CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2015-0179 – Lotus Notes Diagnostic Tool 8.5/9.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-0179
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. Notes System Diagnostic (NSD) en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a usuarios locales obtener el privilegio System a través de vectores no especificados, también conocido como SPR TCHL9SST8V. • https://www.exploit-db.com/exploits/42605 http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 3%CPEs: 3EXPL: 4CVE-2002-2191 – Lotus Domino 5.0.8-9 - Non-Existent NSF Database Banner Information Disclosure
https://notcve.org/view.php?id=CVE-2002-2191
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner. • https://www.exploit-db.com/exploits/21996 http://www.iss.net/security_center/static/10557.php http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2 http://www.securityfocus.com/bid/6128 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0408
https://notcve.org/view.php?id=CVE-2002-0408
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://marc.info/?l=bugtraq&m=101785616526383&w=2 http://www.securityfocus.com/bid/4049 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0407
https://notcve.org/view.php?id=CVE-2002-0407
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/archive/1/265380 http://www.securityfocus.com/bid/4406 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2002-0245
https://notcve.org/view.php?id=CVE-2002-0245
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. El servidor 5.0.8 de Lotus Domino con NoBanner habilitado permite que atacantes remotos (1) conozcan el path físico del servidor por medio de una petición de un fichero no existente con una estensión .pl (Perl), lo cual hace que se muestre el path absoluto en el mensaje de error, o (2) hagan cualquier petición que cause el error 500 de HTTP, lo cual lleva a que aparezca el nombre de la versión del servidor en el mensaje de error HTTP. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/bid/4049 •