CVSS: 9.8EPSS: 31%CPEs: 6EXPL: 1CVE-2010-2777 – Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2777
16 Jul 2010 — Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. Desbordamiento de búfer basado en pila en el componente servidor IMAP en GroupWise Internet Agent (GWIA) en Novell GroupWise v7.x anteriores a v7.0 post-SP4 FTF y v8.x anteriores a v8.0 SP2, permite a atacantes remotos ejecutar código arbitrario a través... • https://www.exploit-db.com/exploits/14379 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2009-4662
https://notcve.org/view.php?id=CVE-2009-4662
03 Mar 2010 — Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente WebAccess en Novell GroupWise v7.0 anterior a v7.03 HP4 y v8.0 anterior a v8.0 SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del par... • http://secunia.com/advisories/36746 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2009-3863 – Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-3863
04 Nov 2009 — Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method. Desbordamiento de búfer en el control ActiveX gxmim1.dll en Novell Groupwise Client v7.0.3.1294 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un argumento largo al método SetFontFace. • https://www.exploit-db.com/exploits/9683 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 1CVE-2009-1634 – Novell Groupwise 8.0 Webaccess - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1634
26 May 2009 — The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. El componente WebAccess en Novell GroupWise v7.x anterior a v7.03 HP3 y v8.x anterior a v8.0 HP2 no implementa adecuadamente los mecanismos de manejo de sesión, lo que permite a atacantes remotos conseguir acceso a cuentas de usuario a través de vectores sin especificar. • https://www.exploit-db.com/exploits/33007 •
CVSS: 10.0EPSS: 68%CPEs: 12EXPL: 0CVE-2009-1636
https://notcve.org/view.php?id=CVE-2009-1636
26 May 2009 — Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. Múltiples desbordamientos de búfer en el componente the Internet Agent (tambien conocido como GWIA) en Novell GroupWise v7.x anteriores a v7.03 HP3 y v8.x anteriores v8.0 HP2 permite a atacantes remotos ejecutar código arbitrario a través de (1) una direc... • http://osvdb.org/54644 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-1635
https://notcve.org/view.php?id=CVE-2009-1635
22 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. Múltiples vulnerabil... • http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2009-1762
https://notcve.org/view.php?id=CVE-2009-1762
22 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de acceso WebAccess (también conocido como gw/webacc) en Novell GroupWise v7.x anteriores a v7.03 HP2 , permite a atacantes remotos i... • http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0274
https://notcve.org/view.php?id=CVE-2009-0274
03 Feb 2009 — Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. Vulnerabilidad no especificada en WebAccess en Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 debería permitir a los atacantes remotos obtener información confidencial a través de una URL manipulada, en relación a la conversión de la petición POST a GET. • http://secunia.com/advisories/33744 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0272
https://notcve.org/view.php?id=CVE-2009-0272
02 Feb 2009 — Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Novell GroupWise WebAccess 6.5X, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 permite a atacantes remotos insertar reglas de correo y modificar otros ajustes de c... • http://secunia.com/advisories/33744 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0273
https://notcve.org/view.php?id=CVE-2009-0273
02 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WebAccess de GroupWise de Novell v6.5x, v7.0, v7.01, v7.02x, v7.03, v7.03HP1a y v8.0. Permite a at... • http://secunia.com/advisories/33744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •