jetlib.sec » Tags » lotus

Feeds

133360 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

79 items tagged "lotus"

Related tags: safer use [+], buffer overflow vulnerability [+], buffer overflow [+], notes [+], domino server [+], domino icalendar [+], zero day [+], service vulnerability [+], email [+], cms [+], arbitrary code [+], txt [+], technology [+], oracle [+], lotus domino server [+], lotus 6 [+], lotus 123 [+], denial [+], authentication [+], mailto [+], email attachment [+], denial of service [+], buffer [+], autonomy [+], ibm [+], service [+], overflow vulnerability [+], multiple buffer overflow [+], mailbox account [+], lotus symphony [+], lotus notes [+], keyview [+], http [+], fraise [+], forgery [+], exploits [+], domino authentication [+], disclosure [+], content [+], bypass [+], bugtraq [+], buffer overflow vulnerabilities [+], arbitrary code execution [+], xls [+], whitepaper [+], symphony office [+], stack overflow [+], scanner [+], poc [+], pdf [+], nsf [+], lotus version [+], lotus notes domino [+], hijacking [+], domino remote [+], criando [+], controller [+], console [+], code [+], ascii string [+], vulnerability [+], lotus domino [+], domino [+], zdi [+], windows [+], vulnerabilities [+], target address [+], symphony [+], surunas [+], router [+], retired [+], request [+], remote buffer overflow [+], remote [+], password storage [+], paper [+], overflow [+], operation [+], nsfcomputeevaluateext [+], note [+], nldap [+], mobile [+], memory corruption [+], lotus notes client [+], integer overflow vulnerability [+], install [+], insecure password [+], information disclosure vulnerability [+], image object [+], heap [+], hackproofing [+], exploit [+], email server [+], domino web server [+], domino version [+], domino smtp [+], domino rpc [+], domino event [+], domino current [+], domino base [+], document attachment [+], day [+], david litchfield [+], black hat [+], bind request [+], biff [+], authors [+], code execution [+], stack buffer [+]

• February 24, 2012
• 0:00

  Vuln: IBM Lotus Symphony Image Object Integer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Symphony Image Object Integer Overflow Vulnerability

  Tags:  symphony lotus ibm integer-overflow-vulnerability lotus-symphony image-object  

• January 24, 2012
• 0:00

  Vuln: Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

  Tags:  technology lotus oracle lotus-123 code-execution vulnerability  

• January 02, 2012
• 0:00

  Vuln: IBM Lotus Domino RPC Operation Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Domino RPC Operation Denial of Service Vulnerability

  Tags:  lotus ibm operation domino-rpc lotus-domino service-vulnerability denial-of-service  

• January 01, 2012
• 8:35

  IBM Lotus Notes/Domino 8.5.2 FP3 Denial Of Service

   » ‎ Packet Storm Security Recent Files
  IBM Lotus Notes/Domino server suffers from a remote denial of service vulnerability that can be triggered by a malformed TCP packet. Versions 8.5.2 FP3 and earlier, 8.5.1, 8.5 and 8.0.x are affected.

  Tags:  lotus ibm denial domino lotus-notes-domino domino-server service-vulnerability  

• 8:35

  IBM Lotus Notes/Domino 8.5.2 FP3 Denial Of Service

   » ‎ Packet Storm Security Misc. Files
  IBM Lotus Notes/Domino server suffers from a remote denial of service vulnerability that can be triggered by a malformed TCP packet. Versions 8.5.2 FP3 and earlier, 8.5.1, 8.5 and 8.0.x are affected.

  Tags:  lotus ibm denial domino lotus-notes-domino domino-server service-vulnerability  

• December 01, 2011
• 0:00

  Vuln: IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

  Tags:  console lotus ibm domino-remote lotus-domino vulnerability authentication  

• November 30, 2011
• 15:58

  IBM Lotus Domino Authentication Bypass

   » ‎ Packet Storm Security Exploits
  IBM Lotus Domino versions 8.5.3 and 8.5.2 FP3 suffer from an authentication bypass vulnerability.

  Tags:  lotus ibm bypass domino-authentication domino lotus-domino authentication vulnerability  

• 15:58

  IBM Lotus Domino Authentication Bypass

   » ‎ Packet Storm Security Recent Files
  IBM Lotus Domino versions 8.5.3 and 8.5.2 FP3 suffer from an authentication bypass vulnerability.

  Tags:  lotus ibm bypass domino-authentication domino lotus-domino authentication vulnerability  

• 15:58

  IBM Lotus Domino Authentication Bypass

   » ‎ Packet Storm Security Misc. Files
  IBM Lotus Domino versions 8.5.3 and 8.5.2 FP3 suffer from an authentication bypass vulnerability.

  Tags:  lotus ibm bypass domino-authentication domino lotus-domino authentication vulnerability  

• 14:00

  [remote exploits] - IBM Lotus Domino Server Controller Authentication Bypass Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - IBM Lotus Domino Server Controller Authentication Bypass Vulnerability

  Tags:  lotus ibm controller domino-server lotus-domino-server exploits vulnerability  

• 0:00

  Vuln: IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

  Tags:  console lotus ibm domino-remote lotus-domino vulnerability authentication  

• November 04, 2011
• 10:39

  IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow vulnerability

   » ‎ SecuriTeam
  A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  buffer lotus ibm buffer-overflow-vulnerability stack-buffer document-attachment  

• 10:39

  IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  buffer lotus ibm buffer-overflow-vulnerability stack-buffer safer-use  

• 10:29

  IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  buffer lotus ibm buffer-overflow-vulnerability stack-buffer safer-use  

• November 02, 2011
• 15:44

  IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow Vulnerability

   » ‎ SecuriTeam
  A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  buffer lotus ibm buffer-overflow-vulnerability stack-buffer safer-use  

• 0:00

  Vuln: IBM Lotus Domino 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Domino 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow Vulnerability

  Tags:  nsfcomputeevaluateext lotus ibm domino buffer-overflow-vulnerability lotus-domino stack-buffer  

• October 31, 2011
• 22:48

  [Paper] Hackproofing Lotus Domino

   » ‎ SecDocs
  Authors: David Litchfield
  Tags: Domino
  Event: Black Hat EU 2001
  

  Tags:  hackproofing lotus paper david-litchfield domino authors domino-event lotus-domino black-hat  

• October 26, 2011
• 0:00

  Vuln: Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

  Tags:  technology lotus oracle lotus-123 code-execution vulnerability  

• October 19, 2011
• 19:07

  Lotus Notes XLS viewer malformed BIFF record heap overflow Vulnerability

   » ‎ SecuriTeam
  A memory corruption vulnerability can be triggered when a Lotus Notes client parses a .XLS file with a specially crafted BIFF record.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  lotus biff xls lotus-notes-client overflow-vulnerability memory-corruption  

• September 26, 2011
• 0:00

  Vuln: Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

  Tags:  technology lotus oracle lotus-123 code-execution vulnerability  

• September 02, 2011
• 0:00

  Vuln: Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

  Tags:  technology lotus oracle lotus-123 code-execution vulnerability  

• July 20, 2011
• 0:00

  Vuln: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability

  Tags:  request lotus ibm domino-icalendar buffer-overflow-vulnerability lotus-domino stack-buffer  

• July 19, 2011
• 14:33

  Lotus Domino Denial Of Service

   » ‎ Packet Storm Security Exploits
  Lotus Domino version 8.5.3 suffers from a denial of service vulnerability when parsing malformed .ics files.

  Tags:  lotus denial service domino lotus-domino service-vulnerability denial-of-service  

• 14:33

  Lotus Domino Denial Of Service

   » ‎ Packet Storm Security Recent Files
  Lotus Domino version 8.5.3 suffers from a denial of service vulnerability when parsing malformed .ics files.

  Tags:  lotus denial service domino lotus-domino service-vulnerability denial-of-service  

• 14:33

  Lotus Domino Denial Of Service

   » ‎ Packet Storm Security Misc. Files
  Lotus Domino version 8.5.3 suffers from a denial of service vulnerability when parsing malformed .ics files.

  Tags:  lotus denial service domino lotus-domino service-vulnerability denial-of-service  

• July 18, 2011
• 21:00

  [dos / poc] - Lotus Domino SMTP router, EMAIL server and client DoS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - Lotus Domino SMTP router, EMAIL server and client DoS

  Tags:  poc lotus router domino-smtp lotus-domino email-server  

• June 25, 2011
• 0:54

  Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a stack buffer overflow in Lotus Notes 8.5.2 when parsing a specially crafted malformed LZH file.

  Tags:  autonomy lotus keyview stack-buffer buffer-overflow  

• 0:54

  Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a stack buffer overflow in Lotus Notes 8.5.2 when parsing a specially crafted malformed LZH file.

  Tags:  autonomy lotus keyview stack-buffer buffer-overflow  

• 0:54

  Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a stack buffer overflow in Lotus Notes 8.5.2 when parsing a specially crafted malformed LZH file.

  Tags:  autonomy lotus keyview stack-buffer buffer-overflow  

• June 22, 2011
• 21:00

  [remote exploits] - Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)

  Tags:  note exploit remote autonomy exploits lotus  

• May 27, 2011
• 0:00

  Vuln: IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities

  Tags:  lotus ibm notes multiple-buffer-overflow buffer-overflow-vulnerabilities lotus-notes  

• 0:00

  Vuln: RETIRED: IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities

  Tags:  lotus ibm retired buffer-overflow-vulnerabilities multiple-buffer-overflow lotus-notes  

• May 25, 2011
• 8:00

  Bugtraq: CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow

   » ‎ SecurityFocus Vulnerabilities
  CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow

  Tags:  lotus xls notes heap overflow  

• 0:00

  Vuln: IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities

  Tags:  lotus ibm notes multiple-buffer-overflow buffer-overflow-vulnerabilities lotus-notes  

• May 18, 2011
• 20:59

  IBM Lotus Domino Server Controller Authentication Bypass Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code lotus controller domino-server lotus-domino-server code-execution safer-use  

• April 23, 2011
• 19:49

  Lotus Domino Server diiop getEnvironmentString Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code vulnerability lotus domino-server domino lotus-domino-server code-execution safer-use  

• April 20, 2011
• 0:00

  Vuln: Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability

  Tags:  technology lotus oracle lotus-123 code-execution vulnerability  

• April 06, 2011
• 0:00

  Vuln: IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability

  Tags:  lotus ibm domino buffer-overflow-vulnerability lotus-domino stack-buffer  

• April 05, 2011
• 17:58

  IBM Lotus Domino iCalendar MAILTO Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.

  Tags:  lotus ibm mailto domino-icalendar domino arbitrary-code-execution lotus-domino mailbox-account  

• 17:58

  IBM Lotus Domino iCalendar MAILTO Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.

  Tags:  lotus ibm mailto domino-icalendar domino arbitrary-code-execution lotus-domino mailbox-account  

• 17:58

  IBM Lotus Domino iCalendar MAILTO Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.

  Tags:  lotus ibm mailto domino-icalendar domino arbitrary-code-execution lotus-domino mailbox-account  

• March 23, 2011
• 8:00

  Bugtraq: ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

  Tags:  day lotus ibm domino-server lotus-domino-server code-execution zdi  

• March 15, 2011
• 21:26

  Lotus CMS 3.0.3 XSRF / XSS / File Content Disclosure

   » ‎ Packet Storm Security Exploits
  Lotus CMS version 3.0.3 suffers from cross site request forgery, file content disclosure, and cross site scripting vulnerabilities.

  Tags:  content lotus cms forgery disclosure  

• 21:26

  Lotus CMS 3.0.3 XSRF / XSS / File Content Disclosure

   » ‎ Packet Storm Security Recent Files
  Lotus CMS version 3.0.3 suffers from cross site request forgery, file content disclosure, and cross site scripting vulnerabilities.

  Tags:  content lotus cms forgery disclosure  

• 21:26

  Lotus CMS 3.0.3 XSRF / XSS / File Content Disclosure

   » ‎ Packet Storm Security Misc. Files
  Lotus CMS version 3.0.3 suffers from cross site request forgery, file content disclosure, and cross site scripting vulnerabilities.

