exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

IBM Lotus Domino 8.5.3 XSS / CSRF / Redirection
Posted Feb 15, 2013
Authored by MustLive

IBM Lotus Domino version 8.5.3 suffers from cross site request forgery, cross site scripting, and redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 1130fe93667cda489b3f670cc5b50a599e490b92326bc69ca5a9d3e2a7a7cdbe

Related Files

Secunia Security Advisory 49285
Posted May 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Quickr for Domino, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 19df3425d40faaa71b7a01048bbccae0da66ea610c7d23677cc0f5376352beaf
IBM Lotus Notes/Domino 8.5.2 FP3 Denial Of Service
Posted Jan 1, 2012
Authored by XiaoPeng Zhang | Site fortinet.com

IBM Lotus Notes/Domino server suffers from a remote denial of service vulnerability that can be triggered by a malformed TCP packet. Versions 8.5.2 FP3 and earlier, 8.5.1, 8.5 and 8.0.x are affected.

tags | advisory, remote, denial of service, tcp
advisories | CVE-2011-1393
SHA-256 | d16ac8bae9357e03ce32188da32c40d2f0354c626f5fe6e353dc33c6272859ae
Secunia Security Advisory 47331
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 75d99017226395d9746f38b8e0abc6f17797a866441acb4f953b6c482864345e
IBM Lotus Domino Authentication Bypass
Posted Nov 30, 2011
Authored by Alexey Sintsov

IBM Lotus Domino versions 8.5.3 and 8.5.2 FP3 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2011-1519
SHA-256 | a2ec180c7015b665a8c09c5c87f819d86fe11a21748572b331a213d5403e5704
Secunia Security Advisory 46791
Posted Nov 12, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in IBM Lotus Domino, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.

tags | advisory
SHA-256 | 8a8f317da31956d5ea21d01b9102e136266856f937d74c6b1aea3ac66e608ef2
Lotus Domino Denial Of Service
Posted Jul 19, 2011

Lotus Domino version 8.5.3 suffers from a denial of service vulnerability when parsing malformed .ics files.

tags | exploit, denial of service
SHA-256 | a9d858f49f59e317ae9234682048990a901ab4dbe1da596043743982fdf60d94
IBM Lotus Domino iCalendar MAILTO Buffer Overflow
Posted Apr 6, 2011
Authored by sinn3r, A.Plaskett | Site metasploit.com

This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2010-3407, OSVDB-68040
SHA-256 | 58a0109fc5ef5bec16039ceb68600f3e20fe6be1a9d5c1104237dc5b1f0cde5e
Secunia Security Advisory 43860
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 5f194793da5838c13cda14c60dac03bdaee2aa04f5bf8711fc0d485ed2e70be5
Zero Day Initiative Advisory 11-110
Posted Mar 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability. The flaw exists within the remote console functionality which listens by default on TCP port 2050. When handling A user authentication the server uses a user supplied COOKIEFILE path to retrieve stored credentials. The application then compares this data against the user provided username and cookie. The path to the COOKIEFILE can be a UNC path allowing the attacker to control both the known good credentials and the challenge credentials. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | c60ce5be38ddd1364df0e59214769dec234a68a8836d951b19333cf79651efbd
Domino Sametime 8.0.1 Cross Site Scripting
Posted Feb 22, 2011
Authored by Dave Daly

Domino Sametime version 8.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-1038
SHA-256 | e1428bf74438e5567ff7a19d493367a2982c86e5641db61f01aca03954af640e
IBM Lotus Domino LDAP Remote Code Execution
Posted Feb 19, 2011
Authored by Francis Provencher

IBM Lotus Domino LDAP bind request remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2010-4323
SHA-256 | 46402f3ac39ee9e15c00c1a55880febf3a51331ae26d8997f960f98c07fdb606
Secunia Security Advisory 43247
Posted Feb 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 6a87fb6bda828e9a6da313737d10c6e187f22f96a601256b6c0c017ec290ff18
Secunia Security Advisory 43224
Posted Feb 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | f344d05e935dab4a11542b87865ac1527c4007313488ab170422fa539f65cf99
Secunia Security Advisory 43208
Posted Feb 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 2fa9a13210233822469324788d779a07dfe6fe7c55f7458f44bd81743c83efd1
Zero Day Initiative Advisory 11-053
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-053 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, local, tcp
SHA-256 | a194da46984ca0fcbd668918ed76961c13b95e538a5c91539a14459d8b50334f
Zero Day Initiative Advisory 11-052
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-052 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP client Request packet type the process can be made to mis-allocate a buffer size due to a signed-ness bug. Later, the process blindly copies user supplied data into this under allocated heap buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | 85e8aee2d6b59feeb796738da1b02f6638705c4cc5ca28b189cf09d07d34bddc
Zero Day Initiative Advisory 11-049
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-049 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP service while processing a malformed e-mail. The process continually appends each argument within a filename parameter into a buffer in memory. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | ebbcaa4bec81a1bbb394b6c38c7ac9e750d79863940b1731be2281fede698df9
Zero Day Initiative Advisory 11-048
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-048 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting request. The process copies the contents of the name parameter within the Content-Type header into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 9e6b48942aef107760324058e3ae367162c825c55a3df189d7b05a6b4a064e41
Zero Day Initiative Advisory 11-047
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-047 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bind Request packet the process blindly copies user supplied data into an undersized shared memory buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | 41b863a920f2e077d4e8d4b985be52979de4aae9f297bd311177ea3850049f02
Zero Day Initiative Advisory 11-046
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-046 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NRouter service while transporting malformed e-mails. The vulnerable code copies data from the ATTACH:CID and Content-ID headers within an e-mail into a fixed length stack buffer. By providing a large enough file name, this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | bdd4162ce5354caa85ddefb3baeb8113ed3c2ef0947470f6bc5a8bacece36c39
Zero Day Initiative Advisory 11-045
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-045 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the POP3 and IMAP services while processing malformed e-mails. The vulnerable code expands specific non-printable characters within a "mail from" command without allocating adequate space. By providing enough of these characters, memory can be corrupted leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, imap, code execution
SHA-256 | 2452239f3ac3458dd571744680a1b8ac260cc8c727681ae26b4e843899ce1e0a
Zero Day Initiative Advisory 10-177
Posted Sep 15, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-177 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed e-mail. The process copies the contents of the MAILTO header within a calendar request into a fixed size stack buffer. By providing enough data this buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | b38e9ed7898f15baadfb1def1048e9914a6679cba783785912c51d470e5427a1
IBM Lotus Domino iCalendar Stack Buffer Overflow
Posted Sep 15, 2010
Authored by A. Plaskett

IBM Lotus Domino iCalendar suffers from an email address stack buffer overflow vulnerability. Versions 8.0 and 8.5 are affected.

tags | exploit, overflow
SHA-256 | 16535cd708efaec4cc2eb1ff7547ec73bf0cd92eaab823f875f7a249ef6fe6b8
Secunia Security Advisory 41433
Posted Sep 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 08fe1371546f76b784586d36ff4d15682333ea2aa27bf67d08fd0c04ebbb5928
iDEFENSE Security Advisory 2010-03-02.1
Posted Mar 3, 2010
Authored by iDefense Labs, Elazar Broad | Site idefense.com

iDefense Security Advisory 03.02.10 - Remote exploitation of a stack-based buffer overflow vulnerability in IBM Corp.'s Lotus Domino Web Access ActiveX control could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable function takes an attacker-controlled URL, and copies it into a fixed-size stack buffer. No validation checks are performed on the length of the URL. By passing in a long URL string, it is possible to trigger a stack-based buffer overflow, resulting in the execution of arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, activex
SHA-256 | d7bb11918744f40858388713a6cadb9a010141307cf776efd3f5a90a2856dc85
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close