Page 6 of 30 results (0.008 seconds)

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2007-4309

https://notcve.org/view.php?id=CVE-2007-4309

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. IBM Lotus Notes 5.x hasta 7.0.2 permite a administradores autenticados remotamente, con la intervención del usuario, obtener una contraseña en texto claro de notes.id estableciendo las variables de depuración de notes.ini (1) KFM_ShowEntropy y (2) Debug_Outfile, una vulnerabilidad diferente de CVE-2005-2696. • http://securitytracker.com/id?1018433 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21266085 http://www.heise-security.co.uk/news/92958 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2007-1941

https://notcve.org/view.php?id=CVE-2007-1941

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la característica Active Content Filter de Domino Web Access (DWA) en IBM Lotus Notes anterior a 6.5.6 y 7.x anterior a 7.0.2 FP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un mensaje de correo electrónico del tipo multipart/related, un asunto diferente que CVE-2006-4843. • http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21247201 http://www.intrinsec.com/Advisory_DWA_XSS_200704.txt http://www.securityfocus.com/bid/23421 http://www.securitytracker.com/id?1017870 •

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1

CVE-2006-5835

https://notcve.org/view.php?id=CVE-2006-5835

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. El protocolo de Notes Remote Procedure Call (NRPC) en el IBM Lotus Notes Domino en versiones anteriores a la 6.5.5 FP2 y 7.x antes de la 7.0.2 no requiere autenticación para realizar búsqueda de usuarios, lo que permite a atacantes remotos la obtención de los ficheros de identificación (ID) de los usuarios. • http://secunia.com/advisories/22741 http://securitytracker.com/id?1017203 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026 http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf http://www.securityfocus.com/bid/20960 http://www.vupen.com/english/advisories/2006/4411 https://exchange.xforce.ibmcloud.com/vulnerabilities/30118 •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2005-2454

https://notcve.org/view.php?id=CVE-2005-2454

IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. • http://secunia.com/advisories/19537 http://secunia.com/advisories/27342 http://secunia.com/secunia_research/2005-29/advisory http://securitytracker.com/id?1017086 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773 http://www.kb.cert.org/vuls/id/383092 http://www.osvdb.org/29761 http://www.securityfocus.com/archive/1/449126/100/0/threaded http://www.securityfocus.com/bid/20612 http://www.vupen.com/english/advisories/2006/4093 https://exchange.xforce • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 4%CPEs: 20EXPL: 0

CVE-2002-0370

https://notcve.org/view.php?id=CVE-2002-0370

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediante ficheros ZIP que contienen nombres de ficheros largos, incluyendo Microsoft Windows 98 con el paquete Plus! Windows XP Windows Me Lotus Notes R4 a R6 (pre-gold) Verity KeyView, y Stuffit Expander antes de 7.0. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html http://marc.info/?l=bugtraq&m=103428193409223&w=2 http://securityreason.com/securityalert/587 http://www.info-zip.org/FAQ.html http://www.info.apple.com/usen/security/security_updates.html http://www.iss.net/security_center/static/10251.php http://www.kb.cert.org/vuls/id/383779 http://www.securityfocus.com/bid/5873 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054 •