CVSS: 9.3EPSS: 14%CPEs: 3EXPL: 0CVE-2008-0066
https://notcve.org/view.php?id=CVE-2008-0066
10 Apr 2008 — Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. Múltiples desbordamientos de búfer en htmsr.dll en el lector rápido HTML de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 and 7.0.3... • http://secunia.com/advisories/28140 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 27%CPEs: 7EXPL: 0CVE-2008-1101
https://notcve.org/view.php?id=CVE-2008-1101
10 Apr 2008 — Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document. Desbordamiento de búfer en el motor del visor de documentos KeyView de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 y 7.0.3, permite a atacantes remotos ejecutar código de su elecci... • http://secunia.com/advisories/28140 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2008-1718
https://notcve.org/view.php?id=CVE-2008-1718
10 Apr 2008 — Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment. Desbordamiento de búfer en mimesr.dll en Autonomy (anteriormente Verity) KeyView, usado en IBM Lotus Notes anterior a 8.0, puede permitir a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un mensaje de correo electrónico con un adj... • http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2008-1217
https://notcve.org/view.php?id=CVE-2008-1217
09 Mar 2008 — Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706. Una vulnerabilidad no especificada en la biblioteca nlnotes.dll en el cliente en IBM Lotus Notes versiones 6.5, 7.0.x anterior a 7.0.2 CCH y versión 8.0.x anterior a 8.0.1, permite a los atacantes remotos ejecutar código arbitrario por medio de u... • http://securitytracker.com/id?1019464 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 13%CPEs: 3EXPL: 0CVE-2007-6706
https://notcve.org/view.php?id=CVE-2007-6706
09 Mar 2008 — Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. Vulnerabilidad sin especificar en nlnotes.dll en el cliente de IBM Lotus Notes 6.5, 7.0.x antes de 7.0.2 CCH or 7.0.3, y posiblemente 8.0 permite a atacantes remotos ejecutar código de su elección a través de un texto manipulado en un email enviado por SMTP. • http://osvdb.org/40956 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0862
https://notcve.org/view.php?id=CVE-2008-0862
21 Feb 2008 — IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. IBM Lotus Notes 6.0, 6.5, 7.0, y 8.0 firma un applet sin asignación cuando un usuario reenvía un correo a otro, que permite a atacantes remotos asistidos por el usuario evitar la protección Execution Control List (ECL. • http://secunia.com/advisories/29031 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 12%CPEs: 5EXPL: 1CVE-2007-6593 – Autonomy KeyView Lotus 1-2-3 - File Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6593
28 Dec 2007 — Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. Múltiples desbordamientos de búfer basado en pila en l123sr.dll de Autonomy (anterior... • https://www.exploit-db.com/exploits/30816 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6594
https://notcve.org/view.php?id=CVE-2007-6594
28 Dec 2007 — IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. IBM Lotus Notes 8 para Linux anterior a 9.0.1 usa (1) permisos débiles no especificados para el kit de instalación obtenido a través de la descarga de Notes 8 y (2) permisos 0777 para el archivo installdata que crea setup.sh... • http://osvdb.org/40933 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 20%CPEs: 11EXPL: 0CVE-2007-5910
https://notcve.org/view.php?id=CVE-2007-5910
10 Nov 2007 — Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. Desbordamiento de búfer basado en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF ... • http://secunia.com/advisories/27304 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 53%CPEs: 11EXPL: 0CVE-2007-5909 – Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-5909
31 Oct 2007 — Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (w... • http://secunia.com/advisories/27304 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •