Lotus Domino vulnerabilities
12 known vulnerabilities affecting lotus/domino.
Total CVEs
12
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM8LOW1
Vulnerabilities
Page 1 of 1
CVE-2000-1046P4CRITICALCVSS 10.0PoCv5.0.2av5.0.2c2000-12-11
CVE-2000-1046 [CRITICAL] CVE-2000-1046: Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attac
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
nvd
CVE-2001-0846P3CRITICALCVSS 10.0v5.0v5.0.1+12 more2001-12-06
CVE-2001-0846 [CRITICAL] CVE-2001-0846: Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the R
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
nvd
CVE-2002-2191P4MEDIUMCVSS 5.0PoCv5.0.8v5.0.9+1 more2002-12-31
CVE-2002-2191 [MEDIUM] CVE-2002-2191: Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows rem
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
nvd
CVE-2002-0245P4HIGHCVSS 7.5v5.0v5.0.1+11 more2002-05-29
CVE-2002-0245 [HIGH] CVE-2002-0245: Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physica
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
nvd
CVE-2001-1018P4MEDIUMCVSS 5.0v5.0.82001-09-20
CVE-2001-1018 [MEDIUM] CVE-2001-1018: Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the ser
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
nvd
CVE-2002-0407P4MEDIUMCVSS 5.0≤ 5.0.9a2002-07-26
CVE-2002-0407 [MEDIUM] CVE-2002-0407: htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the phys
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an err
nvd
CVE-2002-0408P4MEDIUMCVSS 5.0≤ 5.0.9a2002-07-26
CVE-2002-0408 [MEDIUM] CVE-2002-0408: htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, a
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
nvd
CVE-2001-0939P4MEDIUMCVSS 5.0v5.0v5.0.1+7 more2001-11-30
CVE-2001-0939 [MEDIUM] CVE-2001-0939: Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a Sun
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
nvd
CVE-1999-1012P4MEDIUMCVSS 5.0v4.6.11999-05-04
CVE-1999-1012 [MEDIUM] CVE-1999-1012: SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remot
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.
nvd
CVE-2001-0954P4MEDIUMCVSS 5.0v5.0.5v5.0.82001-12-07
CVE-2001-0954 [MEDIUM] CVE-2001-0954: Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.
nvd
CVE-2000-1203P4MEDIUMCVSS 5.0v4.6.1v4.6.3+9 more2001-08-20
CVE-2000-1203 [MEDIUM] CVE-2000-1203: Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
nvd
CVE-2002-0087P4LOWCVSS 2.1v5.0.72002-03-15
CVE-2002-0087 [LOW] CVE-2002-0087: bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink
bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.
nvd