CVSS: 10.0EPSS: 26%CPEs: 7EXPL: 0CVE-2013-1085 – Novell GroupWise Messenger import Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1085
22 Mar 2013 — Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. Desbordamiento de búfer basado en pila en el nim: protocolo de manejo en Novell GroupWise Messenger v2.04 y anteriores, y Novell Messenger v2.1.x y v2.2.2, que permite a atacantes remotos ejecutar código arbitrario a través de un co... • http://www.novell.com/support/kb/doc.php?id=7011935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3179
https://notcve.org/view.php?id=CVE-2011-3179
08 Dec 2011 — The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command. El proceso server en Novell Messenger v2.1 y v2.2.x antes de v2.2.1 y GroupWise Messenger v2.04 y anteriores permite a atacantes remotos leer direcciones de memoria de su elección a través de comandos modificados. • http://www.novell.com/support/viewContent.do?externalId=7009634 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 71%CPEs: 3EXPL: 2CVE-2008-2703 – Novell Groupwise Messenger 2.0 Client - Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2703
13 Jun 2008 — Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. Múltiples desbordamientos de búfer en la región stack de la memoria en GroupWise Messenger (GWIM) Client de Novell anterior a versión 2.0.3 HP1 para Windows, permiten a los atacantes remotos ejecutar código arbitrario por medio de "spoofed server re... • https://www.exploit-db.com/exploits/31889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2008-2704
https://notcve.org/view.php?id=CVE-2008-2704
13 Jun 2008 — Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. GroupWise Messenger (GWIM) de Novell anterior a versión 2.0.3 Hot Parche 1, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un ID de usuario largo, que posiblemente implica una alerta emergente. NOTA: no está claro si este pro... • http://secunia.com/advisories/30576 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2006-4511
https://notcve.org/view.php?id=CVE-2006-4511
04 Oct 2006 — Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." Messenger Agents (nmma.exe) en Novell GroupWise 2.0.2 y 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición HTTP POST a puerto TCP 8300 con una parámetro val modificado, lo... • http://secunia.com/advisories/22244 •
CVSS: 10.0EPSS: 88%CPEs: 1EXPL: 2CVE-2006-0992 – Novell GroupWise Messenger Accept-Language Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-0992
13 Apr 2006 — Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Novell GroupWise Messenger. Authentication is not required to exploit this vulnerability. The specifi... • https://www.exploit-db.com/exploits/16757 •