VYPR

Domino

by Lotus

CVEs (45)

  • CVE-2020-14234Nov 21, 2020
    risk 0.00cvss epss 0.01

    HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.

  • CVE-2017-1712Jul 1, 2020
    risk 0.00cvss epss 0.01

    "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a…

  • CVE-2008-0243Jan 12, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.

  • CVE-2002-2025Dec 31, 2002
    risk 0.00cvss epss 0.02

    Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to…

  • CVE-2002-1010Oct 4, 2002
    risk 0.00cvss epss 0.01

    Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers.

  • CVE-2002-0407Jul 26, 2002
    risk 0.00cvss epss 0.03

    htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a…

  • CVE-2002-0408Jul 26, 2002
    risk 0.00cvss epss 0.02

    htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.

  • CVE-2002-0245May 29, 2002
    risk 0.00cvss epss 0.03

    Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP…

  • CVE-2002-0087Mar 15, 2002
    risk 0.00cvss epss 0.00

    bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.

  • CVE-2001-1567Dec 31, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are…

  • CVE-2001-0954Dec 7, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.

  • CVE-2001-0846Dec 6, 2001
    risk 0.00cvss epss 0.41

    Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).

  • CVE-2001-0939Nov 30, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.

  • CVE-2001-1018Sep 20, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.

  • CVE-2000-1203Aug 20, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.

  • CVE-2001-0603Aug 2, 2001
    risk 0.00cvss epss 0.01

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148.

  • CVE-2001-0600Aug 2, 2001
    risk 0.00cvss epss 0.01

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type.

  • CVE-2001-0601Aug 2, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters.

  • CVE-2001-0602Aug 2, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices.

  • CVE-2001-1313Jul 16, 2001
    risk 0.00cvss epss 0.04

    Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.