Dennis' Domino Blog

Category: security

(July 2010) Fixes for potential security vulnerabilities in Lotus Notes file viewers

07/27/10 20:33, by Dennis van Remortel, Categories: IBM, Lotus, security

(July 2010) Fixes for potential security vulnerabilities in Lotus Notes file viewers Flash (Alert) Abstract iDefense Labs, Secunia, and TippingPoint's Zero Day Initiative (ZDI) contacted IBM Lotus to report pot… more »

Leave a comment »

IBM WebSphere Application Server Administration Console Cross Site Scripting Vulnerability

06/24/10 08:42, by Dennis van Remortel, Categories: IBM, Websphere, security

Bugtraq ID: 39051Class: Input Validation ErrorCVE: CVE-2010-0768Remote: YesLocal: NoPublished: Mar 30 2010 12:00AMUpdated: Jun 23 2010 08:38PMCredit: IBMVulnerable:IBM Websphere Application Server 7.0 3IBM Websphere Application Server… more »

Leave a comment »

IBM DB2 prior to 9.7 Fix Pack 2 Multiple Security Vulnerabilities

06/01/10 10:55, by Dennis van Remortel, Categories: security

IBM DB2 prior to 9.7 Fix Pack 2 Multiple Security Vulnerabilities Bugtraq ID: 40446 Class: Unknown CVE: CVE-2010-0472 Remote: Yes Local: Yes Published: May 28 2010 12:00AM Updated: May 31 2010 03:50PM Credit: The vendor disclosed these iss… more »

Leave a comment »

IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability

05/21/10 08:39, by Dennis van Remortel, Categories: IBM, security

Bugtraq ID: 40277 Class: Unknown CVE: CVE-2010-0777 Remote: Yes Local: No Published: May 09 2010 12:00AM Updated: May 20 2010 05:02PM Credit: Reported by the vendor Vulnerable: IBM Websphere Application Server 7.0 3… more »

Leave a comment »

Xpages and Security: Can an expert please help? OWASP and Xpages

03/04/10 10:16, by Dennis van Remortel, Categories: IBM, Lotus, Development, security

As we've all been making the move to more and more Xpages applications, I'd like to raise the point of security. We are as Domino people not know to be attacked a lot, but still I'd like to know the following (as an admin that does some design work): Wo… more »

3 comments »

Multiple IBM Products Login Page Cross Site Scripting Vulnerability

02/26/10 09:16, by Dennis van Remortel, Categories: IBM, Lotus, security

Found here:Bugtraq ID: 38412Class: Input Validation ErrorCVE: Remote: YesLocal: NoPublished: Feb 25 2010 12:00AMUpdated: Feb 25 2010 03:41PMCredit: Oren HafifVulnerable: IBM Websphere Portal 6.1.5 0 IBM Websphere Portal 6.1 3… more »

Leave a comment »

IBM Lotus Web Content Management Login Page Cross Site Scripting Vulnerability

01/15/10 21:10, by Dennis van Remortel, Categories: IBM, Lotus, security

Another vulnerability via securityfocus: Bugtraq ID: 37825 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Jan 14 2010 12:00AM Updated: Jan 15 2010 03:21PM Credit: IBM Vulnerable: IBM Lotus Web Content Managem… more »

Leave a comment »

Lotus Domino LDAP Message Remote Denial of Service Vulnerability (tested and works...)

01/15/10 08:50, by Dennis van Remortel, Categories: IBM, Lotus, security

From the security focus mailing. Please note this is a bug reported in 2006! And still isn't fixed. If you have a publicly available LDAP server, take note!Bugtraq ID: 17669Class: Failure to Handle Exceptional ConditionsCVE: Remote: Yes… more »

2 comments »

BeNeLux OWASP Day 2009 - December 2nd

11/26/09 11:25, by Dennis van Remortel, Categories: Work, security

Next week, I'll be stepping out of my comfort zone and visit the BeNeLux OWASP Day 2009 with Tom. It'll be a very interesting day on subjects that I think are underestimated in a lot of companies (including our own). We do have some protection in place,… more »

Leave a comment »