CVSS: 10.0EPSS: 38%CPEs: 14EXPL: 1CVE-2013-0804 – Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-0804
24 Feb 2013 — The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. El cliente en Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 antes de SP1 HP1 permite a atacantes remotos ejecutar código arbitrario o causas denegación de servicios (desreferenciar puntero incorrecto) por vectores sin especificar. • https://www.exploit-db.com/exploits/38250 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 65%CPEs: 14EXPL: 1CVE-2012-0439 – Novell GroupWise gwcls1.dll ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0439
01 Feb 2013 — An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. Un control ActiveX en gwcls1.dll en el cliente de Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 SP1 antes de HP1 permite a atacantes remotos ejecutar código arbitrario a través de (1) un argumento puntero al método SetEngine o (2) un ar... • https://www.exploit-db.com/exploits/24490 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 0CVE-2012-0418
https://notcve.org/view.php?id=CVE-2012-0418
28 Sep 2012 — Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. Vulnerabilidad no especificada en el cliente Novell GroupWise v8.0 anterior a Support Pack 3 y 2012 before Support Pack 1 sobre Windows permite a atacantes remotos asistidos por usuarios locales ejecutar código de su elección a través de un fichero manipulado. • http://download.novell.com/Download?buildid=O5hTjIiMdMo~ •
CVSS: 7.5EPSS: 82%CPEs: 11EXPL: 1CVE-2012-0419 – Novell Groupwise Agents HTTP Directory Traversal
https://notcve.org/view.php?id=CVE-2012-0419
28 Sep 2012 — Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. Vulnerabilidad de salto de directorio en los interfaces del agente HTTP en Novell GroupWise v8.0 antes de Support Pac, 3 y 2012 antes de Support Pack 1, permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en una petición. • https://packetstorm.news/files/id/181042 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 1%CPEs: 11EXPL: 0CVE-2012-4912
https://notcve.org/view.php?id=CVE-2012-4912
28 Sep 2012 — Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v8.0 anterior a Support Pack 3 y 2012 before Support Pack 1 permite a atacantes remotos inyectar código web script o HTML de su... • http://download.novell.com/Download?buildid=O5hTjIiMdMo~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 11EXPL: 0CVE-2012-0417 – Novell Groupwise GWIA ber_get_stringa Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0417
28 Sep 2012 — Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on v... • http://download.novell.com/Download?buildid=O5hTjIiMdMo~ • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 4%CPEs: 4EXPL: 0CVE-2011-3827
https://notcve.org/view.php?id=CVE-2011-3827
19 Sep 2012 — The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment. El componente iCalendar en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise v8.0 anterior al Support Pack 3, permite a atacantes remotos provocar una denegación de servicio (lectura de memoria fuera de rango o caída de aplicación) a... • http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 33%CPEs: 43EXPL: 2CVE-2012-0271 – Novell Groupwise 8.0.2 HP3 and 2012 - Integer Overflow
https://notcve.org/view.php?id=CVE-2012-0271
19 Sep 2012 — Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header. Un desbordamiento de entero en el componente de consola web en gwia.exe en el Agente de Internet de GroupWise (GWIA) en Novell GroupWise v8.0 antes de v8.0.3 HP1 y 20... • https://www.exploit-db.com/exploits/21326 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0272
https://notcve.org/view.php?id=CVE-2012-0272
19 Sep 2012 — Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v8.0 anterior al Support Pack 3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "merge". • http://www.novell.com/support/kb/doc.php?id=7010368 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 43EXPL: 0CVE-2012-0410
https://notcve.org/view.php?id=CVE-2012-0410
05 Jul 2012 — Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. Una vulnerabilidad de salto de directorio en Novell GroupWise WebAccess antes de v8.03 permite a atacantes remotos leer ficheros de su elección mediante el parámetro User.interface. • http://www.novell.com/support/kb/doc.php?id=7000708 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •