Search Results (290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0429 1 Ibm 1 Lotus Notes 2026-04-16 N/A
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
CVE-2004-2310 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.
CVE-2001-1504 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.
CVE-1999-0284 2 Ibm, Microsoft 2 Lotus Domino Mail Server, Exchange Server 2026-04-16 N/A
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
CVE-2003-0123 1 Ibm 2 Lotus Domino, Lotus Notes Client 2026-04-16 N/A
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
CVE-2003-0122 1 Ibm 2 Lotus Domino, Lotus Notes Client 2026-04-16 N/A
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
CVE-2004-2280 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
CVE-2005-2454 1 Ibm 1 Lotus Notes 2026-04-16 N/A
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.
CVE-2002-1624 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.
CVE-2004-2281 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.
CVE-2005-3015 1 Ibm 2 Lotus Domino, Lotus Domino Enterprise Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.
CVE-2004-2667 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2005-2428 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
CVE-2006-0663 1 Ibm 1 Lotus Domino Inotes Client 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
CVE-2004-1621 1 Ibm 1 Lotus Domino 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
CVE-2006-1948 1 Ibm 1 Lotus Notes 2026-04-16 N/A
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.
CVE-2005-2618 2 Autonomy, Ibm 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more 2026-04-16 N/A
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).
CVE-2003-0180 1 Ibm 1 Lotus Domino Web Server 2026-04-16 N/A
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
CVE-2006-0662 1 Ibm 1 Lotus Domino Inotes Client 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.
CVE-2002-0086 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.