notes software vulnerabilities
vulnerabilities.aspcode.net
Searching notes software vulnerabilities
The Extended Control List (ECL) feature of the
Extended
|
Control
|
List
|
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
Lotus Notes R5 client R5.0.5 and earlier does n
attacker
|
modified
|
properly
|
detected
|
message
|
transit
|
without
|
earlier
|
modify
|
client
|
S/MIME
|
could
|
allow
|
Lotus
|
being
|
Notes
|
which
|
users
|
email
|
does
|
warn
|
been
|
R505
|
not
|
has
|
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
Lotus Domino server 5.0.9a and earlier allows r
restrictions
|
sensitive
|
attackers
|
security
|
possibly
|
template
|
database
|
earlier
|
bypass
|
server
|
Domino
|
remote
|
allows
|
files
|
Lotus
|
Notes
|
view
|
509a
|
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
Lotus Domino Servers 5.x, 4.6x, and 4.5x allows
document's
|
attackers
|
intended
|
Servers
|
Reader
|
object
|
access
|
Author
|
Domino
|
allows
|
bypass
|
Lotus
|
Notes
|
call
|
list
|
API
|
45x
|
46x
|
via
|
Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.
Buffer overflow in bindsock in Lotus Domino 5.0
bindsock
|
overflow
|
Domino
|
Buffer
|
Lotus
|
Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.
Lotus Notes Domino 6.0.2 on Linux installs the
Domino
|
Notes
|
Lotus
|
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
Argument injection vulnerability in IBM Lotus N
vulnerability
|
injection
|
Argument
|
Lotus
|
Notes
|
IBM
|
Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.
Buffer overflow in IBM Lotus Notes 6.5.x before
overflow
|
before
|
Buffer
|
Notes
|
Lotus
|
IBM
|
65x
|
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
Multiple unknown vulnerabilities in IBM Lotus N
vulnerabilities
|
Multiple
|
unknown
|
before
|
Notes
|
Lotus
|
65x
|
IBM
|
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.
SQL injection vulnerability in the (1) announce
vulnerability
|
injection
|
SQL
|
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
SQL injection vulnerability in posting_notes.ph
posting_notesphp
|
vulnerability
|
arbitrary
|
parameter
|
injection
|
attackers
|
commands
|
variable
|
$post_id
|
vectors
|
execute
|
attack
|
module
|
remote
|
allows
|
notes
|
other
|
phpBB
|
which
|
used
|
SQL
|
via
|
SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors.
Format string vulnerability in Lotus Domino 6.0
vulnerability
|
before
|
Domino
|
string
|
Format
|
Lotus
|
60x
|
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).
Buffer overflow in the Lotus Notes client for D
overflow
|
Domino
|
client
|
Buffer
|
before
|
Lotus
|
Notes
|
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.
The web interface for Lotus Notes mail automati
automatically
|
attachment
|
interface
|
processes
|
prompting
|
attackers
|
web-based
|
without
|
conduct
|
attacks
|
cookies
|
easier
|
remote
|
makes
|
which
|
steal
|
Notes
|
Lotus
|
HTML
|
mail
|
user
|
open
|
save
|
web
|
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and
Notes
|
Lotus
|
IBM
|
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.
IBM Lotus Notes does not properly restrict acce
properly
|
restrict
|
password
|
Address
|
access
|
hashes
|
Notes
|
Lotus
|
does
|
Book
|
IBM
|
not
|
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.
Buffer overflow in IBM Lotus Notes and Domino S
overflow
|
Server
|
Domino
|
Buffer
|
before
|
Lotus
|
Notes
|
IBM
|
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".
Unspecified vulnerability in IBM Lotus Notes an
vulnerability
|
Unspecified
|
Domino
|
Server
|
before
|
Lotus
|
Notes
|
IBM
|
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas.
The Notes Remote Procedure Call (NRPC) protocol
Procedure
|
Remote
|
Notes
|
Call
|
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
The JNILoader ActiveX control (STJNILoader.ocx)
JNILoader
|
control
|
ActiveX
|
The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.
Software vulnerabilities results 1 to 20 of 45
Page:
1
2
3
►