Page 7 of 33 results (0.005 seconds)

CVSS: 9.3EPSS: 2%CPEs: 14EXPL: 0

CVE-2005-2619

https://notcve.org/view.php?id=CVE-2005-2619

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview. • http://secunia.com/advisories/16100 http://secunia.com/advisories/16280 http://secunia.com/secunia_research/2005-30/advisory http://secunia.com/secunia_research/2005-66/advisory http://securitytracker.com/id?1015657 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 http://www.osvdb.org/23066 http://www.securityfocus.com/archive/1/424717/100/0/threaded http://www.securityfocus.com/bid/16576 http://www.vupen.com/english/advisories/2006/0500 https://exchang • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2005-2454

https://notcve.org/view.php?id=CVE-2005-2454

IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. • http://secunia.com/advisories/19537 http://secunia.com/advisories/27342 http://secunia.com/secunia_research/2005-29/advisory http://securitytracker.com/id?1017086 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773 http://www.kb.cert.org/vuls/id/383092 http://www.osvdb.org/29761 http://www.securityfocus.com/archive/1/449126/100/0/threaded http://www.securityfocus.com/bid/20612 http://www.vupen.com/english/advisories/2006/4093 https://exchange.xforce • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 4%CPEs: 20EXPL: 0

CVE-2002-0370

https://notcve.org/view.php?id=CVE-2002-0370

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Desbordamiento de búfer en la capacidad ZIP de múltiples productos permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediante ficheros ZIP que contienen nombres de ficheros largos, incluyendo Microsoft Windows 98 con el paquete Plus! Windows XP Windows Me Lotus Notes R4 a R6 (pre-gold) Verity KeyView, y Stuffit Expander antes de 7.0. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html http://marc.info/?l=bugtraq&m=103428193409223&w=2 http://securityreason.com/securityalert/587 http://www.info-zip.org/FAQ.html http://www.info.apple.com/usen/security/security_updates.html http://www.iss.net/security_center/static/10251.php http://www.kb.cert.org/vuls/id/383779 http://www.securityfocus.com/bid/5873 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054 •