Vulnerabilities > IBM > Lotus Domino > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-03 | CVE-2010-0920 | Cross-Site Scripting vulnerability in IBM Lotus Inotes Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes." | 4.3 |
2009-09-08 | CVE-2009-3087 | Denial-Of-Service vulnerability in IBM Lotus Domino 8.0 Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
2009-04-13 | CVE-2009-1286 | Remote Denial of Service vulnerability in IBM Lotus Domino IMAP Server The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | 5.0 |
2008-11-10 | CVE-2008-5011 | Cross-Site Scripting vulnerability in IBM Lotus Quickr Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860. | 4.3 |
2007-11-10 | CVE-2007-5924 | Cross-Site Scripting vulnerability in IBM Lotus Domino 7.0/7.0.2 Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-10-29 | CVE-2007-5700 | Information Disclosure vulnerability and Buffer Overflow vulnerability in IBM Lotus Domino The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information. network ibm | 6.3 |
2007-03-29 | CVE-2006-4843 | HTML Injection vulnerability in IBM Lotus Domino Web Access Email Message Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. network ibm | 4.3 |
2006-01-09 | CVE-2006-0120 | Multiple Unspecified vulnerability in IBM products Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN). | 5.0 |
2006-01-09 | CVE-2006-0118 | Multiple Unspecified vulnerability in IBM products Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. | 5.0 |
2006-01-09 | CVE-2006-0117 | Multiple Unspecified vulnerability in IBM products Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". | 5.0 |