CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2016-5761 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5761
25 Aug 2016 — Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. Vulnerabilidad XSS en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de un email manipulado. Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and int... • https://packetstorm.news/files/id/138503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 14%CPEs: 5EXPL: 1CVE-2016-5762 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5762
25 Aug 2016 — Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función Post Office Agent en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 podría permitir a atacantes remotos ejecutar código arbitrario a través de (1) un nombre de usuario largo o (2) una contraseña la... • https://packetstorm.news/files/id/138503 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2016-1607 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1607
25 Jul 2016 — Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. Múltiples vulnerabilidades de CSRF en la interfaz administrativa en Novell Filr en versiones anteriores a 2.0 Security Update 2 permiten a atacantes remotos secuestrar la autenticación de administradores, como se demuestra reconfi... • https://packetstorm.news/files/id/138038 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 2CVE-2016-1608 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1608
25 Jul 2016 — vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. vaconfig/time en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres shell en el parámetro ntpServer. Multiple Micro Focus Filr appliances suffer fro... • https://packetstorm.news/files/id/138038 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 2CVE-2016-1609 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1609
25 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. Múltiples vulnerabilidades de XSS en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permiten a usuarios remotos autenticados inyectar ... • https://packetstorm.news/files/id/138038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 23%CPEs: 2EXPL: 2CVE-2016-1610 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1610
25 Jul 2016 — Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name. Vulnerabilidad de salto de directorio en la característica email-template en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permite a atacantes remotos eludir restricciones destinad... • https://packetstorm.news/files/id/138038 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2016-1611 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1611
25 Jul 2016 — Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. Novell Filr 1.2 en versiones anteriores a Hot Patch 6 y 2.0 en versiones anteriores a Hot Patch 2 usa permisos de escritura universal para /etc/profile.d/vainit.sh, lo que permite a usuarios locales obtener privilegios reemplazando este contenido del archivo con comandos shell ar... • https://packetstorm.news/files/id/138038 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 6%CPEs: 8EXPL: 0CVE-2015-8919 – libarchive: Heap out of bounds read in LHA/LZH parser
https://notcve.org/view.php?id=CVE-2015-8919
14 Jul 2016 — The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. La función lha_read_file_extended_header en archive_read_support_format_lha.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (memoria dinámica fuera de rango) a través de un archivo (1) lzh o (2) lha manipulado. A vulnerability w... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8920 – libarchive: Stack out of bounds read in ar parser
https://notcve.org/view.php?id=CVE-2015-8920
14 Jul 2016 — The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. La función lha_ar_read_header en archive_read_support_format_ar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura de pila fuera de rango) a través de un archivo ar manipulado. A vulnerability was found in libarchive. A specially crafted AR archiv... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2015-8921 – libarchive: Global out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8921
14 Jul 2016 — The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función ae_strtofflags en archive_entry.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a sta... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •