CVSS: 7.6EPSS: 5%CPEs: 31EXPL: 0CVE-2010-0919
https://notcve.org/view.php?id=CVE-2010-0919
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. Desbordamiento de búfer basado en pila en el control ActiveX Lotus Domino Web Access en IBM Lotus iNotes (alias Domino Web Access o DWA) 6.5, 7.0 en versiones anteriores a la 7.0.4, 8.0, 8.0.2 y en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos ejecutar código de su elección mediante un argumento URL largo a un método no especificado, alias PRAD7JTNHJ. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857 http://secunia.com/advisories/38681 http://secunia.com/advisories/38744 http://secunia.com/advisories/38755 http://securitytracker.com/id?1023662 http://www-01.ibm.com/support/docview.wss?uid=swg21421808 http://www-01.ibm.com/support/docview.wss?uid=swg27018109 http://www.osvdb.org/62612 http://www.securityfocus.com/bid/38457 http://www.securityfocus.com/bid/38459 http://www.vupen.com/english/advisories&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0276
https://notcve.org/view.php?id=CVE-2010-0276
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU. IBM Lotus iNotes (también conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 no maneja adecuadamente la navegación del "Try Lotus iNotes anyway" enlace desde la página que informa del uso de un navegador no soportado, tiene u impacto y vectores de ataque sin especificar, también conocido como SPR LSHR7TBMQU. • http://secunia.com/advisories/38026 http://www-01.ibm.com/support/docview.wss?uid=swg27017776 http://www.securityfocus.com/bid/37675 http://www.vupen.com/english/advisories/2010/0077 https://exchange.xforce.ibmcloud.com/vulnerabilities/55473 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3105
https://notcve.org/view.php?id=CVE-2009-3105
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS)IBM Lotus iNotes (conocido como Domino Web Access o DWA) anterior v211.241 para Domino v8.0.1 permite a atacantes remotos ejecutar código web o HTML de su elección a través de vectores no especificados, como SPR EZEL7UURYC. • http://secunia.com/advisories/36626 http://www-01.ibm.com/support/docview.wss?uid=swg27016745 http://www.securityfocus.com/bid/36292 http://www.vupen.com/english/advisories/2009/2557 https://exchange.xforce.ibmcloud.com/vulnerabilities/53086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 97%CPEs: 17EXPL: 6CVE-2007-4474 – IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4474
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. Múltiples desbordamientos de búfer basado en pila en el control ActiveX IBM Lotus Domino Web Access, proporcionado en inotes6.dll, inotes62.dll, dwa7.dll, y dwa7w.dll, en Domino 6.x y 7.x permiten a atacantes remotos ejecutar código de su elección, como se ha demostrado mediante un desbordamiento con un valor largo de la propiedad General_ServerName cuando se llama a la función InstallBrowserHelperDll del módulo Upload en el control dwa7.dwa7.1 de dwa7w.dll 7.0.34.1. • https://www.exploit-db.com/exploits/4818 https://www.exploit-db.com/exploits/4820 https://www.exploit-db.com/exploits/5111 https://www.exploit-db.com/exploits/16502 http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html http://osvdb.org/40954 http://secunia.com/advisories/28184 http://www.kb.cert.org/vuls/id/963889 http://www.securityfocus.com/bid/26972 http://www.securitytracker.com/id?1019138 http://www.vupen.com/english/advisories/2007&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2006-4763
https://notcve.org/view.php?id=CVE-2006-4763
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. IBM Lotus Domino Web Access (DWA) 7.0.1 no expira una ficha de autenticación de terceros ligera (LtpaToken) en el logout, lo cual permite a atacantes remotos obtener privilegios de usuario interceptando la cookie LtpaToken. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049408.html http://securityreason.com/securityalert/1571 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589 http://www.fishnetsecurity.com/csirt/disclosure/ibm http://www.securityfocus.com/archive/1/445821/100/0/threaded http://www.securityfocus.com/bid/19966 https://exchange.xforce.ibmcloud.com/vulnerabilities/28881 •