CVSS: 10.0EPSS: 9%CPEs: 19EXPL: 0CVE-2014-0610
https://notcve.org/view.php?id=CVE-2014-0610
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. El cliente en Novell GroupWise anterior a 8.0.3 HP4, 2012 anterior a SP3, y 2014 anterior a SP1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero inválido) a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7015565 http://www.securitytracker.com/id/1030802 https://bugzilla.novell.com/show_bug.cgi?id=874533 https://exchange.xforce.ibmcloud.com/vulnerabilities/95738 •
CVSS: 7.8EPSS: 65%CPEs: 1EXPL: 0CVE-2014-0600 – Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0600
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. FileUploadServlet en el servicio de administración en Novell GroupWise 2014 anterior a SP1 permite a atacantes remotos leer o escribir ficheros arbitrarios a través del parámetro poLibMaintenanceFileSave, también conocido como ZDI-CAN-2287. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of the poLibMaintenanceFileSave parameter within the FileUploadServlet. By abusing this flaw an attacker can disclose and destroy arbitrary files on the server and possibly leverage this information to achieve remote code execution in a subsequent attack. • http://www.novell.com/support/kb/doc.php?id=7015566 http://www.securitytracker.com/id/1030801 http://www.zerodayinitiative.com/advisories/ZDI-14-296 https://bugzilla.novell.com/show_bug.cgi?id=879192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-1087
https://notcve.org/view.php?id=CVE-2013-1087
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. Vulnerabilidad de XSS en el cliente en Novell GroupWise hasta la 8.0.3 HP3, y 2012 hasta el SP2 sobre Windows, permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML arbitrarias a través del cuerpo de un mensaje de correo electrónico. • http://www.novell.com/support/kb/doc.php?id=7012063 https://bugzilla.novell.com/show_bug.cgi?id=799673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0CVE-2013-1086
https://notcve.org/view.php?id=CVE-2013-1086
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Novell GroupWise antes de v8.0.3 HP3, y 2012 antes de SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un atributo onError • http://secunia.com/advisories/53098 http://www.novell.com/support/kb/doc.php?id=7012064 https://bugzilla.novell.com/show_bug.cgi?id=802906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 50%CPEs: 7EXPL: 0CVE-2013-1085 – Novell GroupWise Messenger import Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1085
Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. Desbordamiento de búfer basado en pila en el nim: protocolo de manejo en Novell GroupWise Messenger v2.04 y anteriores, y Novell Messenger v2.1.x y v2.2.2, que permite a atacantes remotos ejecutar código arbitrario a través de un comando de importación que contiene una cadena larga en el parámetro de nombre de archivo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of specific commands passed to the messenger via the nim:// protocol handler. By crafting a page with a large filename parameter within an import command, a stack-based buffer overflow can be made to occur. • http://www.novell.com/support/kb/doc.php?id=7011935 http://www.zerodayinitiative.com/advisories/ZDI-13-036 https://bugzilla.novell.com/show_bug.cgi?id=777352 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •