Dennis' Domino Blog

Category: IBM

(July 2010) Fixes for potential security vulnerabilities in Lotus Notes file viewers

07/27/10 20:33, by Dennis van Remortel, Categories: IBM, Lotus, security

(July 2010) Fixes for potential security vulnerabilities in Lotus Notes file viewers Flash (Alert) Abstract iDefense Labs, Secunia, and TippingPoint's Zero Day Initiative (ZDI) contacted IBM Lotus to report pot… more »

Leave a comment »

IBM WebSphere Application Server Administration Console Cross Site Scripting Vulnerability

06/24/10 08:42, by Dennis van Remortel, Categories: IBM, Websphere, security

Bugtraq ID: 39051Class: Input Validation ErrorCVE: CVE-2010-0768Remote: YesLocal: NoPublished: Mar 30 2010 12:00AMUpdated: Jun 23 2010 08:38PMCredit: IBMVulnerable:IBM Websphere Application Server 7.0 3IBM Websphere Application Server… more »

Leave a comment »

IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability

05/21/10 08:39, by Dennis van Remortel, Categories: IBM, security

Bugtraq ID: 40277 Class: Unknown CVE: CVE-2010-0777 Remote: Yes Local: No Published: May 09 2010 12:00AM Updated: May 20 2010 05:02PM Credit: Reported by the vendor Vulnerable: IBM Websphere Application Server 7.0 3… more »

Leave a comment »

Live demo: Online Workspace application

05/05/10 21:08, by Dennis van Remortel, Categories: Administration, IBM, Lotus, Development, Web, xpages

So, the application I teased about earlier is finally ready for a live demo. Because it uses a profile document to store which applications you add, it's behind a login. Username: Test Userpassword: testUrl: Workspace BetaThe app uses Xpages, SSJ… more »

Leave a comment »

Xpages and Security: Can an expert please help? OWASP and Xpages

03/04/10 10:16, by Dennis van Remortel, Categories: IBM, Lotus, Development, security

As we've all been making the move to more and more Xpages applications, I'd like to raise the point of security. We are as Domino people not know to be attacked a lot, but still I'd like to know the following (as an admin that does some design work): Wo… more »

3 comments »

Multiple IBM Products Login Page Cross Site Scripting Vulnerability

02/26/10 09:16, by Dennis van Remortel, Categories: IBM, Lotus, security

Found here:Bugtraq ID: 38412Class: Input Validation ErrorCVE: Remote: YesLocal: NoPublished: Feb 25 2010 12:00AMUpdated: Feb 25 2010 03:41PMCredit: Oren HafifVulnerable: IBM Websphere Portal 6.1.5 0 IBM Websphere Portal 6.1 3… more »

Leave a comment »

IBM Lotus Web Content Management Login Page Cross Site Scripting Vulnerability

01/15/10 21:10, by Dennis van Remortel, Categories: IBM, Lotus, security

Another vulnerability via securityfocus: Bugtraq ID: 37825 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Jan 14 2010 12:00AM Updated: Jan 15 2010 03:21PM Credit: IBM Vulnerable: IBM Lotus Web Content Managem… more »

Leave a comment »

Lotus Domino LDAP Message Remote Denial of Service Vulnerability (tested and works...)

01/15/10 08:50, by Dennis van Remortel, Categories: IBM, Lotus, security

From the security focus mailing. Please note this is a bug reported in 2006! And still isn't fixed. If you have a publicly available LDAP server, take note!Bugtraq ID: 17669Class: Failure to Handle Exceptional ConditionsCVE: Remote: Yes… more »

2 comments »

Sametime 8.5 system console installer problem

12/29/09 16:56, by Dennis van Remortel, Categories: IBM, Lotus, Sametime

I've been trying to install the sametime system console and I keep getting errors.The internet is no help as it seems noone has actually tried installing the monster yet.I've attached the XML file you can generate from the installer.The errors as r… more »

20 comments »