Vendor
Lotus
Products
8
CVEs
30
Across products
33
Status
Private
Products
8- 12 CVEs
- 7 CVEs
- 5 CVEs
- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
30| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2001-0009 | 0.04 | — | 0.07 | Feb 12, 2001 | Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. | ||
| CVE-2000-1046 | 0.04 | — | 0.08 | Dec 11, 2000 | Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands. | ||
| CVE-2002-2191 | 0.03 | — | 0.04 | Dec 31, 2002 | Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner. | ||
| CVE-2000-0452 | 0.03 | — | 0.04 | May 18, 2000 | Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. | ||
| CVE-2003-1408 | 0.00 | — | 0.00 | Dec 31, 2003 | Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | ||
| CVE-2002-1010 | 0.00 | — | 0.00 | Oct 4, 2002 | Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. | ||
| CVE-2002-0408 | 0.00 | — | 0.01 | Jul 26, 2002 | htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. | ||
| CVE-2002-0407 | 0.00 | — | 0.01 | Jul 26, 2002 | htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | ||
| CVE-2002-0245 | 0.00 | — | 0.01 | May 29, 2002 | Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. | ||
| CVE-2002-0087 | 0.00 | — | 0.00 | Mar 15, 2002 | bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. | ||
| CVE-2001-0954 | 0.00 | — | 0.01 | Dec 7, 2001 | Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. | ||
| CVE-2001-0847 | 0.00 | — | 0.01 | Dec 6, 2001 | Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. | ||
| CVE-2001-0846 | 0.00 | — | 0.04 | Dec 6, 2001 | Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). | ||
| CVE-2001-0939 | 0.00 | — | 0.01 | Nov 30, 2001 | Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. | ||
| CVE-2001-1018 | 0.00 | — | 0.01 | Sep 20, 2001 | Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. | ||
| CVE-2000-1203 | 0.00 | — | 0.01 | Aug 20, 2001 | Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. | ||
| CVE-2001-0601 | 0.00 | — | 0.01 | Aug 2, 2001 | Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters. | ||
| CVE-2001-0602 | 0.00 | — | 0.01 | Aug 2, 2001 | Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. | ||
| CVE-2001-0603 | 0.00 | — | 0.01 | Aug 2, 2001 | Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148. | ||
| CVE-2001-0600 | 0.00 | — | 0.01 | Aug 2, 2001 | Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. |