Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
Max CVSS
7.5
EPSS Score
0.70%
Published
2001-03-01
Updated
2017-07-11
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
Max CVSS
7.5
EPSS Score
4.10%
Published
2001-07-02
Updated
2008-09-05
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
Max CVSS
5.0
EPSS Score
0.51%
Published
2001-09-20
Updated
2017-12-19
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.
Max CVSS
5.0
EPSS Score
1.52%
Published
2001-12-07
Updated
2017-10-10
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
Max CVSS
5.0
EPSS Score
1.20%
Published
2001-11-30
Updated
2017-10-10
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.
Max CVSS
7.5
EPSS Score
1.22%
Published
2001-12-06
Updated
2017-12-19
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
Max CVSS
10.0
EPSS Score
2.83%
Published
2001-12-06
Updated
2017-10-10
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.
Max CVSS
5.0
EPSS Score
0.28%
Published
2001-08-02
Updated
2017-12-19
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148.
Max CVSS
5.0
EPSS Score
0.28%
Published
2001-08-02
Updated
2017-12-19
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices.
Max CVSS
5.0
EPSS Score
0.28%
Published
2001-08-02
Updated
2017-12-19
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters.
Max CVSS
5.0
EPSS Score
0.32%
Published
2001-08-02
Updated
2017-12-19
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type.
Max CVSS
5.0
EPSS Score
0.28%
Published
2001-08-02
Updated
2017-12-19
Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command.
Max CVSS
7.5
EPSS Score
2.75%
Published
2001-06-02
Updated
2017-10-10
Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier.
Max CVSS
10.0
EPSS Score
0.55%
Published
2001-03-12
Updated
2017-10-10
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
Max CVSS
5.0
EPSS Score
1.06%
Published
2001-02-12
Updated
2017-10-10
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
Max CVSS
5.0
EPSS Score
1.44%
Published
2001-08-20
Updated
2017-10-10
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!