Page 8 of 40 results (0.012 seconds)

CVSS: 10.0EPSS: 91%CPEs: 5EXPL: 0

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. Desbordamiento de buffer basado en pila en IBM Domino 8.5 anterior a 8.5.3 FP6 IF7 y 9.0 anterior a 9.0.1 FP3 IF3 permite a atacantes remotos ejecutar código arbitrario a través de una imagen BMP manipulada, también conocido como SPR KLYH9TSN3Y. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nrouter.exe component which handles e-mails dispatched from nsmtp.exe listening on port 25. It is possible to trigger a stack-based buffer overflow by specifying an overly large number of colors in the color palette within a BMP. • http://www-01.ibm.com/support/docview.wss?uid=swg21883245 http://www.securityfocus.com/bid/74598 http://www.securitytracker.com/id/1032376 http://www.zerodayinitiative.com/advisories/ZDI-15-194 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 94%CPEs: 4EXPL: 0

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9. IBM Domino 8.5 anterior a 8.5.3 FP6 IF4 y 9.0 anterior a 9.0.1 FP3 IF2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (truncación de enteros y caída de aplicación) a través de una imagen GIF manipulada, también conocido como SPR KLYH9T7NT9. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nrouter.exe component which handles e-mails dispatched from nsmtp.exe listening on port 25. By specifying malicious dimensions within a GIF, an integer truncation can occur potentially resulting in an undersized buffer being allocated. • http://www-01.ibm.com/support/docview.wss?uid=swg21701647 http://www.securitytracker.com/id/1032151 • CWE-189: Numeric Errors •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. Notes System Diagnostic (NSD) en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a usuarios locales obtener el privilegio System a través de vectores no especificados, también conocido como SPR TCHL9SST8V. • https://www.exploit-db.com/exploits/42605 http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 26%CPEs: 5EXPL: 0

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en la implementación SSLv2 en IBM Domino 8.5.x anterior a 8.5.1 FP5 IF3, 8.5.2 anterior a FP4 IF3, 8.5.3 anterior a FP6 IF6, 9.0 anterior a IF7, y 9.0.1 anterior a FP2 IF3 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nldap.exe component which listens by default on TCP port 636. When handling Client Master Key Message packets, the process blindly copies attacker supplied data into an undersized buffer. • http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 91%CPEs: 5EXPL: 0

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM. El servidor LDAP en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, también conocido como SPR KLYH9SLRGM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within LDAP handling functionality which listens by default on TCP port 389. The vulnerable code blindly copies attacker supplied data from a specially formatted LDAP ModifyRequest packet to a fixed length stack buffer. • http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 •