CVSS: 10.0EPSS: 16%CPEs: 32EXPL: 0CVE-2010-4714
https://notcve.org/view.php?id=CVE-2010-4714
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent. Múltiples desbordamientos de búfer en Novell GroupWise en versiones anteriores a v8.02HP, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección mediante una petición POST HTTP larga en (1)gwpoa.exe en Message Transfer Agent, en (2)gwmta.exe en Message Transfer Agent, (3) gwia.exe en Internet Agent, (4) en WebAccess Agent, o en(5) Monitor Agent. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-247 https://bugzilla.novell.com/show_bug.cgi?id=627942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 48%CPEs: 32EXPL: 0CVE-2010-4713
https://notcve.org/view.php?id=CVE-2010-4713
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header. Error de signo de enteros en gwia.exe en GroupWise Agente de Internet (GWIA) en Novell GroupWise antes de v8.02HP permite a atacantes remotos ejecutar código arbitrario mediante un valor entero con signo en el encabezado Content-Type. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007154&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-241 https://bugzilla.novell.com/show_bug.cgi?id=642338 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 50%CPEs: 32EXPL: 0CVE-2010-4712
https://notcve.org/view.php?id=CVE-2010-4712
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data. Múltiples desbordamientos de búfer basado en pila en gwia.exe en GroupWise Internet Agent (GWIA)de Novell GroupWise antes de v8.02HP, permite a atacantes remotos ejecutar código de su elección a través de una cabecera Content-Type que contengan (1) varios elementos separados por ; (punto y coma) o y caracteres (2)cadena de datos hecha a mano. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-237 http://zerodayinitiative.com/advisories/ZDI-10-238 https://bugzilla.novell.com/show_bug.cgi?id=642336 https://bugzilla.novell.com/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 83%CPEs: 32EXPL: 0CVE-2010-4325 – Novell Groupwise iCal COMMENT, RRULE, TZNAME Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4325
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message. Desbordamiento de búfer en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise anterior a v8.02HP2 permite a atacantes remotos ejecutar código arbitrario a través de una variable TZID manipulada en un mensaje VCALENDAR. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. Multiple flaws exist within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When encountering a RRULE, COMMENT, or TZNAME parameter a static sized memory buffer is allocated. • http://osvdb.org/70676 http://secunia.com/advisories/43089 http://www.novell.com/support/viewContent.do?externalId=7007638&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7009212 http://www.securityfocus.com/archive/1/516002/100/0/threaded http://www.securityfocus.com/bid/46025 http://www.vupen.com/english/advisories/2011/0220 http://www.zerodayinitiative.com/advisories/ZDI-11-027 https://bugzilla.novell.com/show_bug.cgi?id=657818 https://bugzilla.novell.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 74%CPEs: 32EXPL: 0CVE-2010-4326 – Novell GroupWise Internet Agent REQUEST-STATUS Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4326
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message. Múltiples desbordamientos de búfer en gwwww1.dll en GroupWise Internet Agent de (GWIA) en Novell GroupWise anteriores a v8.02HP permite a atacantes remotos ejecutar código arbitrario a través de las variables en un mensaje VCALENDAR, como lo demuestra con variables largas (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, o (4) RRULE en este mensaje. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a REQUEST-STATUS variable it allocates up to 0xFFFF bytes for the variable's value. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007155&sliceId=1 http://www.securityfocus.com/bid/45994 http://www.vupen.com/english/advisories/2011/0219 http://www.zerodayinitiative.com/advisories/ZDI-11-025 http://zerodayinitiative.com/advisories/ZDI-10-239 http://zerodayinitiative.com/advisories/ZDI-10-240 http://zerodayinitiative.com/advisories/ZDI-10-243 https://bugzilla.novell.com/show_bug.cgi?id=642339 https://bugzil • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •