Lotus Domino Server

lotus_domino_server

Vendor: Ibm • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-7253 1Ibm 1Lotus Domino Server Apr 29, 2026 Jan 25, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials...Show more The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.Show less
CVE-2006-0580 1Ibm 1Lotus Domino Server Apr 16, 2026 Feb 8, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP).
CVE-2005-1101 1Ibm 1Lotus Domino Server Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time o...Show more Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields.Show less
CVE-2005-0986 1Ibm 1Lotus Domino Server Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET reques...Show more NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue.Show less
CVE-2002-2025 1Ibm 1Lotus Domino Server Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS...Show more Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name.Show less
CVE-2002-0037 1Ibm 1Lotus Domino Server Apr 16, 2026 Apr 22, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.
CVE-2001-1567 1Ibm 2Lotus Domino Lotus Domino Server Apr 16, 2026 Dec 31, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "...Show more Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.Show less
CVE-1999-0729 1Ibm 1Lotus Domino Server Apr 16, 2026 Mar 12, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.