CVE-2006-3778
https://notcve.org/view.php?id=CVE-2006-3778
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients. IBM Lotus Notes 6.0, 6.5, y 7.0 no maneja adecuadamente las respuestas a mensajes de correo con nombres de usuario alternativo cuando la opción(1) "Guardar como borrador" es utilizada o (2) una "," (coma) está dentro de la porción de una dirección, la cual podría hacer que el email sea envíado a usuarios que fueron borrados desde los campos To, CC y BBC, lo cual permite a un atacante remotos obtener una lista de receptores originales. • http://secunia.com/advisories/21096 http://securitytracker.com/id?1016516 http://securitytracker.com/id?1016819 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602 http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386 •
CVE-2006-1948
https://notcve.org/view.php?id=CVE-2006-1948
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. • http://securitytracker.com/id?1015914 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21232945 •
CVE-2005-1442
https://notcve.org/view.php?id=CVE-2005-1442
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. • http://secunia.com/advisories/1013841 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526 http://www.osvdb.org/15367 http://www.securityfocus.com/bid/13447 https://exchange.xforce.ibmcloud.com/vulnerabilities/20044 •
CVE-2005-1405
https://notcve.org/view.php?id=CVE-2005-1405
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. • http://secunia.com/advisories/14879 http://securitytracker.com/id?1013839 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437 http://www.kb.cert.org/vuls/id/699798 http://www.osvdb.org/15365 https://exchange.xforce.ibmcloud.com/vulnerabilities/20045 •
CVE-2004-2280 – IBM Lotus Notes 6.0/6.5 - Multiple Java Applet Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2280
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. • https://www.exploit-db.com/exploits/24275 http://secunia.com/advisories/12046 http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en http://www.osvdb.org/8418 http://www.securityfocus.com/bid/10704 •