CVSS: 5.0EPSS: 64%CPEs: 43EXPL: 0CVE-2012-0410
https://notcve.org/view.php?id=CVE-2012-0410
Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. Una vulnerabilidad de salto de directorio en Novell GroupWise WebAccess antes de v8.03 permite a atacantes remotos leer ficheros de su elección mediante el parámetro User.interface. • http://www.novell.com/support/kb/doc.php?id=7000708 http://www.securitytracker.com/id?1027217 https://bugzilla.novell.com/show_bug.cgi?id=712163 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 5%CPEs: 32EXPL: 1CVE-2010-4711 – Novell Groupwise Internet Agent - IMAP 'LIST' Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-4711
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command. Vulnerabilidad de doble liberación de memoria en el componente de servidor IMAP en GroupWise Agente de Internet (GWIA) en Novell GroupWise antes de v8.02HP permite a atacantes remotos ejecutar código arbitrario mediante un parámetro largo en un comando LIST. • https://www.exploit-db.com/exploits/15463 http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-242 https://bugzilla.novell.com/show_bug.cgi?id=647519 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 50%CPEs: 32EXPL: 0CVE-2010-4712
https://notcve.org/view.php?id=CVE-2010-4712
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data. Múltiples desbordamientos de búfer basado en pila en gwia.exe en GroupWise Internet Agent (GWIA)de Novell GroupWise antes de v8.02HP, permite a atacantes remotos ejecutar código de su elección a través de una cabecera Content-Type que contengan (1) varios elementos separados por ; (punto y coma) o y caracteres (2)cadena de datos hecha a mano. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-237 http://zerodayinitiative.com/advisories/ZDI-10-238 https://bugzilla.novell.com/show_bug.cgi?id=642336 https://bugzilla.novell.com/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 52%CPEs: 32EXPL: 0CVE-2010-4713
https://notcve.org/view.php?id=CVE-2010-4713
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header. Error de signo de enteros en gwia.exe en GroupWise Agente de Internet (GWIA) en Novell GroupWise antes de v8.02HP permite a atacantes remotos ejecutar código arbitrario mediante un valor entero con signo en el encabezado Content-Type. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007154&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-241 https://bugzilla.novell.com/show_bug.cgi?id=642338 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 18%CPEs: 32EXPL: 0CVE-2010-4714
https://notcve.org/view.php?id=CVE-2010-4714
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent. Múltiples desbordamientos de búfer en Novell GroupWise en versiones anteriores a v8.02HP, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección mediante una petición POST HTTP larga en (1)gwpoa.exe en Message Transfer Agent, en (2)gwmta.exe en Message Transfer Agent, (3) gwia.exe en Internet Agent, (4) en WebAccess Agent, o en(5) Monitor Agent. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-247 https://bugzilla.novell.com/show_bug.cgi?id=627942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •