CVSS: 10.0EPSS: 7%CPEs: 4EXPL: 0CVE-2010-4314 – Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-4314
Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. Atacantes remotos puede utilizar el plugin ActiveX del navegador web de iPrint en Novell iPrint Client en versiones anteriores a 5.42 para Windows XP/Vista/Win7 para ejecutar código desbordando el parámetro "name". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application does not properly verify the name of parameters passed via <embed> tags. • https://www.novell.com/support/kb/doc.php?id=7006675 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2779 – Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2779
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebAccess en Novell GroupWise v8.x anteriores a v8.0 SP2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un mensaje manipulado, relacionado como "replies" This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is notrequired to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell GroupwiseWebAccess user. Messages are improperly sanitized allowing client side script to be supplied to the user's web browser resulting in the user's WebAccess credentialsbeing compromised. • http://www.novell.com/support/viewContent.do?externalId=7006376&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-135 https://bugzilla.novell.com/show_bug.cgi?id=599867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2778 – Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2778
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebAccess en Novell GroupWise v7.x anteriores a v7.0 post-SP4 FTF y v8.x anteriores a v8.0 SP2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un mensaje manipulado, relativo a "Javascript XSS exploit". This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is notrequired to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell GroupwiseWebAccess user. Messages are improperly sanitized allowing client side script to be supplied to the user's web browser resulting in the user's WebAccess credentialsbeing compromised. • http://www.novell.com/support/viewContent.do?externalId=7006375&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-135 https://bugzilla.novell.com/show_bug.cgi?id=599865 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 8%CPEs: 6EXPL: 1CVE-2010-2777 – Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2777
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command. Desbordamiento de búfer basado en pila en el componente servidor IMAP en GroupWise Internet Agent (GWIA) en Novell GroupWise v7.x anteriores a v7.0 post-SP4 FTF y v8.x anteriores a v8.0 SP2, permite a atacantes remotos ejecutar código arbitrario a través de un nombre de buzón de correo largo en un comando CREATE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability. The flaw exists within the IMAP functionality included with GWIA. When provided with an overly long mailbox name to the CREATE verb, the IMAP server can be forced to overflow a buffer on the stack. • https://www.exploit-db.com/exploits/14379 http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1 http://zerodayinitiative.com/advisories/ZDI-10-129 https://bugzilla.novell.com/show_bug.cgi?id=597331 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 3%CPEs: 3EXPL: 4CVE-2010-1930 – Novell iManager - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-1930
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. Error de superación de límite (off-by-one) en Novell iManager V2.7, V2.7.3, y 2.7.3 FTF2, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un parámetro tree largo en una petición de loging sobre nps/servlet/webacc. • https://www.exploit-db.com/exploits/14010 http://secunia.com/advisories/40281 http://securitytracker.com/id?1024152 http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities http://www.exploit-db.com/exploits/14010 http://www.osvdb.org/65738 http://www.securityfocus.com/archive/1/511983/100/0/threaded http://www.securityfocus.com/bid/40485 http://www.vupen.com/english/advisories/2010/1575 https://exchange.xforce.ibmcloud.com/vulnerabilities/59695 • CWE-189: Numeric Errors •