IBM Lotus Sametime Community Services Multiplexer Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Sametime. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of long URLs in the Community Services Multiplexer StMux.exe listening on...

IBM Lotus Sametime 8.0 - Multiplexer Buffer Overflow

IBM Lotus Sametime 8.0 - Multiplexer Buffer Overflow source: https://www.securityfocus.com/bid/29328/info IBM Lotus Sametime is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. ...

Cross site scripting

Cross-site scripting XSS vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim...

CVE-2008-0354

Cross-site scripting XSS vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim...

CVE-2008-0354

Cross-site scripting XSS vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim...

CVE-2008-0354

CVE-2008-0354 describes a cross-site scripting (XSS) flaw in the IBM Lotus Sametime Connect Client for Windows (versions 7.5 and 7.5.1). The vulnerability allows a user-assisted attacker to inject arbitrary script/HTML via a crafted chat message, with code execution triggered after a mouseover ev...

IBM Lotus Sametime Client Chat消息跨站脚本漏洞

Lotus Sametime是一套企业用的即时通讯应用程序。 Lotus Sametime处理超链接信息存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 提交恶意的超链接在消息中，当用户执行鼠标移动操作就可以触发任意脚本代码执行，导致敏感信息泄漏。 IBM Lotus Sametime 7.5.1 IBM Lotus Sametime 7.5 可参考如下安全公告获得补丁信息： http://www-1.ibm.com/support/docview.wss?uid=swg21292938...

CVE-2007-6295

Cross-site scripting XSS vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2007-6295

The documents confirm CVE-2007-6295 is an XSS vulnerability in IBM Lotus Sametime prior to version 8.0, affecting the WebRunMenuFrame page of the online meeting center template. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the URI, with attack vector over n...

CVE-2007-6295

Cross-site scripting XSS vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2007-4142

Cross-site scripting XSS vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting...

CVE-2007-4142

CVE-2007-4142 describes a cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731, where remote attackers can inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. Public references (IBM support note, advisories, and ...

CVE-2007-4142

Cross-site scripting XSS vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting...

IBM Lotus SameTime STJNILoader.OCX ActiveX控件LoadLibrary输入验证漏洞

IBM Corp.'s Lotus Sametime产品提供实时在线会议解决方案。 IBM Corp.'s Lotus Sametime产品包含的STJNILoader.ocx组件存在输入验证问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 此控件使用如下的CLASSID： 7261EE42-318E-490A-AE8F-77649DBA1ECA and 0B9C9C7D-ED81-4594-AFCB-FC5588125382 此控件一般标记为安全脚本，并导出的LoadLibrary函数没有过滤输入，构建恶意WEB页，诱使用户访问，可导致以应用程序进程权限执行任意指令。 IB...

Code injection

The JNILoader ActiveX control STJNILoader.ocx 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function...

CVE-2007-1784

The JNILoader ActiveX control STJNILoader.ocx 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function...

CVE-2007-1784

The CVE-2007-1784 entry affects IBM Lotus Notes Sametime (JNILoader ActiveX: STJNILoader.ocx, version 3.1.0.26) where remote attackers can cause arbitrary code execution by passing arbitrary arguments to the loadLibrary function, enabling loading of arbitrary DLLs. Impact is described as remote c...

CVE-2007-1784

The JNILoader ActiveX control STJNILoader.ocx 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function...