Domino Security Vulnerabilities and Issues — Domino CVE List

Lucene search

LotusDomino

12 matches found

CVE•added 2004/09/01 4:0 a.m.•45 views

CVE-2000-1203

Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.

5CVSS6.6AI score0.00911EPSS

CVE•added 2001/09/12 4:0 a.m.•40 views

CVE-1999-1012

SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.

5CVSS7.1AI score0.0057EPSS

CVE•added 2002/03/09 5:0 a.m.•40 views

CVE-2001-0954

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.

5CVSS6.8AI score0.00911EPSS

CVE•added 2002/06/25 4:0 a.m.•37 views

CVE-2001-0939

Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.

5CVSS7.1AI score0.00911EPSS

CVE•added 2000/12/11 5:0 a.m.•36 views

CVE-2000-1046

Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.

10CVSS8.3AI score0.08176EPSS

CVE•added 2002/02/02 5:0 a.m.•36 views

CVE-2001-1018

Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.

5CVSS6.6AI score0.00631EPSS

CVE•added 2002/07/26 4:0 a.m.•35 views

CVE-2002-0408

htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.

5CVSS6.6AI score0.01083EPSS

CVE•added 2002/03/09 5:0 a.m.•34 views

CVE-2001-0846

Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).

10CVSS7.9AI score0.04246EPSS

CVE•added 2002/05/29 4:0 a.m.•33 views

CVE-2002-0245

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leak...

7.5CVSS6.5AI score0.00741EPSS

CVE•added 2002/07/26 4:0 a.m.•33 views

CVE-2002-0407

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of per...

5CVSS6.8AI score0.01303EPSS

CVE•added 2005/11/16 9:17 p.m.•32 views

CVE-2002-2191

Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.

5CVSS6.6AI score0.03447EPSS

CVE•added 2002/03/15 5:0 a.m.•30 views

CVE-2002-0087

bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.

2.1CVSS6.4AI score0.00125EPSS