CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-38660 – HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38660
04 Nov 2022 — HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. Las aplicaciones HCL XPages son susceptibles a una vulnerabilidad de Cross-Site Request Forgery (CSRF). Un atacante no autenticado podría aprovechar esta vulnerabilidad para realizar acciones en la aplicación en nombre del usuario que inició sesión. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-14230
https://notcve.org/view.php?id=CVE-2020-14230
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio causada por una comprobación inapropiada de la entrada suministrada por el usuario. Un atacante remoto no au... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-14234
https://notcve.org/view.php?id=CVE-2020-14234
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio debido a una comprobación inapropiada de la entrada suministrada por el usuario, dándole potencialmente al atacante la capacidad de bloquear el servidor. Versiones anteriores a ve... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1712
https://notcve.org/view.php?id=CVE-2017-1712
01 Jul 2020 — "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions." "Una vulnerabilidad en la implementación del protocolo TLS del servidor Domino podría permitir a un atac... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2015
https://notcve.org/view.php?id=CVE-2015-2015
23 Aug 2015 — Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN. Vulnerabilidad de XSS en pubnames.ntf (también conocido como Directory template) en el servidor web en IBM Domino en versiones anteriores a 9.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través de URL manipulada, también conocido como ... • http://www-01.ibm.com/support/docview.wss?uid=swg21963016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0408
https://notcve.org/view.php?id=CVE-2002-0408
11 Jun 2002 — htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0407
https://notcve.org/view.php?id=CVE-2002-0407
11 Jun 2002 — htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2002-0245
https://notcve.org/view.php?id=CVE-2002-0245
03 May 2002 — Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. El servidor 5.0.8 de Lotus Domino con NoBanner habilitado permite que atacantes remotos (1) conozcan el path físico del servidor por medio de una petición de ... • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •
CVSS: 10.0EPSS: 4%CPEs: 14EXPL: 0CVE-2001-0846
https://notcve.org/view.php?id=CVE-2001-0846
06 Dec 2001 — Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). • http://marc.info/?l=bugtraq&m=100448721830960&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2001-0939
https://notcve.org/view.php?id=CVE-2001-0939
30 Nov 2001 — Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. • http://marc.info/?l=bugtraq&m=100715316426817&w=2 •