor LDAP en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, también conocido como SPR KLYH9SLRGM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within LDAP handling functionality which listens by default on TCP port 389. The vulnerable code blindly copies attacker supplied data from a specially formatted LDAP ModifyRequest packet to a fixed length stack buffer. • http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2015-0179 – Lotus Notes Diagnostic Tool 8.5/9.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-0179
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. Notes System Diagnostic (NSD) en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a usuarios locales obtener el privilegio System a través de vectores no especificados, también conocido como SPR TCHL9SST8V. • https://www.exploit-db.com/exploits/42605 http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 94%CPEs: 1EXPL: 3CVE-2011-3575 – IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3575
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. Desbordamiento de búfer basado en pila en la función NSFComputeEvaluateExt en Nnotes.dll en IBM Lotus Domino v8.5.2 permite a usuarios autenticados remotamente ejecutar código de su elección a través de un parámetro largo tHPRAgentName en acción OpenForm fmHttpPostRequest a WebAdmin.nsf. • https://www.exploit-db.com/exploits/36145 http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211 http://www.securityfocus.com/bid/49705 https://exchange.xforce.ibmcloud.com/vulnerabilities/69802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3576
https://notcve.org/view.php?id=CVE-2011-3576
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. Vulnerabilidad cross-site scripting (XSS) en IBM Lotus Domino v8.5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro PanelIcon en una acción fmpgPanelHeader ReadForm a WebAdmin.nsf. • http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211 http://www.securityfocus.com/bid/49701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •