Ibm: >> Lotus Domino >> 6.5.1 Security Vulnerabilities
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).
CVSS Score
5.0
EPSS Score
0.014
Published
2005-05-03
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.
CVSS Score
4.3
EPSS Score
0.069
Published
2004-12-31
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.
CVSS Score
3.6
EPSS Score
0.007
Published
2004-12-31
Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.
CVSS Score
6.4
EPSS Score
0.003
Published
2004-12-31
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
CVSS Score
4.3
EPSS Score
0.034
Published
2004-10-18
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
CVSS Score
5.0
EPSS Score
0.047
Published
2004-08-06
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-08-06
Page 4