  Tags:  content lotus cms forgery disclosure  

• February 18, 2011
• 14:00

  [dos / poc] - IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

  Tags:  poc lotus ibm bind-request lotus-domino code-execution  

• 0:00

  Vuln: IBM Lotus Domino 'nLDAP.exe' Remote Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Domino 'nLDAP.exe' Remote Buffer Overflow Vulnerability

  Tags:  lotus nldap ibm domino buffer-overflow-vulnerability remote-buffer-overflow lotus-domino  

• January 10, 2011
• 7:33

  Lotus CMS Fraise 3.0 Local File Inclusion / Code Execution

   » ‎ Packet Storm Security Exploits
  Lotus CMS Fraise version 3.0 local file inclusion and code execution exploit.

  Tags:  lotus fraise cms code-execution  

• 7:33

  Lotus CMS Fraise 3.0 Local File Inclusion / Code Execution

   » ‎ Packet Storm Security Recent Files
  Lotus CMS Fraise version 3.0 local file inclusion and code execution exploit.

  Tags:  lotus fraise cms code-execution  

• 7:33

  Lotus CMS Fraise 3.0 Local File Inclusion / Code Execution

   » ‎ Packet Storm Security Misc. Files
  Lotus CMS Fraise version 3.0 local file inclusion and code execution exploit.

  Tags:  lotus fraise cms code-execution  

• December 27, 2010
• 0:00

  Vuln: IBM Lotus Mobile Connect Unspecified Cross Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Mobile Connect Unspecified Cross Site Scripting Vulnerabilities

  Tags:  lotus mobile ibm vulnerabilities  

• November 04, 2010
• 17:33

  IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  vulnerability lotus ibm domino-icalendar domino overflow-vulnerability stack-overflow lotus-domino  

• October 18, 2010
• 22:01

  lotus-scanner.pdf

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called Criando scanner para detector a falha Lotus Domino vulneravel ao exploit do Metasploit. Written in Portuguese.

  Tags:  criando pdf whitepaper domino lotus-domino lotus scanner  

• 22:01

  lotus-scanner.pdf

   » ‎ Packet Storm Security Recent Files
  Whitepaper called Criando scanner para detector a falha Lotus Domino vulneravel ao exploit do Metasploit. Written in Portuguese.

  Tags:  criando pdf whitepaper domino lotus-domino lotus scanner  

• October 06, 2010
• 13:42

  IBM Lotus Notes Autonomy KeyView WK3 Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  lotus ibm notes code-execution safer-use arbitrary-code  

• 13:42

  IBM Lotus Notes Autonomy KeyView Office Shape Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  lotus ibm notes code-execution safer-use arbitrary-code  

• 13:37

  IBM Lotus Notes Autonomy KeyView WK3 Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  lotus ibm notes code-execution safer-use arbitrary-code  

• October 03, 2010
• 23:54

  IBM Lotus Notes Autonomy KeyView Word Parsing Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  lotus ibm notes code-execution safer-use arbitrary-code  

• September 14, 2010
• 21:01

  ibmicalendar-overflow.txt

   » ‎ Packet Storm Security Exploits
  IBM Lotus Domino iCalendar suffers from an email address stack buffer overflow vulnerability. Versions 8.0 and 8.5 are affected.

  Tags:  txt lotus ibm domino-icalendar buffer-overflow-vulnerability lotus-domino stack-buffer  

• 14:00

  Bugtraq: ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability

  Tags:  lotus ibm mailto domino-icalendar overflow-vulnerability stack-overflow lotus-domino  

• 14:00

  [remote exploits] - IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow

  Tags:  lotus ibm exploits lotus-domino stack-buffer buffer-overflow  

• 8:41

  IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow

  Tags:  lotus ibm domino lotus-domino stack-buffer buffer-overflow  

• September 12, 2010
• 20:00

  ibmlotus-dllhijack.txt

   » ‎ Packet Storm Security Recent Files
  IBM Lotus Symphony Office Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  txt lotus ibm lotus-symphony symphony-office hijacking  

• 20:00

  ibmlotus-dllhijack.txt

   » ‎ Packet Storm Security Advisories
  IBM Lotus Symphony Office Suite suffers from an insecure DLL hijacking vulnerability.

  Tags:  txt lotus ibm lotus-symphony symphony-office hijacking  

• August 23, 2010
• 18:47

  ZDI-10-156.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed Word document. The application will copy an arbitrarily sized ASCII string representing the font name into a constant sized buffer located on the stack. If large enough this will lead to a buffer overflow and can lead to code execution under the context of the application.

  Tags:  lotus vulnerability email ascii-string buffer-overflow zero-day  

• 18:47

  ZDI-10-157.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-157 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a Word document containing a malformed shape. The application will calculate a length incorrectly when using it to copy data into an allocated buffer. This can lead to code execution under the context of the application.

  Tags:  lotus vulnerability email zero-day email-attachment arbitrary-code  

• 18:47

  ZDI-10-159.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed .wk3 document. The application will trust a length specified in the file in order to read a number of bytes into a statically allocated buffer. This leads to a buffer overflow and can lead to code execution under the context of the application.

  Tags:  lotus vulnerability email buffer-overflow zero-day email-attachment  

• 18:47

  ZDI-10-156.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed Word document. The application will copy an arbitrarily sized ASCII string representing the font name into a constant sized buffer located on the stack. If large enough this will lead to a buffer overflow and can lead to code execution under the context of the application.

  Tags:  lotus vulnerability email ascii-string buffer-overflow zero-day  

• 18:47

  ZDI-10-157.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-157 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a Word document containing a malformed shape. The application will calculate a length incorrectly when using it to copy data into an allocated buffer. This can lead to code execution under the context of the application.

  Tags:  lotus vulnerability email zero-day email-attachment arbitrary-code  

• 18:47

  ZDI-10-159.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed .wk3 document. The application will trust a length specified in the file in order to read a number of bytes into a statically allocated buffer. This leads to a buffer overflow and can lead to code execution under the context of the application.

  Tags:  lotus vulnerability email buffer-overflow zero-day email-attachment  

• May 25, 2010
• 9:00

  Bugtraq: Re: IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Re: IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability

  Tags:  lotus nsf ibm lotus-6 bugtraq vulnerability  

• May 05, 2010
• 6:36

  Metasploit Lotus Domino Version Scanner

   » ‎ Carnal0wnage
  I pushed out the first of a few Lotus Domino modules I've been working on to the metasploit trunk last nite.
  
  The first one is a Lotus Domino Version Module.
  
  There is no real "banner grabbing" for versions with Lotus Domino, old old versions "may" display the version in the server headers but I've never seen anything above 5.x do this. You usually get something like:
  
  HTTP/1.0 200 OK
  Server: Lotus-Domino
  Date: Fri, 30 Apr 2010 00:19:11 GMT
  Last-Modified: Wed, 07 Apr 2010 01:39:54 GMT
  Content-Type: text/html; charset=UTF-8
  Content-Length: 5390
  Cache-control: private
  ETag: W/"MTAtODA4NS1DMTI1NzZENjAwMTVGRDhELTAtMA=="
  
  for headers.
  
  Useful enough to identify that its a Domino web server but not so much for using the couple of remote exploits out there that are very version and/or fixpack dependent.
  
  There are a couple of files that the web server may serve up that have version information.
  
  The first being iNotes/FormsX.nsf that usually has the version information as a comment in the html (this can be turned off) and the second being download/filesets/l_LOTUS_SCRIPT.inf
  type files that has the base install version (at least as far as I can tell its the base install). *If thats not right please let me know*
  
  So let's give it a test drive...
  
  

  msf > use auxiliary/scanner/lotus/lotus_domino_version
  msf auxiliary(lotus_domino_version) > info
  
        Name: Lotus Domino Version
     Version: $Revision$
     License: Metasploit Framework License (BSD)
        Rank: Normal
  
  Provided by:
   CG
  
  Basic options:
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   PATH     /                yes       path
   Proxies                   no        Use a proxy chain
   RHOSTS                    yes       The target address range or CIDR identifier
   RPORT    80               yes       The target port
   THREADS  1                yes       The number of concurrent threads
   VHOST                     no        HTTP server virtual host
  
  Description:
   Checks to determine Lotus Domino Server Version.
  
  msf auxiliary(lotus_domino_version) > set RHOSTS file:/home/user/shodan-domino.txt
  RHOSTS => file:/home/user/shodan-domino.txt
  msf auxiliary(lotus_domino_version) > run
  
  [*] 192.168.245.101:80 Lotus Domino Current Version: 6.5.4 (Windows NT/Intel)
  [*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
  [*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
  [*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
  [*] 192.168.245.101:80 Lotus Domino Base Install Version: 6.0.5.50
  [*] 192.168.80.132:80 Lotus Domino Current Version: 6.5.5 (Solaris Sparc)
  [*] 192.168.80.132:80 Lotus Domino Base Install Version: 6.0.4
  [*] 192.168.80.132:80 Lotus Domino Base Install Version: 6.0.4
  [-] no response for 192.168.80.132:80 download/filesets/l_SEARCH.inf
  [*] 192.168.80.132:80 Lotus Domino Base Install Version: 6.0.4
  [*] Scanned 02 of 20 hosts (010% complete)
  [*] 192.168.220.33:80 Lotus Domino Current Version: 8.0.2 HF1190 (Windows NT/Intel)
  [*] 192.168.220.33:80 Lotus Domino Current Version: 8.0.2 HF1190 (Windows NT/Intel)
  [*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
  [*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
  [*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
  [*] 192.168.220.33:80 Lotus Domino Base Install Version: 8.0.1.0
  [-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/iNotes/Forms5.nsf
  [-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/iNotes/Forms6.nsf
  [-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/iNotes/Forms7.nsf
  [-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/l_LOTUS_SCRIPT.inf
  [-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/n_LOTUS_SCRIPT.inf
  [-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/l_SEARCH.inf
  [-] 192.168.152.68:80 302 Redirect to https://192.168.152.68/download/filesets/n_SEARCH.inf
  [*] Scanned 04 of 20 hosts (020% complete)
  [*] 192.168.166.33:80 Lotus Domino Current Version: 7.0.1 (Windows NT/Intel)
  [*] 192.168.166.33:80 Lotus Domino Current Version: 7.0.1 (Windows NT/Intel)
  [*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
  [*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
  [*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
  [*] 192.168.166.33:80 Lotus Domino Base Install Version: 7.0.1.0
  [*] Scanned 06 of 20 hosts (030% complete)
  [*] 192.168.33.93:80 Lotus Domino Current Version: 7.0.2 (Windows NT/Intel)
  [*] 192.168.33.93:80 Lotus Domino Current Version: 7.0.2 (Windows NT/Intel)
  [*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
  [*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
  [*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
  [*] 192.168.33.93:80 Lotus Domino Base Install Version: 7.0.2.0
  [*] 192.168.246.154:80 Lotus Domino Current Version: 7.0.3FP1 (Windows NT/Intel)
  [*] 192.168.246.154:80 Lotus Domino Current Version: 7.0.3FP1 (Windows NT/Intel)
  [*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
  [*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
  [*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
  [*] 192.168.246.154:80 Lotus Domino Base Install Version: 7.0.3.0
  ... 

  

  Tags:  lotus install windows domino-version domino-current domino-server domino domino-base lotus-domino-server domino-web-server target-address  

• April 16, 2010
• 0:00

  Vuln: IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability

  Tags:  lotus surunas ibm information-disclosure-vulnerability insecure-password password-storage  

• March 23, 2010
• 10:15

  IBM Lotus 6.x HTTP Response Splitting Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  IBM Lotus 6.x HTTP Response Splitting Vulnerability

  Tags:  lotus http ibm lotus-6 vulnerability  

• March 22, 2010
• 10:00

  Bugtraq: IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability

  Tags:  lotus nsf ibm lotus-6 bugtraq vulnerability  

• March 20, 2010
• 3:00

  IBM Lotus 6.x HTTP Response Splitting Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  IBM Lotus 6.x HTTP Response Splitting Vulnerability

  Tags:  lotus http ibm lotus-6 vulnerability  

• March 19, 2010
• 19:55

  ibmlotus-httpsplitting.txt

   » ‎ Packet Storm Security Recent Files
  IBM Lotus version 6.x suffers from a HTTP response splitting vulnerability.

  Tags:  txt lotus ibm lotus-version vulnerability  

• 19:54

  ibmlotus-httpsplitting.txt

   » ‎ Packet Storm Security Exploits
  IBM Lotus version 6.x suffers from a HTTP response splitting vulnerability.

  Tags:  txt lotus ibm lotus-version vulnerability  

• 9:00

  Bugtraq: IBM Lotus 6.x HTTP Response Splitting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus 6.x HTTP Response Splitting Vulnerability

  Tags:  lotus http ibm lotus-6 bugtraq vulnerability