Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmLotus Domino

86 matches found

CVE
CVEadded 2006/01/09 11:3 a.m.42 views

CVE-2006-0120

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3...

5CVSS6.9AI score0.03437EPSS
CVE
CVEadded 2010/01/09 6:30 p.m.42 views

CVE-2010-0276

IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.

10CVSS6.7AI score0.00531EPSS
CVE
CVEadded 2013/12/21 2:22 p.m.42 views

CVE-2013-4063

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.

4.3CVSS5.6AI score0.00236EPSS
CVE
CVEadded 2008/01/12 2:46 a.m.41 views

CVE-2008-0243

Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.

7.8CVSS6.4AI score0.00556EPSS
CVE
CVEadded 2011/02/08 10:0 p.m.41 views

CVE-2011-0918

Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.

10CVSS8.2AI score0.10609EPSS
CVE
CVEadded 2011/02/08 10:0 p.m.41 views

CVE-2011-0919

Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ.

10CVSS7.9AI score0.124EPSS
CVE
CVEadded 2013/03/27 12:23 p.m.41 views

CVE-2013-0488

Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00236EPSS
CVE
CVEadded 2002/03/15 5:0 a.m.40 views

CVE-2002-0086

Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

7.2CVSS7.3AI score0.00072EPSS
CVE
CVEadded 2013/03/27 12:23 p.m.40 views

CVE-2013-0486

Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY.

4.3CVSS6.6AI score0.00681EPSS
CVE
CVEadded 2013/03/27 12:23 p.m.40 views

CVE-2013-0489

Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators.

6CVSS6.5AI score0.00093EPSS
CVE
CVEadded 2013/08/27 3:34 a.m.40 views

CVE-2013-0590

Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591.

3.5CVSS5.2AI score0.00166EPSS
CVE
CVEadded 2013/11/08 4:47 a.m.40 views

CVE-2013-4055

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.

3.5CVSS5.2AI score0.00166EPSS
CVE
CVEadded 2004/08/06 4:0 a.m.39 views

CVE-2004-0669

Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.

7.5CVSS6.7AI score0.00641EPSS
CVE
CVEadded 2005/08/16 4:0 a.m.39 views

CVE-2004-2310

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.

4.3CVSS6AI score0.02535EPSS
CVE
CVEadded 2007/10/29 9:46 p.m.39 views

CVE-2007-5700

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.

6.3CVSS6.5AI score0.00331EPSS
CVE
CVEadded 2010/01/20 4:30 p.m.39 views

CVE-2010-0358

Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087.

10CVSS7.5AI score0.01685EPSS
CVE
CVEadded 2013/12/21 2:22 p.m.39 views

CVE-2013-4065

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.

2.6CVSS5.6AI score0.00236EPSS
CVE
CVEadded 2013/10/22 10:55 p.m.39 views

CVE-2013-5389

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.

4.3CVSS5.8AI score0.00236EPSS
CVE
CVEadded 2005/08/16 4:0 a.m.38 views

CVE-2004-2311

Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.

3.6CVSS6.6AI score0.00734EPSS
CVE
CVEadded 2005/08/16 4:0 a.m.38 views

CVE-2004-2369

Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.

6.4CVSS6.9AI score0.00258EPSS
CVE
CVEadded 2006/12/29 11:0 a.m.38 views

CVE-2005-4819

Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

6.8CVSS5.9AI score0.0108EPSS
CVE
CVEadded 2009/04/13 4:30 p.m.38 views

CVE-2009-1286

The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.

5CVSS6.6AI score0.01825EPSS
CVE
CVEadded 2009/09/08 6:30 p.m.38 views

CVE-2009-3087

Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosu...

5CVSS6.7AI score0.00572EPSS
CVE
CVEadded 2010/03/05 5:30 p.m.38 views

CVE-2010-0927

Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.

4.3CVSS5.7AI score0.00289EPSS
CVE
CVEadded 2011/03/25 7:55 p.m.38 views

CVE-2011-1520

The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.

7.2CVSS6.3AI score0.00057EPSS
CVE
CVEadded 2012/08/21 10:46 a.m.38 views

CVE-2012-3301

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.

4.3CVSS7AI score0.00257EPSS
CVE
CVEadded 2005/05/03 4:0 a.m.37 views

CVE-2005-1441

Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).

5CVSS7AI score0.01434EPSS
CVE
CVEadded 2007/11/10 2:46 a.m.37 views

CVE-2007-5924

Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.1AI score0.00427EPSS
CVE
CVEadded 2013/11/08 4:47 a.m.37 views

CVE-2013-4051

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.

3.5CVSS5.2AI score0.00166EPSS
CVE
CVEadded 2013/03/27 12:23 p.m.36 views

CVE-2013-0487

The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.

8.5CVSS6.2AI score0.00459EPSS
CVE
CVEadded 2013/08/27 3:34 a.m.35 views

CVE-2013-0595

Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3.

4.3CVSS5.7AI score0.00266EPSS
CVE
CVEadded 2005/07/14 4:0 a.m.34 views

CVE-2002-2014

Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.

5CVSS7AI score0.00461EPSS
CVE
CVEadded 2007/03/29 9:19 p.m.34 views

CVE-2006-4843

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.

4.3CVSS5.5AI score0.00759EPSS
CVE
CVEadded 2007/06/06 9:30 p.m.34 views

CVE-2007-0068

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.

9.3CVSS6.3AI score0.01769EPSS
CVE
CVEadded 2013/08/09 7:55 p.m.34 views

CVE-2013-3032

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA.

4.3CVSS5.7AI score0.00266EPSS
CVE
CVEadded 2013/10/22 10:55 p.m.33 views

CVE-2013-5388

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.

4.3CVSS5.8AI score0.00236EPSS
Total number of security vulnerabilities86