Page 4 of 35 results (0.014 seconds)

CVSS: 10.0EPSS: 4%CPEs: 32EXPL: 1

Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command. Vulnerabilidad de doble liberación de memoria en el componente de servidor IMAP en GroupWise Agente de Internet (GWIA) en Novell GroupWise antes de v8.02HP permite a atacantes remotos ejecutar código arbitrario mediante un parámetro largo en un comando LIST. • https://www.exploit-db.com/exploits/15463 http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-242 https://bugzilla.novell.com/show_bug.cgi?id=647519 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente WebPublisher de Novell GroupWise en versiones anteriores a v8.02HP, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007158&sliceId=1 https://bugzilla.novell.com/show_bug.cgi?id=651159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 30%CPEs: 32EXPL: 2

Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command. Múltiples desbordamientos de búfer basados en pila en el componente del servidor de IMAP en GroupWise Internet Agent (GWIA) en Novell GroupWise before v8.02HP permite a atacantes remotos ejecutar código de su elección a través de una (1)LIST larga o (2) un comando LSUB. • https://www.exploit-db.com/exploits/15464 http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007157&sliceId=1 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=19&Itemid=19 https://bugzilla.novell.com/show_bug.cgi?id=635294 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 16%CPEs: 32EXPL: 0

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent. Múltiples desbordamientos de búfer en Novell GroupWise en versiones anteriores a v8.02HP, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección mediante una petición POST HTTP larga en (1)gwpoa.exe en Message Transfer Agent, en (2)gwmta.exe en Message Transfer Agent, (3) gwia.exe en Internet Agent, (4) en WebAccess Agent, o en(5) Monitor Agent. • http://www.facebook.com/note.php?note_id=477865030928 http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-247 https://bugzilla.novell.com/show_bug.cgi?id=627942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 83%CPEs: 32EXPL: 0

Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message. Desbordamiento de búfer en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise anterior a v8.02HP2 permite a atacantes remotos ejecutar código arbitrario a través de una variable TZID manipulada en un mensaje VCALENDAR. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. Multiple flaws exist within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When encountering a RRULE, COMMENT, or TZNAME parameter a static sized memory buffer is allocated. • http://osvdb.org/70676 http://secunia.com/advisories/43089 http://www.novell.com/support/viewContent.do?externalId=7007638&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7009212 http://www.securityfocus.com/archive/1/516002/100/0/threaded http://www.securityfocus.com/bid/46025 http://www.vupen.com/english/advisories/2011/0220 http://www.zerodayinitiative.com/advisories/ZDI-11-027 https://bugzilla.novell.com/show_bug.cgi?id=657818 https://bugzilla.novell.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •