Lotus Domino Password Hash Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Password Hash Collector', 'Description' = 'Get users passwords hashes from names.nsf page', 'Author' = 'Tiago Ferreira ', 'License' ...

IBM Lotus Domino R8 - Password Hash Extraction Exploit

Exploit for windows platform in category web applications Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage:...

IBM Lotus Notes names.nsf开放重新定向漏洞

BUGTRAQ ID: 38852 Lotus Notes是由IBM开发的集成邮件、日历、即时消息、浏览器和业务协作应用，可用作Lotus Domino服务器应用的桌面客户端。 远程攻击者可以通过向Lotus Notes的names.nsf页面提交恶意HTTP POST请求执行HTTP响应拆分漏洞，将用户重新定向到其他位置。 IBM Lotus Notes 6.x 厂商补丁： IBM --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.ers.ibm.com/ POST /names.nsf?Login...

IBM Lotus Domino response splitting

Response splitting via POST request to /names.nsf, crossite scripting...

CVE-2007-0977

IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428...