CVSS: 10.0EPSS: 28%CPEs: 32EXPL: 0CVE-2010-4326 – Novell GroupWise Internet Agent REQUEST-STATUS Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4326
25 Jan 2011 — Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message. Múltiples desbordamientos de búfer en gwwww1.dll en GroupWise Internet Agent de (GWIA) en Novell GroupWise anteriores a v8.02HP permite a atacantes remotos ejecutar código arbitrario a través de las variabl... • http://www.facebook.com/note.php?note_id=477865030928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 2CVE-2007-6435
https://notcve.org/view.php?id=CVE-2007-6435
18 Dec 2007 — Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail. Desbordamiento de búfer basado en pila en Novell GroupWise anterior a 6.5.7, cuando la vista previa HTML del correo está activada, permite a un atacante remoto con la intervención de un usuario ejecutar código de su elección a través de un atributo SRC l... • http://osvdb.org/40870 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2006-3268
https://notcve.org/view.php?id=CVE-2006-3268
29 Jun 2006 — Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. Vulnerabilidad sin especificar en la API de cliente en Novell GroupWise para Windows v5.x a v7 podría permitir a los usuarios obtener "acceso programático aleatorio" (random programmatic access) a correo electrónico de otros del misma oficina de correos. • http://secunia.com/advisories/20888 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1551
https://notcve.org/view.php?id=CVE-2003-1551
31 Dec 2003 — Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." • http://secunia.com/advisories/8133 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0341
https://notcve.org/view.php?id=CVE-2002-0341
03 May 2002 — GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. • http://marc.info/?l=bugtraq&m=101494830315071&w=2 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 2CVE-2001-1195 – Novell Groupwise 5.5/6.0 Servlet Gateway - Default Authentication
https://notcve.org/view.php?id=CVE-2001-1195
15 Dec 2001 — Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. • https://www.exploit-db.com/exploits/21182 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2001-1458
https://notcve.org/view.php?id=CVE-2001-1458
15 Oct 2001 — Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. • http://online.securityfocus.com/archive/1/220667 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2001-1231
https://notcve.org/view.php?id=CVE-2001-1231
14 Aug 2001 — GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix. • http://support.novell.com/padlock/details.htm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2001-1232
https://notcve.org/view.php?id=CVE-2001-1232
14 Aug 2001 — GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". • http://www.securityfocus.com/archive/1/204875 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2001-1233
https://notcve.org/view.php?id=CVE-2001-1233
14 Aug 2001 — Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm. • http://www.securityfocus.com/archive/1/204875 •