Search criteria
12 vulnerabilities found for domino_web_access by ibm
FKIE_CVE-2010-0919
Vulnerability from fkie_nvd - Published: 2010-03-03 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | domino_web_access | 6.5 | |
| ibm | domino_web_access | 7.0 | |
| ibm | domino_web_access | 7.0.1 | |
| ibm | domino_web_access | 7.0.2 | |
| ibm | domino_web_access | 7.0.3 | |
| ibm | domino_web_access | 8.0 | |
| ibm | domino_web_access | 8.0.2 | |
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_inotes | 229.111 | |
| ibm | lotus_inotes | 229.131 | |
| ibm | lotus_inotes | 229.141 | |
| ibm | lotus_inotes | 229.151 | |
| ibm | lotus_inotes | 229.161 | |
| ibm | lotus_inotes | 229.171 | |
| ibm | lotus_inotes | 229.181 | |
| ibm | lotus_inotes | 229.191 | |
| ibm | lotus_inotes | 229.201 | |
| ibm | lotus_inotes | 229.211 | |
| ibm | lotus_inotes | 229.221 | |
| ibm | lotus_inotes | 229.231 | |
| ibm | lotus_inotes | 229.241 | |
| ibm | lotus_inotes | 229.251 | |
| ibm | lotus_inotes | 229.261 | |
| ibm | lotus_domino | 8.0.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "220211F3-8AF4-419E-BB10-0E954F002DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4854AD77-45A0-45AB-B9DA-77FFB7531C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86A823BB-48B7-4F84-A01A-754987FDBD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B653AE06-0056-45AA-B321-391EE70532B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5C812F-4B1E-42A1-A478-978DF925D22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "723845C5-91E1-4BED-B41F-9E0A0DB629D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDCE5E6-F37D-4D1B-B863-E8FE8ABA79E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA92AB06-5510-4109-AE3A-75834E5F8A00",
"versionEndIncluding": "229.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*",
"matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*",
"matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*",
"matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*",
"matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*",
"matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.231:*:*:*:*:*:*:*",
"matchCriteriaId": "33A29245-F9DA-4F77-91EE-21C1FA3CE784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.241:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED49B-092B-411B-84AE-847770EE096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.251:*:*:*:*:*:*:*",
"matchCriteriaId": "483C2E2D-424C-453B-9D51-F53C6B32178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.261:*:*:*:*:*:*:*",
"matchCriteriaId": "4348F385-9AE1-4F8C-9F22-BE50FCA3710B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el control ActiveX Lotus Domino Web Access en IBM Lotus iNotes (alias Domino Web Access o DWA) 6.5, 7.0 en versiones anteriores a la 7.0.4, 8.0, 8.0.2 y en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento URL largo a un m\u00e9todo no especificado, alias PRAD7JTNHJ."
}
],
"id": "CVE-2010-0919",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-03T19:30:00.743",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38681"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023662"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62612"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38457"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0276
Vulnerability from fkie_nvd - Published: 2010-01-09 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | domino_web_access | * | |
| ibm | lotus_inotes | * | |
| ibm | lotus_domino | 8.0.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D53FB16-F441-48A4-A685-48257107EAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A641CD-F146-4732-8C4A-8DF6C230EE8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
},
{
"lang": "es",
"value": "IBM Lotus iNotes (tambi\u00e9n conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 no maneja adecuadamente la navegaci\u00f3n del \"Try Lotus iNotes anyway\" enlace desde la p\u00e1gina que informa del uso de un navegador no soportado, tiene u impacto y vectores de ataque sin especificar, tambi\u00e9n conocido como SPR LSHR7TBMQU."
}
],
"id": "CVE-2010-0276",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-09T18:30:01.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-3105
Vulnerability from fkie_nvd - Published: 2009-09-08 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | domino_web_access | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6608F6B-DA78-4CCF-8496-67EA0AB87D84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS)IBM Lotus iNotes (conocido como Domino Web Access o DWA) anterior v211.241 para Domino v8.0.1 permite a atacantes remotos ejecutar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como SPR EZEL7UURYC."
}
],
"id": "CVE-2009-3105",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-08T22:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36626"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36292"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4474
Vulnerability from fkie_nvd - Published: 2007-12-27 22:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | domino_web_access | 6.0 | |
| ibm | domino_web_access | 6.0.1 | |
| ibm | domino_web_access | 6.0.1.1 | |
| ibm | domino_web_access | 6.0.2 | |
| ibm | domino_web_access | 6.0.3 | |
| ibm | domino_web_access | 6.0.4 | |
| ibm | domino_web_access | 6.0.5 | |
| ibm | domino_web_access | 6.5 | |
| ibm | domino_web_access | 6.5.1 | |
| ibm | domino_web_access | 6.5.2 | |
| ibm | domino_web_access | 6.5.3 | |
| ibm | domino_web_access | 6.5.4 | |
| ibm | domino_web_access | 6.5.5 | |
| ibm | domino_web_access | 7.0 | |
| ibm | domino_web_access | 7.0.1 | |
| ibm | lotus_domino_web_access | 7.0.1 | |
| ibm | lotus_domino_web_access | 7.0.34.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA6D47-C1F7-463A-AED5-E3C253ADEF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "179A1BBE-2FB2-449D-90B7-3DDD43794B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "377006EB-EF18-4B5F-93DE-A4B91F7B6AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C12C7A-C820-468D-B619-A75060B8562B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21D6D6BD-F80D-4EF3-9713-CBAB8CBD4CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CFB784-67BA-4FDF-9F36-50895BB0CA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D062046-56EA-420F-8CF4-4CC1616F20DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "220211F3-8AF4-419E-BB10-0E954F002DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95FC4EF7-9E76-4790-A35D-951CC3BA816F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23E58595-AE0A-47AB-AC49-61C6B87B5504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F217AE30-EF90-4AED-815E-569AC29696ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B18ACE9-0DD2-486D-B034-B5598CDCA8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD8968A-6164-41CB-85C8-B3EDAFD3D83F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4854AD77-45A0-45AB-B9DA-77FFB7531C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86A823BB-48B7-4F84-A01A-754987FDBD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_web_access:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F46CAB34-95D7-4728-B29E-FE766DF257F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_web_access:7.0.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "587CC055-433D-4086-B1E3-0A9DF12030A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en el control ActiveX IBM Lotus Domino Web Access, proporcionado en inotes6.dll, inotes62.dll, dwa7.dll, y dwa7w.dll, en Domino 6.x y 7.x permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n, como se ha demostrado mediante un desbordamiento con un valor largo de la propiedad General_ServerName cuando se llama a la funci\u00f3n InstallBrowserHelperDll del m\u00f3dulo Upload en el control dwa7.dwa7.1 de dwa7w.dll 7.0.34.1."
}
],
"id": "CVE-2007-4474",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-27T22:46:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/40954"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28184"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26972"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1019138"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/5111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5111"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-0919 (GCVE-0-2010-0919)
Vulnerability from cvelistv5 – Published: 2010-03-03 19:00 – Updated: 2024-08-07 01:06
VLAI?
Summary
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inotes-activex-bo(56555)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "inotes-activex-bo(56555)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inotes-activex-bo(56555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023662"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0919",
"datePublished": "2010-03-03T19:00:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0276 (GCVE-0-2010-0276)
Vulnerability from cvelistv5 – Published: 2010-01-09 18:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0276",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2010-01-09T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3105 (GCVE-0-2009-3105)
Vulnerability from cvelistv5 – Published: 2009-09-08 22:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36292"
},
{
"name": "36626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36626"
},
{
"name": "ADV-2009-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"name": "domino-unspecified-xss(53086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36292"
},
{
"name": "36626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36626"
},
{
"name": "ADV-2009-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"name": "domino-unspecified-xss(53086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36292"
},
{
"name": "36626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36626"
},
{
"name": "ADV-2009-2557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"name": "domino-unspecified-xss(53086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3105",
"datePublished": "2009-09-08T22:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4474 (GCVE-0-2007-4474)
Vulnerability from cvelistv5 – Published: 2007-12-27 22:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019138"
},
{
"name": "5111",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5111"
},
{
"name": "26972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26972"
},
{
"name": "20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"name": "domino-dwa7w-bo(39175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"name": "4820",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"name": "VU#963889",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"name": "ADV-2007-4296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"name": "28184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28184"
},
{
"name": "4818",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"name": "40954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1019138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019138"
},
{
"name": "5111",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5111"
},
{
"name": "26972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26972"
},
{
"name": "20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"name": "domino-dwa7w-bo(39175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"name": "4820",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"name": "VU#963889",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"name": "ADV-2007-4296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"name": "28184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28184"
},
{
"name": "4818",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"name": "40954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-4474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019138"
},
{
"name": "5111",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5111"
},
{
"name": "26972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26972"
},
{
"name": "20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"name": "domino-dwa7w-bo(39175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"name": "4820",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"name": "VU#963889",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"name": "ADV-2007-4296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"name": "28184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28184"
},
{
"name": "4818",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"name": "40954",
"refsource": "OSVDB",
"url": "http://osvdb.org/40954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-4474",
"datePublished": "2007-12-27T22:00:00",
"dateReserved": "2007-08-22T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0919 (GCVE-0-2010-0919)
Vulnerability from nvd – Published: 2010-03-03 19:00 – Updated: 2024-08-07 01:06
VLAI?
Summary
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inotes-activex-bo(56555)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "inotes-activex-bo(56555)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inotes-activex-bo(56555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023662"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0919",
"datePublished": "2010-03-03T19:00:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0276 (GCVE-0-2010-0276)
Vulnerability from nvd – Published: 2010-01-09 18:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0276",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2010-01-09T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3105 (GCVE-0-2009-3105)
Vulnerability from nvd – Published: 2009-09-08 22:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36292"
},
{
"name": "36626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36626"
},
{
"name": "ADV-2009-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"name": "domino-unspecified-xss(53086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36292"
},
{
"name": "36626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36626"
},
{
"name": "ADV-2009-2557",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"name": "domino-unspecified-xss(53086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36292"
},
{
"name": "36626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36626"
},
{
"name": "ADV-2009-2557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2557"
},
{
"name": "domino-unspecified-xss(53086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53086"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3105",
"datePublished": "2009-09-08T22:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4474 (GCVE-0-2007-4474)
Vulnerability from nvd – Published: 2007-12-27 22:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019138"
},
{
"name": "5111",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5111"
},
{
"name": "26972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26972"
},
{
"name": "20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"name": "domino-dwa7w-bo(39175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"name": "4820",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"name": "VU#963889",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"name": "ADV-2007-4296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"name": "28184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28184"
},
{
"name": "4818",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"name": "40954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1019138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019138"
},
{
"name": "5111",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5111"
},
{
"name": "26972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26972"
},
{
"name": "20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"name": "domino-dwa7w-bo(39175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"name": "4820",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"name": "VU#963889",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"name": "ADV-2007-4296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"name": "28184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28184"
},
{
"name": "4818",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"name": "40954",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-4474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019138"
},
{
"name": "5111",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5111"
},
{
"name": "26972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26972"
},
{
"name": "20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html"
},
{
"name": "domino-dwa7w-bo(39175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39175"
},
{
"name": "4820",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4820"
},
{
"name": "VU#963889",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/963889"
},
{
"name": "ADV-2007-4296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4296"
},
{
"name": "28184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28184"
},
{
"name": "4818",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4818"
},
{
"name": "40954",
"refsource": "OSVDB",
"url": "http://osvdb.org/40954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-4474",
"datePublished": "2007-12-27T22:00:00",
"dateReserved": "2007-08-22T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}