Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lotus_domino
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 88 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-01-09 | CVE-2006-0120 | Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with... | Lotus_domino, Lotus_domino_enterprise_server, Lotus_notes | N/A | ||
| 2006-01-09 | CVE-2006-0118 | Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. | Lotus_domino, Lotus_domino_enterprise_server, Lotus_notes | N/A | ||
| 2006-01-09 | CVE-2006-0117 | Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". | Lotus_domino, Lotus_domino_enterprise_server, Lotus_notes | N/A | ||
| 2005-12-31 | CVE-2005-4819 | Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | Lotus_domino | N/A | ||
| 2005-09-21 | CVE-2005-3015 | Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. | Lotus_domino, Lotus_domino_enterprise_server | N/A | ||
| 2005-12-31 | CVE-2005-2712 | The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. | Lotus_domino | N/A | ||
| 2005-08-03 | CVE-2005-2428 | Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the... | Lotus_domino | N/A | ||
| 2005-05-03 | CVE-2005-1441 | Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | Lotus_domino | N/A | ||
| 2004-12-31 | CVE-2004-2667 | Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | Lotus_domino | N/A | ||
| 2004-12-31 | CVE-2004-2369 | Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command. | Lotus_domino | N/A |