CVE-2004-1621 – IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injection
https://notcve.org/view.php?id=CVE-2004-1621
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature • https://www.exploit-db.com/exploits/24690 http://marc.info/?l=bugtraq&m=109812960023736&w=2 http://marc.info/?l=bugtraq&m=109841682529328&w=2 http://secunia.com/advisories/12891 http://securitytracker.com/id?1011779 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833 http://www.kb.cert.org/vuls/id/404382 http://www.securityfocus.com/bid/11458 https://exchange.xforce.ibmcloud.com/vulnerabilities/17758 •
CVE-2004-0668 – IBM Lotus Domino Server 6 - Web Access Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-0668
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment. • https://www.exploit-db.com/exploits/24243 http://marc.info/?l=bugtraq&m=108871093704307&w=2 http://www.securityfocus.com/bid/10641 https://exchange.xforce.ibmcloud.com/vulnerabilities/16596 •
CVE-2004-0669
https://notcve.org/view.php?id=CVE-2004-0669
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command. • http://marc.info/?l=bugtraq&m=108869022708571&w=2 http://www.securityfocus.com/bid/10642 https://exchange.xforce.ibmcloud.com/vulnerabilities/16575 •
CVE-2004-0029
https://notcve.org/view.php?id=CVE-2004-0029
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges. Lotus Notes Domino 6.0.2 para Linux instala el fichero de configuración notes.ini con permisos de escritura para todo el mundo, lo que permite a usuarios locales modificar la configuración de Notes y ganar privilegios. • http://marc.info/?l=bugtraq&m=107340897710308&w=2 http://secunia.com/advisories/10566 http://www.excluded.org/advisories/advisory05.txt http://www.osvdb.org/3424 http://www.securityfocus.com/bid/9366 http://www.securitytracker.com/id?1008623 https://exchange.xforce.ibmcloud.com/vulnerabilities/14153 •
CVE-2003-0123
https://notcve.org/view.php?id=CVE-2003-0123
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. Desbordamiento de búfer en el cliente Web Retriever de Lotus Notes/Domino R4.5 a R.6 permite a servidores web remotos maliciosos causar una denegación de servicio (caída) mediante una línea de estado HTTP larga. • http://marc.info/?l=bugtraq&m=104757545500368&w=2 http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060 http://www.cert.org/advisories/CA-2003-11.html http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.kb.cert.org/vuls/id/411489 http://www.rapid7.com/advisories/R7-0011.html http://www.securityfocus.com/bid/7038 https://exchange.xforce.ibmcloud.com/vulnerabilities/11525 •