CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0536
https://notcve.org/view.php?id=CVE-2013-0536
21 Jun 2013 — ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24. ntmulti.exe en el servicio Multi User Profile Cleanup en IBM Notes v8.0, v8.0.1, v8.0.2, v8.5, v8.5.1, v8.5.2, v8.5.3 anterior a FP5, y v9.0 anterior a IF2 permite a usuarios locales ganar privilegios mediante ve... • http://www-01.ibm.com/support/docview.wss?uid=swg21633827 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 9%CPEs: 128EXPL: 0CVE-2012-4820 – JDK: java.lang.reflect.Method invoke() code execution
https://notcve.org/view.php?id=CVE-2012-4820
16 Nov 2012 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a se... • http://rhn.redhat.com/errata/RHSA-2012-1465.html •
CVSS: 9.8EPSS: 6%CPEs: 128EXPL: 0CVE-2012-4821 – JDK: getDeclaredMethods() and setAccessible() code execution
https://notcve.org/view.php?id=CVE-2012-4821
16 Nov 2012 — Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote... • http://rhn.redhat.com/errata/RHSA-2012-1467.html •
CVSS: 9.8EPSS: 10%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
16 Nov 2012 — Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote... • http://rhn.redhat.com/errata/RHSA-2012-1465.html •
CVSS: 9.8EPSS: 13%CPEs: 128EXPL: 0CVE-2012-4823 – JDK: java.lang.ClassLoder defineClass() code execution
https://notcve.org/view.php?id=CVE-2012-4823
16 Nov 2012 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers... • http://rhn.redhat.com/errata/RHSA-2012-1466.html •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2012-4825
https://notcve.org/view.php?id=CVE-2012-4825
08 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en servlet/traveler/ILNT.mobileconfig en IBM Lotus Notes Traveler anteriores a v8.5.3.2, permite a atacantes remotos inyectar secuencias de comandos ... • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2012-5307
https://notcve.org/view.php?id=CVE-2012-5307
08 Oct 2012 — Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Notes Traveler anteriores a v8.5.3.3 Interim Fix 1, cuando se usa Firefox, permite a atacantes remotos inyectar secuencia... • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2010-4547
https://notcve.org/view.php?id=CVE-2010-4547
16 Dec 2010 — IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. IBM Lotus Notes Traveler anterior a v8.5.1.3, cuando se utiliza un entorno multidominio, no se aplican adecuadamente los documentos de política a los usuarios móviles de un dominio diferente d... • http://www-1.ibm.com/support/docview.wss?uid=swg1LO49967 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-5036
https://notcve.org/view.php?id=CVE-2009-5036
16 Dec 2010 — traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. traveler.exe en IBM Lotus Notes Traveler anterior a CF1 v8.0.1.3 permite a usuarios autenticados remotamente causar una denegación de servicio (caída de demonio) a través de un documento de invitación con formato incorrecto en una operación de sincronización. • http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=3 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4549
https://notcve.org/view.php?id=CVE-2010-4549
16 Dec 2010 — IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. IBM Lotus Notes Traveler anterior a v8.5.1.3 en el dispositivo Nokia S60 realiza exitosamente una operación de sustitución de datos para una aplicación prohibida, lo que permite a usuarios autenticados remotamente eludir las restricciones de acceso previsto a través de es... • http://www-1.ibm.com/support/docview.wss?uid=swg1LO53572 • CWE-264: Permissions, Privileges, and Access Controls •