Search Results (290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1567 1 Ibm 2 Lotus Domino, Lotus Domino Server 2026-04-16 N/A
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
CVE-2006-0662 1 Ibm 1 Lotus Domino Inotes Client 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.
CVE-2000-1138 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
CVE-2003-0178 1 Ibm 1 Lotus Domino Web Server 2026-04-16 N/A
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
CVE-2005-2618 2 Autonomy, Ibm 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more 2026-04-16 N/A
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).
CVE-2001-1313 1 Ibm 1 Lotus Domino R5 2026-04-16 N/A
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-1999-1275 1 Ibm 1 Lotus Cc Mail 2026-04-16 N/A
Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges.
CVE-2003-0123 1 Ibm 2 Lotus Domino, Lotus Notes Client 2026-04-16 N/A
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
CVE-2005-1101 1 Ibm 1 Lotus Domino Server 2026-04-16 N/A
Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields.
CVE-2006-0663 1 Ibm 1 Lotus Domino Inotes Client 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
CVE-2006-1948 1 Ibm 1 Lotus Notes 2026-04-16 N/A
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.
CVE-2005-1442 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.
CVE-2006-4763 1 Ibm 1 Lotus Domino Web Access 2026-04-16 N/A
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.
CVE-2004-2667 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2004-0669 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
CVE-2004-0668 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
CVE-2003-0122 1 Ibm 2 Lotus Domino, Lotus Notes Client 2026-04-16 N/A
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
CVE-1999-0429 1 Ibm 1 Lotus Notes 2026-04-16 N/A
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
CVE-2005-2428 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
CVE-2002-1624 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.