Page 7 of 39 results (0.022 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

CVE-2006-4220 – Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2006-4220

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en el webacc de Novell GroupWise WebAccess anterior a la v.7 Support Pack 3 Public Beta, que permite a atacantes remoto inyectar código web o HTML de su elección a través de los parámetros (1) User.html, (2) Error, (3) User.Theme.index, y (4) User.Lang • https://www.exploit-db.com/exploits/31095 http://secunia.com/advisories/28778 http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z http://www.osvdb.org/27531 http://www.securityfocus.com/bid/27582 http://www.securitytracker.com/id?1019302 http://www.vupen.com/english/advisories/2008/0395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

CVE-2006-3818

https://notcve.org/view.php?id=CVE-2006-3818

Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de autenticación de acceso de Novell GroupWise WebAccess 6.5 anterior al 21/07//2006 y WebAccess 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro GWAP.version. • http://secunia.com/advisories/21411 http://securitytracker.com/id?1016648 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm http://www.securityfocus.com/bid/19297 http://www.vupen.com/english/advisories/2006/3098 https://exchange.xforce.ibmcloud.com/vulnerabilities/28210 https://secure-support.novell.com/KanisaPlatform/Publishing/228/3574517_f.SAL_Public.html •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 3

CVE-2006-3817

https://notcve.org/view.php?id=CVE-2006-3817

Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Niovell GroupWise WebAccess 6.5 y 7 anterior al 27/07/2006 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un elemento SCRIPT codificado en un mensaje de correo electrónico con el juego de caracteres UTF-7, como se ha demostrado con la secuencia "+ADw-SCRIPT+AD4-". • http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html http://secunia.com/advisories/21411 http://securitytracker.com/id?1016648 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm http://www.infobyte.com.ar/adv/ISR-14.html http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public http://www.securityfocus.com/archive/1/442719/100/100/threaded http://www.securityfocus.com/bid/19297 http://www.vupen.com/eng •

CVSS: 5.0EPSS: 1%CPEs: 18EXPL: 0

CVE-2006-3268

https://notcve.org/view.php?id=CVE-2006-3268

Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. Vulnerabilidad sin especificar en la API de cliente en Novell GroupWise para Windows v5.x a v7 podría permitir a los usuarios obtener "acceso programático aleatorio" (random programmatic access) a correo electrónico de otros del misma oficina de correos. • http://secunia.com/advisories/20888 http://securitytracker.com/id?1016404 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973921.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974006.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?2974027.htm http://www.securityfocus.com/archive/1/438725/100/0/threaded http://www.securityfocus.com/bid/18716 http://www.vupen.com/english/advisories/2006/2594 https://exchange.xforce.ibmcloud.com/vulnerabilities/27 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-2620

https://notcve.org/view.php?id=CVE-2005-2620

grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. • http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html http://marc.info/?l=bugtraq&m=112431139225724&w=2 http://securitytracker.com/id?1014247 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm http://www.osvdb.org/17470 http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html http://www.securityfocus.com/bid/1399 •