CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9169
https://notcve.org/view.php?id=CVE-2016-9169
23 Mar 2017 — A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. Existe una vulnerabilidad de XSS reflejada en la consola web de Document Viewer Agent en Novell GroupWise en versiones anteriores a ... • http://www.securityfocus.com/bid/97318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2016-5760 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5760
25 Aug 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. Múltiples vulnerabilidades XSS en la consola de administrador en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencias de c... • https://packetstorm.news/files/id/138503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2016-5761 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5761
25 Aug 2016 — Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. Vulnerabilidad XSS en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de un email manipulado. Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and int... • https://packetstorm.news/files/id/138503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 14%CPEs: 5EXPL: 1CVE-2016-5762 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5762
25 Aug 2016 — Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función Post Office Agent en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 podría permitir a atacantes remotos ejecutar código arbitrario a través de (1) un nombre de usuario largo o (2) una contraseña la... • https://packetstorm.news/files/id/138503 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 0CVE-2014-0611
https://notcve.org/view.php?id=CVE-2014-0611
22 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en WebAccess en Novell GroupWise 2012 anterior a Support Pack 4 y anterior a Support Pack 2 de 2014. Permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7016653 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 19EXPL: 0CVE-2014-0610
https://notcve.org/view.php?id=CVE-2014-0610
05 Sep 2014 — The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. El cliente en Novell GroupWise anterior a 8.0.3 HP4, 2012 anterior a SP3, y 2014 anterior a SP1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero inválido) a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7015565 •
CVSS: 9.1EPSS: 5%CPEs: 1EXPL: 0CVE-2014-0600 – Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0600
26 Aug 2014 — FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. FileUploadServlet en el servicio de administración en Novell GroupWise 2014 anterior a SP1 permite a atacantes remotos leer o escribir ficheros arbitrarios a través del parámetro poLibMaintenanceFileSave, también conocido como ZDI-CAN-2287. This vulnerability allows remote attackers to obtain sensitive in... • http://www.novell.com/support/kb/doc.php?id=7015566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •