CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2009-3863 – Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-3863
04 Nov 2009 — Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method. Desbordamiento de búfer en el control ActiveX gxmim1.dll en Novell Groupwise Client v7.0.3.1294 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un argumento largo al método SetFontFace. • https://www.exploit-db.com/exploits/9683 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 1CVE-2009-1634 – Novell Groupwise 8.0 Webaccess - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1634
26 May 2009 — The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. El componente WebAccess en Novell GroupWise v7.x anterior a v7.03 HP3 y v8.x anterior a v8.0 HP2 no implementa adecuadamente los mecanismos de manejo de sesión, lo que permite a atacantes remotos conseguir acceso a cuentas de usuario a través de vectores sin especificar. • https://www.exploit-db.com/exploits/33007 •
CVSS: 10.0EPSS: 68%CPEs: 12EXPL: 0CVE-2009-1636
https://notcve.org/view.php?id=CVE-2009-1636
26 May 2009 — Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. Múltiples desbordamientos de búfer en el componente the Internet Agent (tambien conocido como GWIA) en Novell GroupWise v7.x anteriores a v7.03 HP3 y v8.x anteriores v8.0 HP2 permite a atacantes remotos ejecutar código arbitrario a través de (1) una direc... • http://osvdb.org/54644 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-1635
https://notcve.org/view.php?id=CVE-2009-1635
22 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. Múltiples vulnerabil... • http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2009-1762
https://notcve.org/view.php?id=CVE-2009-1762
22 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de acceso WebAccess (también conocido como gw/webacc) en Novell GroupWise v7.x anteriores a v7.03 HP2 , permite a atacantes remotos i... • http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0274
https://notcve.org/view.php?id=CVE-2009-0274
03 Feb 2009 — Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests. Vulnerabilidad no especificada en WebAccess en Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 debería permitir a los atacantes remotos obtener información confidencial a través de una URL manipulada, en relación a la conversión de la petición POST a GET. • http://secunia.com/advisories/33744 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0272
https://notcve.org/view.php?id=CVE-2009-0272
02 Feb 2009 — Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Novell GroupWise WebAccess 6.5X, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 permite a atacantes remotos insertar reglas de correo y modificar otros ajustes de c... • http://secunia.com/advisories/33744 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0273
https://notcve.org/view.php?id=CVE-2009-0273
02 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WebAccess de GroupWise de Novell v6.5x, v7.0, v7.01, v7.02x, v7.03, v7.03HP1a y v8.0. Permite a at... • http://secunia.com/advisories/33744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 19%CPEs: 7EXPL: 1CVE-2009-0410 – Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0410
02 Feb 2009 — Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow. Error Off-by-one en el demonio SMTP en GroupWise Internet Agent (GWIA) en Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, y 8.0 que permite a los atacantes remotos ejecutar arbitrariamente código a través de una dirección larga de ... • https://www.exploit-db.com/exploits/7985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2008-3501
https://notcve.org/view.php?id=CVE-2008-3501
06 Aug 2008 — Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz simple WebAccess de Novell Groupwise 7.0.x permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30839 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •