CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 0CVE-2007-2171 – Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2171
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. Desbordamiento de búfer basado en pila en la función base64_decode en GWINTER.exe en Novell GroupWise (GW) WebAccess anterior a 7.0 SP2 permite a atacantes remotos ejecutar código de su elección a través de un contenido grande en base64 en una respuesta HTTP Basic Authentication. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. • http://download.novell.com/Download?buildid=8RF83go0nZg~ http://download.novell.com/Download?buildid=O9ucpbS1bK0~ http://secunia.com/advisories/24944 http://securityreason.com/securityalert/2610 http://www.securityfocus.com/archive/1/466212/100/0/threaded http://www.securityfocus.com/bid/23556 http://www.securitytracker.com/id?1017932 http://www.vupen.com/english/advisories/2007/1455 http://www.zerodayinitiative.com/advisories/ZDI-07-015.html •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2006-4220 – Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4220
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en el webacc de Novell GroupWise WebAccess anterior a la v.7 Support Pack 3 Public Beta, que permite a atacantes remoto inyectar código web o HTML de su elección a través de los parámetros (1) User.html, (2) Error, (3) User.Theme.index, y (4) User.Lang • https://www.exploit-db.com/exploits/31095 http://secunia.com/advisories/28778 http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z http://www.osvdb.org/27531 http://www.securityfocus.com/bid/27582 http://www.securitytracker.com/id?1019302 http://www.vupen.com/english/advisories/2008/0395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 51%CPEs: 2EXPL: 0CVE-2006-4511
https://notcve.org/view.php?id=CVE-2006-4511
Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." Messenger Agents (nmma.exe) en Novell GroupWise 2.0.2 y 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición HTTP POST a puerto TCP 8300 con una parámetro val modificado, lo cual dispara una referencia nula relacionada con "cadenas de longitud cero en rutinas blowfish". • http://secunia.com/advisories/22244 http://securitytracker.com/id?1016974 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974452.htm http://www.idefense.com/intelligence/vulnerabilities/display.php?id=416 http://www.kb.cert.org/vuls/id/796956 http://www.securityfocus.com/bid/20316 http://www.vupen.com/english/advisories/2006/3893 https://exchange.xforce.ibmcloud.com/vulnerabilities/29319 •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2006-3818
https://notcve.org/view.php?id=CVE-2006-3818
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de autenticación de acceso de Novell GroupWise WebAccess 6.5 anterior al 21/07//2006 y WebAccess 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro GWAP.version. • http://secunia.com/advisories/21411 http://securitytracker.com/id?1016648 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm http://www.securityfocus.com/bid/19297 http://www.vupen.com/english/advisories/2006/3098 https://exchange.xforce.ibmcloud.com/vulnerabilities/28210 https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 3CVE-2006-3817
https://notcve.org/view.php?id=CVE-2006-3817
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Niovell GroupWise WebAccess 6.5 y 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un elemento SCRIPT codificado en un mensaje de correo electrónico con el juego de caracteres UTF-7, como se ha demostrado con la secuencia "+ADw-SCRIPT+AD4-". • http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html http://secunia.com/advisories/21411 http://securitytracker.com/id?1016648 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm http://www.infobyte.com.ar/adv/ISR-14.html http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public http://www.securityfocus.com/archive/1/442719/100/100/threaded http://www.securityfocus.com/bid/19297 http://www.vupen.com/eng •