Search Results (97 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-5251 1 Ibm 1 Lotus Notes 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-1215 1 Ibm 1 Lotus Notes 2025-04-11 N/A
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
CVE-2011-1216 1 Ibm 1 Lotus Notes 2025-04-11 N/A
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.
CVE-2011-1214 1 Ibm 1 Lotus Notes 2025-04-11 N/A
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.
CVE-2012-2174 1 Ibm 1 Lotus Notes 2025-04-11 N/A
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
CVE-2012-4846 1 Ibm 1 Lotus Notes 2025-04-11 N/A
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.
CVE-2012-5308 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.
CVE-2012-5309 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2010-4549 2 Ibm, Nokia 2 Lotus Notes Traveler, S60 2025-04-11 N/A
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation.
CVE-2013-0536 1 Ibm 3 Lotus Inotes, Lotus Notes, Lotus Notes Traveler 2025-04-11 N/A
ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.
CVE-2012-4823 3 Ibm, Redhat, Tivoli Storage Productivity Center 18 Java, Lotus Domino, Lotus Notes and 15 more 2025-04-11 N/A
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."
CVE-2012-4824 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter.
CVE-2012-4825 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.
CVE-2011-1217 1 Ibm 1 Lotus Notes 2025-04-11 N/A
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.
CVE-2011-1424 3 Emc, Ibm, Microsoft 4 Sourceone Email Management, Lotus Domino, Lotus Notes and 1 more 2025-04-11 N/A
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
CVE-2012-5307 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.
CVE-2013-0522 1 Ibm 1 Lotus Notes 2024-11-21 N/A
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.