Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lotus_notes_traveler
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-10-08 | CVE-2012-5309 | servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | Lotus_notes_traveler | N/A | ||
| 2012-10-08 | CVE-2012-5308 | Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action. | Lotus_notes_traveler | N/A | ||
| 2012-10-08 | CVE-2012-5307 | Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. | Lotus_notes_traveler | N/A | ||
| 2012-10-08 | CVE-2012-4825 | Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. | Lotus_notes_traveler | N/A | ||
| 2012-10-08 | CVE-2012-4824 | Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter. | Lotus_notes_traveler | N/A | ||
| 2010-12-16 | CVE-2010-4553 | An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | Lotus_notes_traveler | N/A | ||
| 2010-12-16 | CVE-2010-4552 | Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients. | Lotus_notes_traveler | N/A | ||
| 2010-12-16 | CVE-2010-4551 | IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. | Lotus_notes_traveler | N/A | ||
| 2010-12-16 | CVE-2010-4550 | IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. | Lotus_notes_traveler | N/A | ||
| 2010-12-16 | CVE-2010-4549 | IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | Lotus_notes_traveler | N/A |