CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0272
https://notcve.org/view.php?id=CVE-2009-0272
Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Novell GroupWise WebAccess 6.5X, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 permite a atacantes remotos insertar reglas de correo y modificar otros ajustes de configuración de usuarios aleatorios a través de vectores desconocidos. • http://secunia.com/advisories/33744 http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21 http://www.securityfocus.com/archive/1/500569/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2008-3501
https://notcve.org/view.php?id=CVE-2008-3501
Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz simple WebAccess de Novell Groupwise 7.0.x permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30839 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html http://www.securityfocus.com/bid/29922 http://www.securitytracker.com/id?1020359 http://www.vupen.com/english/advisories/2008/1929/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 4%CPEs: 4EXPL: 1CVE-2008-2704
https://notcve.org/view.php?id=CVE-2008-2704
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries. GroupWise Messenger (GWIM) de Novell anterior a versión 2.0.3 Hot Parche 1, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un ID de usuario largo, que posiblemente implica una alerta emergente. NOTA: no está claro si este problema cruza los límites del privilegio. • http://secunia.com/advisories/30576 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html http://www.securityfocus.com/archive/1/493964/100/0/threaded http://www.securityfocus.com/bid/29602 http://www.securitytracker.com/id?1020209 http://www.vupen.com/english/advisories/2008/1764/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42918 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 88%CPEs: 3EXPL: 2CVE-2008-2703 – Novell Groupwise Messenger 2.0 Client - Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2703
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name. Múltiples desbordamientos de búfer en la región stack de la memoria en GroupWise Messenger (GWIM) Client de Novell anterior a versión 2.0.3 HP1 para Windows, permiten a los atacantes remotos ejecutar código arbitrario por medio de "spoofed server responses" que contienen una cadena larga después del nombre del campo NM_A_SZ_TRANSACTION_ID. • https://www.exploit-db.com/exploits/31889 https://www.exploit-db.com/exploits/16814 http://secunia.com/advisories/30576 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html http://www.securityfocus.com/archive/1/493964/100/0/threaded http://www.securityfocus.com/bid/29602 http://www.securitytracker.com/id?1020209 http://www.vupen.com/english/advisories/2008/1764/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42917 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 11%CPEs: 4EXPL: 1CVE-2008-2069 – Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2069
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI. Desbordamiento de búfer en Novell GroupWise 7 permite a atacantes remotos provocar una denegación de servicio o la ejecución de código de su elección a través de un un argumento largo en una URI: mailto. • https://www.exploit-db.com/exploits/5515 http://securityreason.com/securityalert/3847 http://www.securityfocus.com/archive/1/491376/100/0/threaded http://www.securityfocus.com/archive/1/491576/100/0/threaded http://www.securityfocus.com/archive/1/491594/100/0/threaded http://www.securityfocus.com/bid/28969 http://www.securitytracker.com/id?1019942 http://www.vupen.com/english/advisories/2008/1393/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42052 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •