CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2006-4220 – Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4220
31 Dec 2006 — Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en el webacc de Novell GroupWise WebAccess anterior a la v.7 Support Pack 3 Public Beta, que permite a atacantes remoto inyectar código web o HTML de su el... • https://www.exploit-db.com/exploits/31095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 3CVE-2006-3817
https://notcve.org/view.php?id=CVE-2006-3817
11 Aug 2006 — Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Niovell GroupWise WebAccess 6.5 y 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección media... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2006-3818
https://notcve.org/view.php?id=CVE-2006-3818
11 Aug 2006 — Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de autenticación de acceso de Novell GroupWise WebAccess 6.5 anterior al 21/07//2006 y WebAccess 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de s... • http://secunia.com/advisories/21411 •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2006-3268
https://notcve.org/view.php?id=CVE-2006-3268
29 Jun 2006 — Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. Vulnerabilidad sin especificar en la API de cliente en Novell GroupWise para Windows v5.x a v7 podría permitir a los usuarios obtener "acceso programático aleatorio" (random programmatic access) a correo electrónico de otros del misma oficina de correos. • http://secunia.com/advisories/20888 •
CVSS: 9.1EPSS: 1%CPEs: 3EXPL: 0CVE-2005-2620
https://notcve.org/view.php?id=CVE-2005-2620
17 Aug 2005 — grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. • http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2005-2346
https://notcve.org/view.php?id=CVE-2005-2346
03 Aug 2005 — Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section. Desbordamiento de búfer en Cliente Novell GroupWise 6.5 permite que atacantes remotos ejecuten código arbitrario mediante un fichero de lenguaje GWVW02xx.INI con una entrada larga (como se demuestra usando un valor largo para ESO2TKS.VEW en la sección Group Task). • http://marc.info/?l=bugtraq&m=112247652532002&w=2 •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 2CVE-2005-2276 – Novell Groupwise 6.5 Webaccess - HTML Injection
https://notcve.org/view.php?id=CVE-2005-2276
26 Jul 2005 — Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag. Vulnerabilidad de secuencia de comandos en sitios cruzados en Novell Groupwise WebAccess 6.5 anterior a July 11, 2005 permite que atacantes remotos inyecten script web arbitrario o HTML mediante un mensaje de correo con un javascript codificado en un URI (e.g. "... • https://www.exploit-db.com/exploits/26001 •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2005-0296
https://notcve.org/view.php?id=CVE-2005-0296
17 Jan 2005 — NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue • http://marc.info/?l=bugtraq&m=110608203729814&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2004-2336
https://notcve.org/view.php?id=CVE-2004-2336
31 Dec 2004 — Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. • http://secunia.com/advisories/11119 •