CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 0CVE-2011-1393
https://notcve.org/view.php?id=CVE-2011-1393
27 Dec 2011 — Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet. Vulnerabilidad sin especificar en la funcionalidad de autenticación en el servidor de IBM Lotus Domino 8.x anteriores a 8.5.2 FP4 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete RPC Notes modificado. • http://secunia.com/advisories/47331 •
CVSS: 10.0EPSS: 10%CPEs: 74EXPL: 0CVE-2011-0913 – Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0913
07 Feb 2011 — Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache. Desbordamiento de búfer basado en pila en ndiiop.exe en la aplicación DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código de su elección mediante una petición getEnvironmentString de GIOP, relacionado con la caché... • http://secunia.com/advisories/43208 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 74EXPL: 0CVE-2011-0914 – Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0914
07 Feb 2011 — Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow. Error de presencia de signo (signedness) en enteros en ndiiop.exe en la aplicación DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código se elección mediante una petición del cliente GIOP, dando lugar a un desbordamiento de búfe... • http://secunia.com/advisories/43208 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 15%CPEs: 74EXPL: 0CVE-2011-0915 – IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0915
07 Feb 2011 — Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23. Desbordamiento de búfer basado en pila en nrouter.exe en IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un parámetro de nombre largo en el encabezado Content-Type de convocatoria de ... • http://secunia.com/advisories/43208 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5924
https://notcve.org/view.php?id=CVE-2007-5924
10 Nov 2007 — Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la tarea del Servidor Web (HTTP) en el IBM Lotus Domino anterior al 6.5.6 FP2 y el 7.x anterior al 7.0.2 FP2, permite a atacantes remotos autenticados la inyección de secuencias de comandos web o HTML de su ele... • http://jvn.jp/jp/JVN%2384565055/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-5544
https://notcve.org/view.php?id=CVE-2007-5544
29 Oct 2007 — IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos débiles (... • http://secunia.com/advisories/27321 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 60%CPEs: 2EXPL: 1CVE-2007-0977 – Lotus Domino R6 Webmail - Remote Password Hash Dumper
https://notcve.org/view.php?id=CVE-2007-0977
16 Feb 2007 — IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. IBM Lotus Domino R5 y R6 WebMail, con "Generar HTML para todos los campos" habilitado, almacena tablas hash HTTPPassword de names.nsf de una manera accesible a través de peticiones Readviewentries y OpenDocument a la vista defaultview, vector distinto ... • https://www.exploit-db.com/exploits/3302 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-5818
https://notcve.org/view.php?id=CVE-2006-5818
08 Nov 2006 — Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar código de su elección a través de vectores sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 •
CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 3CVE-2005-2428 – Lotus Domino R6 Webmail - Remote Password Hash Dumper
https://notcve.org/view.php?id=CVE-2005-2428
03 Aug 2005 — Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a... • https://www.exploit-db.com/exploits/3302 •
CVSS: 9.8EPSS: 26%CPEs: 29EXPL: 0CVE-2003-0122
https://notcve.org/view.php?id=CVE-2003-0122
18 Mar 2003 — Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. Desbordamiento de búfer en el servidor de Lotus Notes R4, R5 anteriores a 5.0.11 y betas de R6 permite a atacantes remotos ejecutar código arbitrario mediante un nombre distinguido (DN) largo durante la autenticación NotesRPC y una longitud ext... • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html •