CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3014
https://notcve.org/view.php?id=CVE-2011-3014
09 Aug 2011 — The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 no restringe apropiadamente el "cacheo" de las respuestas HTTPS, lo que facilita a atacantes remotos obtener información confidencial utilizando una est... • http://www.novell.com/support/viewContent.do?externalId=7009057 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2222
https://notcve.org/view.php?id=CVE-2011-2222
09 Aug 2011 — Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de secuestro de sesión ("session fixation") en WebAdmin de Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 permite a atacantes remotos secuestrar ("hijack") sesiones web a través de vectores sin especificar. • http://secunia.com/advisories/45527 •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3013
https://notcve.org/view.php?id=CVE-2011-3013
09 Aug 2011 — WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. WebAdmin en Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 soporta algoritmos de cifrado SSL débiles, lo que facilita a atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www.novell.com/support/viewContent.do?externalId=7009056 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2224
https://notcve.org/view.php?id=CVE-2011-2224
09 Aug 2011 — The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 no incluye la opción HTTPOnly en una cabecera Set-Cookie, lo que facilita a atacantes remotos realizar un ataque XSS a través de vectores sin especifi... • http://secunia.com/advisories/45527 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2223
https://notcve.org/view.php?id=CVE-2011-2223
09 Aug 2011 — The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 envia la contraseña Admin de LDAP en texto claro, lo que permite a atacantes remotos obtener información confidencial analizando el tráfico de red. • http://secunia.com/advisories/45527 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2221
https://notcve.org/view.php?id=CVE-2011-2221
09 Aug 2011 — The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 permite a atacantes remotos evitar la autenticación WebAdmin y obtener información confidencial GroupWise a través de vectores sin especificar. • http://secunia.com/advisories/45527 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1711
https://notcve.org/view.php?id=CVE-2011-1711
07 Jun 2011 — Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors. Vulnerabilidad no especificada en el Mobility Pack v1.1.2 y anteriores en Novell Data Synchronizer v1.0.x, y v1.1.x hasta v1.1.1 build 428, permite a usuarios remotos autenticados a acceder a las cuentas de otros usuarios a través de vectores desconocidos. • http://osvdb.org/72759 •