VYPR

Lotus Domino

by IBM

CVEs (132)

  • CVE-2002-2025Dec 31, 2002
    risk 0.00cvss epss 0.02

    Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to…

  • CVE-2002-1624Dec 31, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.

  • CVE-2002-2014Dec 31, 2002
    risk 0.00cvss epss 0.02

    Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.

  • CVE-2002-0245May 29, 2002
    risk 0.00cvss epss 0.03

    Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP…

  • CVE-2002-0037Apr 22, 2002
    risk 0.00cvss epss 0.03

    Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.

  • CVE-2002-0086Mar 15, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

  • CVE-2002-0087Mar 15, 2002
    risk 0.00cvss epss 0.00

    bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.

  • CVE-2001-1567Dec 31, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are…

  • CVE-2001-0954Dec 7, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.

  • CVE-2000-1215Sep 19, 2001
    risk 0.00cvss epss 0.02

    The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.

  • CVE-2001-0604Aug 2, 2001
    risk 0.00cvss epss 0.01

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.

  • CVE-1999-0729Mar 12, 2001
    risk 0.00cvss epss 0.02

    Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.

Page 7 of 7