CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-1087
https://notcve.org/view.php?id=CVE-2013-1087
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. Vulnerabilidad de XSS en el cliente en Novell GroupWise hasta la 8.0.3 HP3, y 2012 hasta el SP2 sobre Windows, permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML arbitrarias a través del cuerpo de un mensaje de correo electrónico. • http://www.novell.com/support/kb/doc.php?id=7012063 https://bugzilla.novell.com/show_bug.cgi?id=799673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0CVE-2013-1086
https://notcve.org/view.php?id=CVE-2013-1086
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Novell GroupWise antes de v8.0.3 HP3, y 2012 antes de SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un atributo onError • http://secunia.com/advisories/53098 http://www.novell.com/support/kb/doc.php?id=7012064 https://bugzilla.novell.com/show_bug.cgi?id=802906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 91%CPEs: 14EXPL: 1CVE-2013-0804 – Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-0804
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. El cliente en Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 antes de SP1 HP1 permite a atacantes remotos ejecutar código arbitrario o causas denegación de servicios (desreferenciar puntero incorrecto) por vectores sin especificar. • https://www.exploit-db.com/exploits/38250 http://www.novell.com/support/kb/doc.php?id=7011687 https://bugzilla.novell.com/show_bug.cgi?id=792535 https://www.htbridge.com/advisory/HTB23131 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 96%CPEs: 14EXPL: 1CVE-2012-0439 – Novell GroupWise gwcls1.dll ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0439
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. Un control ActiveX en gwcls1.dll en el cliente de Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 SP1 antes de HP1 permite a atacantes remotos ejecutar código arbitrario a través de (1) un argumento puntero al método SetEngine o (2) un argumento puntero a XPItem a un método no especificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within multiple methods exposed by gwcls1.dll. There are 20 methods which accept an XPItem pointer and perform operations on the potentially malicious pointer without validation. • https://www.exploit-db.com/exploits/24490 http://www.novell.com/support/kb/doc.php?id=7011688 http://www.zerodayinitiative.com/advisories/ZDI-13-008 https://bugzilla.novell.com/show_bug.cgi?id=712144 https://bugzilla.novell.com/show_bug.cgi?id=743674 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 12EXPL: 0CVE-2012-0418
https://notcve.org/view.php?id=CVE-2012-0418
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. Vulnerabilidad no especificada en el cliente Novell GroupWise v8.0 anterior a Support Pack 3 y 2012 before Support Pack 1 sobre Windows permite a atacantes remotos asistidos por usuarios locales ejecutar código de su elección a través de un fichero manipulado. • http://download.novell.com/Download?buildid=O5hTjIiMdMo~ http://www.novell.com/support/kb/doc.php?id=7010771 http://www.securityfocus.com/bid/55729 https://bugzilla.novell.com/show_bug.cgi?id=752521 •