CVSS: 9.3EPSS: 1%CPEs: 14EXPL: 0CVE-2005-2619
https://notcve.org/view.php?id=CVE-2005-2619
31 Dec 2005 — Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview. • http://secunia.com/advisories/16100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-2696
https://notcve.org/view.php?id=CVE-2005-2696
25 Aug 2005 — IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. • http://marc.info/?l=bugtraq&m=112456040418543&w=2 •
CVSS: 5.4EPSS: 13%CPEs: 1EXPL: 1CVE-2005-2175 – IBM Lotus Domino Notes 6.0/6.5 - Mail Template Automatic Script Execution
https://notcve.org/view.php?id=CVE-2005-2175
09 Jul 2005 — The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. • https://www.exploit-db.com/exploits/25944 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1405
https://notcve.org/view.php?id=CVE-2005-1405
03 May 2005 — HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. • http://secunia.com/advisories/14879 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1442
https://notcve.org/view.php?id=CVE-2005-1442
03 May 2005 — Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. • http://secunia.com/advisories/1013841 •
CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 1CVE-2004-2280 – IBM Lotus Notes 6.0/6.5 - Multiple Java Applet Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2280
31 Dec 2004 — Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. • https://www.exploit-db.com/exploits/24275 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2004-2281
https://notcve.org/view.php?id=CVE-2004-2281
31 Dec 2004 — Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. • http://secunia.com/advisories/12046 •
CVSS: 10.0EPSS: 19%CPEs: 2EXPL: 1CVE-2004-0480
https://notcve.org/view.php?id=CVE-2004-0480
30 Jun 2004 — Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe. Vulnerabilidad de inyección de argumentos en IBM Lotus Notes 6.0.3 y 6.5 permite a atacantes remotos ejecutar código de su eleccion mediante una URI notes: que usa un nombre de ruta de red UNC para proveer un fichero de configuración notes.ini alternativo a notes.exe. • http://marc.info/?l=bugtraq&m=108843896506099&w=2 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 35%CPEs: 2EXPL: 0CVE-2003-0179
https://notcve.org/view.php?id=CVE-2003-0179
29 Mar 2003 — Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. Desbordamiento de búfer en el manejador de control de objetos COM para Lotus Domino 6.0.1 y versiones anteriores, permite a atacantes remotos la ejecución de código arbitrario mediante vectores de ataque múltiple, como se demuestra utilizando el método In... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html •
CVSS: 9.8EPSS: 26%CPEs: 29EXPL: 0CVE-2003-0122
https://notcve.org/view.php?id=CVE-2003-0122
18 Mar 2003 — Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. Desbordamiento de búfer en el servidor de Lotus Notes R4, R5 anteriores a 5.0.11 y betas de R6 permite a atacantes remotos ejecutar código arbitrario mediante un nombre distinguido (DN) largo durante la autenticación NotesRPC y una longitud ext... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html •