31 results (0.003 seconds)

CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1

The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. BlackBerry Collaboration Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) v5.0.3 a través de MR4 para Microsoft Exchange y Lotus Domino permite, a usuarios remotos autenticados, a acceder a cuentas de usuario de su elección asociados con la misma organización, y enviar mensajes, leer los mensajes, leer las listas de contactos o causar una denegación de servicio (indisponibilidad de inicio de sesión), a través de vectores no especificados. • http://secunia.com/advisories/46370 http://securitytracker.com/id?1026179 http://www.blackberry.com/btsc/KB28524 http://www.osvdb.org/76286 http://www.securityfocus.com/bid/50064 https://exchange.xforce.ibmcloud.com/vulnerabilities/70519 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. • http://www.securityfocus.com/archive/1/311660 http://www.securityfocus.com/archive/1/311806 http://www.securityfocus.com/bid/6841 https://exchange.xforce.ibmcloud.com/vulnerabilities/11311 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 4

Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner. • https://www.exploit-db.com/exploits/21996 http://www.iss.net/security_center/static/10557.php http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2 http://www.securityfocus.com/bid/6128 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/archive/1/265380 http://www.securityfocus.com/bid/4406 •