Page 2 of 7 results (0.004 seconds)

CVSS: 10.0EPSS: 9%CPEs: 19EXPL: 0

The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. El cliente en Novell GroupWise anterior a 8.0.3 HP4, 2012 anterior a SP3, y 2014 anterior a SP1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero inválido) a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7015565 http://www.securitytracker.com/id/1030802 https://bugzilla.novell.com/show_bug.cgi?id=874533 https://exchange.xforce.ibmcloud.com/vulnerabilities/95738 •

CVSS: 7.8EPSS: 65%CPEs: 1EXPL: 0

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. FileUploadServlet en el servicio de administración en Novell GroupWise 2014 anterior a SP1 permite a atacantes remotos leer o escribir ficheros arbitrarios a través del parámetro poLibMaintenanceFileSave, también conocido como ZDI-CAN-2287. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of the poLibMaintenanceFileSave parameter within the FileUploadServlet. By abusing this flaw an attacker can disclose and destroy arbitrary files on the server and possibly leverage this information to achieve remote code execution in a subsequent attack. • http://www.novell.com/support/kb/doc.php?id=7015566 http://www.securitytracker.com/id/1030801 http://www.zerodayinitiative.com/advisories/ZDI-14-296 https://bugzilla.novell.com/show_bug.cgi?id=879192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •