CVSS: 9.3EPSS: 96%CPEs: 14EXPL: 1CVE-2012-0439 – Novell GroupWise gwcls1.dll ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0439
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. Un control ActiveX en gwcls1.dll en el cliente de Novell GroupWise v8.0 antes de v8.0.3 HP2 y 2012 SP1 antes de HP1 permite a atacantes remotos ejecutar código arbitrario a través de (1) un argumento puntero al método SetEngine o (2) un argumento puntero a XPItem a un método no especificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within multiple methods exposed by gwcls1.dll. There are 20 methods which accept an XPItem pointer and perform operations on the potentially malicious pointer without validation. • https://www.exploit-db.com/exploits/24490 http://www.novell.com/support/kb/doc.php?id=7011688 http://www.zerodayinitiative.com/advisories/ZDI-13-008 https://bugzilla.novell.com/show_bug.cgi?id=712144 https://bugzilla.novell.com/show_bug.cgi?id=743674 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2012-4912
https://notcve.org/view.php?id=CVE-2012-4912
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v8.0 anterior a Support Pack 3 y 2012 before Support Pack 1 permite a atacantes remotos inyectar código web script o HTML de su elección a través de firmas manipuladas en un email. • http://download.novell.com/Download?buildid=O5hTjIiMdMo~ http://secunia.com/advisories/50622 http://www.novell.com/support/kb/doc.php?id=7010768 http://www.securityfocus.com/bid/55814 http://www.securitytracker.com/id?1027614 https://bugzilla.novell.com/show_bug.cgi?id=702788 https://bugzilla.novell.com/show_bug.cgi? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 12EXPL: 0CVE-2012-0418
https://notcve.org/view.php?id=CVE-2012-0418
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. Vulnerabilidad no especificada en el cliente Novell GroupWise v8.0 anterior a Support Pack 3 y 2012 before Support Pack 1 sobre Windows permite a atacantes remotos asistidos por usuarios locales ejecutar código de su elección a través de un fichero manipulado. • http://download.novell.com/Download?buildid=O5hTjIiMdMo~ http://www.novell.com/support/kb/doc.php?id=7010771 http://www.securityfocus.com/bid/55729 https://bugzilla.novell.com/show_bug.cgi?id=752521 •
CVSS: 10.0EPSS: 31%CPEs: 11EXPL: 0CVE-2012-0417 – Novell Groupwise GWIA ber_get_stringa Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0417
Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The flaw exists within the Groupwise Internet Agent component, specifically the optional LDAP server which listens on tcp port 389. When parsing a BER encoded parameter the specified size is used to allocate a destination buffer. • http://download.novell.com/Download?buildid=O5hTjIiMdMo~ http://www.novell.com/support/kb/doc.php?id=7010770 http://www.securitytracker.com/id?1027599 https://bugzilla.novell.com/show_bug.cgi?id=740041 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 96%CPEs: 11EXPL: 0CVE-2012-0419 – Novell Groupwise Agents HTTP Directory Traversal
https://notcve.org/view.php?id=CVE-2012-0419
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. Vulnerabilidad de salto de directorio en los interfaces del agente HTTP en Novell GroupWise v8.0 antes de Support Pac, 3 y 2012 antes de Support Pack 1, permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en una petición. • http://archives.neohapsis.com/archives/bugtraq/2012-09/0106.html http://download.novell.com/Download?buildid=O5hTjIiMdMo~ http://seclists.org/fulldisclosure/2012/Sep/161 http://www.novell.com/support/kb/doc.php?id=7010772 https://bugzilla.novell.com/show_bug.cgi?id=756330 https://bugzilla.novell.com/show_bug.cgi?id=756924 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •