lotus CVE 脆弱性と CVE 一覧(30)

製品(CPE): — CVE 件数: 30

lotus 脆弱性概要

lotus 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は パス処理の欠陥、バッファオーバーフロー、vendor risk denial of service, and vendor risk cross-site scripting に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で ファイル上書き などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 30 CVE 件数
«« 先頭 « 前へ 1 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2003-1408 Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. [email protected] 5.0 1.32% 2003-12-31 2026-06-16
CVE-2002-2191 Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner. [email protected] 5.0 2.93% 2002-12-31 2026-06-16
CVE-2002-1010 Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. [email protected] 7.5 1.40% 2002-10-04 2026-06-16
CVE-2002-0408 htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. [email protected] 5.0 1.72% 2002-07-26 2026-06-16
CVE-2002-0407 htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. [email protected] 5.0 2.78% 2002-07-26 2026-06-16
CVE-2002-0245 Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. [email protected] 7.5 2.51% 2002-05-29 2026-06-16
CVE-2002-0087 bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. [email protected] 2.1 0.34% 2002-03-15 2026-06-16
CVE-2001-0954 Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. [email protected] 5.0 1.63% 2001-12-07 2026-06-16
CVE-2001-0847 Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. [email protected] 7.5 2.42% 2001-12-06 2026-06-16
CVE-2001-0846 Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). [email protected] 10.0 40.96% 2001-12-06 2026-06-16
CVE-2001-0939 Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. [email protected] 5.0 1.63% 2001-11-30 2026-06-16
CVE-2001-1018 Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. [email protected] 5.0 2.30% 2001-09-20 2026-06-16
CVE-2000-1203 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. [email protected] 5.0 2.47% 2001-08-20 2026-06-16
CVE-2001-0604 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters. [email protected] 5.0 1.34% 2001-08-02 2026-06-16
CVE-2001-0603 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148. [email protected] 5.0 1.34% 2001-08-02 2026-06-16
CVE-2001-0602 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. [email protected] 5.0 1.91% 2001-08-02 2026-06-16
CVE-2001-0601 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters. [email protected] 5.0 1.89% 2001-08-02 2026-06-16
CVE-2001-0600 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. [email protected] 5.0 1.34% 2001-08-02 2026-06-16
CVE-2001-1161 Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. [email protected] 7.5 3.63% 2001-07-02 2026-06-16
CVE-2001-0260 Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command. [email protected] 7.5 3.95% 2001-06-02 2026-06-16
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence